The correct answer is integrating security activities throughout all phases of development because it embodies the "shift-left" security approach, where security is considered from the very beginning and continuously throughout development. This approach helps identify and address vulnerabilities earlier when they are less expensive to fix and prevents security from becoming a bottleneck at the end of development.
Conducting a thorough penetration test before release is important but insufficient on its own. If this is the only security measure, many vulnerabilities will only be discovered late in the development process, making them more expensive and difficult to fix. This represents a "bolt-on" rather than "built-in" security approach.
**Adding a security review phase after development is complete **represents a traditional waterfall approach to security that has proven ineffective. It often leads to significant rework when security issues are found, delays in release, or security concerns being bypassed to meet deadlines.
Implementing extensive security monitoring in production is a reactive approach that focuses on detecting breaches after they occur rather than preventing them during development. While monitoring is important, it should complement, not replace, security activities during development.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'shift-left' security mean in software development?
Open an interactive chat with Bash
How can organizations successfully integrate security activities throughout all phases of development?
Open an interactive chat with Bash
What are the limits of conducting penetration tests and how do they fit into the SDLC?
Open an interactive chat with Bash
ISC2 CISSP
Software Development Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access