The correct answer is integrating security activities throughout all phases of development. This shift-left approach embeds threat modeling, secure coding, and security testing early and continuously, so vulnerabilities are discovered when they are cheapest and least disruptive to fix.
Conducting a thorough penetration test just before release is useful but finds only a sample of issues late in the process, when remediation is costly.
Adding a dedicated security review after development reflects an outdated waterfall gate; the fixes it uncovers often require re-work or are waived to meet deadlines.
Implementing extensive security monitoring in production is reactive. While monitoring is essential for detection and response, it cannot prevent insecure code from being created; it must complement-not replace-secure development activities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'shift-left' security mean in software development?
Open an interactive chat with Bash
How can organizations successfully integrate security activities throughout all phases of development?
Open an interactive chat with Bash
What are the limits of conducting penetration tests and how do they fit into the SDLC?
Open an interactive chat with Bash
ISC2 CISSP
Software Development Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access