Your organization is hiring an offshore vendor to build a new customer portal. Senior leadership wants to minimize long-term security risk and be certain the delivered application is free of critical vulnerabilities before it is placed into production. From a contracting perspective, which requirement would MOST effectively meet this goal and provide measurable assurance to the security team?
Establishing financial penalties for any security vulnerabilities discovered post-delivery
Including security requirements in the acceptance criteria with independent verification
Mandating the use of specific development frameworks and programming languages
Requiring developers to have security certifications like CISSP or CEH
The correct answer is including security requirements in the acceptance criteria with independent verification. Clear, testable security acceptance criteria make security a pre-condition for delivery, and having an external or customer-chosen team verify those criteria provides objective assurance that the code meets the requirements. Mandating particular languages or frameworks can reduce some classes of flaws but cannot guarantee secure implementation. Requiring developer certifications only attests to individual knowledge, not to the security of the delivered product. Financial penalties applied after vulnerabilities are found are reactive and do not prevent insecure code from reaching production.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is independent verification important in ensuring secure code?
Open an interactive chat with Bash
How do acceptance criteria with security requirements improve software quality?
Open an interactive chat with Bash
Why aren't certifications like CISSP or CEH sufficient for ensuring secure code?
Open an interactive chat with Bash
ISC2 CISSP
Software Development Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .