Your organization has identified a security vulnerability in an internally developed application. After performing a risk assessment, it is determined that the cost of remediation exceeds the potential impact of the vulnerability being exploited. Additionally, there is no immediate threat or known exploit for this vulnerability. What is the MOST appropriate risk management response in this scenario?
Patch the vulnerability immediately regardless of the remediation costs.
Formally accept the risk and monitor for changes in the threat landscape.
Schedule the patch to be included in the next release cycle without additional review.
Transfer the risk by outsourcing the application component to a third-party vendor.