ISC2 CISSP Practice Question

The correct answer is Building software to be resilient against attacks and failure. The 'Rugged Software' or 'Rugged DevOps' philosophy focuses on developing software that is inherently secure and resilient. The core idea is that code will be attacked and used in unintended ways, so it must be built to be survivable, defensible, and secure from the start. This involves creating software that can withstand and adapt to threats and failures, making resilience a primary goal.

Adopting a strict, sequential development model to minimize errors is incorrect. Rugged principles are often associated with agile and DevOps methodologies, which are iterative, not strict and sequential like the Waterfall model. The focus is on continuous improvement and adaptation, not rigid, unchangeable plans.

Focusing primarily on rapid feature delivery with security addressed by a separate team is incorrect. This describes a traditional, siloed approach that the Rugged and DevSecOps movements aim to replace. A core tenet of Rugged is integrating security into the development process and making it a shared responsibility, not isolating it.

Developing applications that can withstand deployment in harsh physical environments is incorrect. This is a literal interpretation of the word 'rugged'. In the context of software development, 'Rugged' refers to security and resilience against cyber threats and operational failures, not physical conditions.