An IT team discovered a partner-provided library containing hidden code that gathered sensitive data. Which measure reduces the chance of similar problems in the future?
Postpone code reviews until a spike in traffic is observed
Apply library updates based on an identified issue
Perform a review with a static analysis tool before integrating new external code
Depend on the external provider’s statement that the library is malware-free
Performing a scan with a static analysis tool identifies harmful content before deployment. Trusting a statement from an external provider allows issues to remain undetected. Delaying reviews until a spike in traffic or updating the library after an issue is seen does not proactively address potential threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a static analysis tool?
Open an interactive chat with Bash
Why is trusting a provider’s statement about malware not sufficient?
Open an interactive chat with Bash
How does scanning code before integration reduce risks?