A security analyst discovers a minor, non-critical vulnerability in a production web application's login form. The development team has already created a patch to fix the issue. According to security best practices, what is the MOST appropriate next step for deploying this patch?
Deploy the patch directly to the production server to resolve the vulnerability immediately.
Initiate a new Software Development Lifecycle (SDLC) to manage the patch development and deployment.
Activate the incident response plan because a security vulnerability was discovered.
Submit the patch for review, testing, and approval through the formal change management process.
The correct procedure is to submit the patch to the organization's formal change management process. This ensures the change is properly documented, tested, approved, and scheduled for deployment in a controlled manner, minimizing the risk of introducing new issues or causing an outage. Deploying directly to production is risky and bypasses critical security checks. While the issue is a vulnerability, initiating a full incident response plan is typically reserved for active breaches or more critical threats, not for the standard deployment of a patch for a minor flaw. Starting a completely new SDLC is unnecessary overhead for a patch, as patching is part of the maintenance phase of the existing lifecycle and is governed by change control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are change management procedures?
Open an interactive chat with Bash
Why is it important to maintain the integrity of a deployed system?
Open an interactive chat with Bash
What happens if change management procedures are not followed?