An IT team discovered a partner-provided library containing hidden code that gathered sensitive data. Which measure reduces the chance of similar problems in the future?
Perform a review with a static analysis tool before integrating new external code
Depend on the external provider’s statement that the library is malware-free
Apply library updates based on an identified issue
Postpone code reviews until a spike in traffic is observed
Performing a scan with a static analysis tool identifies harmful content before deployment. Trusting a statement from an external provider allows issues to remain undetected. Delaying reviews until a spike in traffic or updating the library after an issue is seen does not proactively address potential threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a static analysis tool?
Open an interactive chat with Bash
Why isn't trusting the external provider's statement a good security practice?
Open an interactive chat with Bash
How does delaying code reviews or applying updates after issues arise increase risks?