ISC2 CISSP Practice Question

The correct answer is Building software to be resilient against attacks and failure. The "rugged software" philosophy focuses on developing software that is resilient against both attacks and failure. It emphasizes building software that can defend itself, recover from failure, and adapt to changing threats. Rugged software development cultivates a culture of security awareness and continuous improvement, teaching developers to anticipate and mitigate threats throughout the development process.

Developing applications that can withstand deployment in harsh physical environments is incorrect because although "rugged" might imply physical durability, the rugged software philosophy is specifically about security and resilience to attacks, not physical environmental conditions. This misinterprets the term in a software security context.

Creating software that includes as many security features as possible is incorrect because rugged software isn't about maximizing the number of security features, but rather about building fundamental resilience and security into the core of the application. Quality and appropriateness of security controls matter more than quantity.

Focusing exclusively on performance optimization is incorrect because while performance is important, the rugged software philosophy does not focus exclusively on performance optimization. Security and resilience are the primary focuses, with performance being just one of many considerations.