Which statement best describes SSDLC's purpose?

Prepare for the ISSAP Exam with challenging questions and insights. Enhance your understanding using flashcards and detailed explanations. Master your skills for success!

Multiple Choice

Which statement best describes SSDLC's purpose?

Explanation:
SSDLC aims to embed security into each phase of software development, from the initial requirements through deployment and ongoing maintenance. This means capturing security requirements and performing threat modeling early, designing with defense-in-depth, applying secure coding standards during implementation, and conducting thorough verification—static and dynamic analysis, vulnerability testing, and penetration testing—before release. It also covers secure deployment practices and ongoing vulnerability management to address new threats after go-live. The other options are too narrow: focusing only on testing misses security in planning and design, while concentrating only on secure coding neglects verification and maintenance, and replacing governance is not what SSDLC is about.

SSDLC aims to embed security into each phase of software development, from the initial requirements through deployment and ongoing maintenance. This means capturing security requirements and performing threat modeling early, designing with defense-in-depth, applying secure coding standards during implementation, and conducting thorough verification—static and dynamic analysis, vulnerability testing, and penetration testing—before release. It also covers secure deployment practices and ongoing vulnerability management to address new threats after go-live. The other options are too narrow: focusing only on testing misses security in planning and design, while concentrating only on secure coding neglects verification and maintenance, and replacing governance is not what SSDLC is about.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy