What action should an organization take to BEST evaluate and mitigate the risk of introducing vulnerabilities into its IT infrastructure when acquiring a security-critical application from a software provider?
Select a vendor with a proven track record of reliability in partnerships with similar organizations.
Include contract terms that ensure the provider gives security assurances and liability coverage for breaches.
Gain access to the source code to conduct independent audits regularly.
Review the software provider's software development life cycle (SDLC) practices for security integration.