A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective?
A.
Performing software composition analysis
B.
Requiring multifactor authentication
C.
Establishing coding standards and monitoring for compliance
D.
Implementing a robust unit and regression-testing scheme
o SCA is a process that identifies and analyzes third-party components (like open-source libraries) used in an application. This allows developers to:
Identify vulnerabilities: SCA tools can scan these components against known vulnerability databases, highlighting potential security risks.
Check license compliance: It can also verify that the licenses used for third-party components are compatible with the project's requirements.
Manage dependencies: SCA provides visibility into all the dependencies within an application, helping teams understand the potential risks associated with each.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Steel16
1 week, 2 days agoServerBrain
7 months, 2 weeks ago