Exam CISSP topic 1 question 141 discussion

I think the answer is "B" and here's why: Development Stage The development stage is the part where developers actually write code and build the application according to the earlier design documents and outlined specifications. This is where Static Application Security Testing or SAST tools come into play. Product program code is built per the design document specifications. In theory, all of the prior planning and outlined should make the actual development phase relatively straightforward. Developers will follow any coding guidelines as defined by the organization and utilize different tools such as compilers, debuggers, and interpreters. I thought of "C" - Testing phase - but the question says Which of the following is the FIRST?

As we pivot from blueprint to build, static code analysis evolves into a daily routine. Within the development phase, it turns into a meticulous overseer, scrutinizing every new line of code for deviations from the set path.

B. Development .....it starts at the Development stage even though it mostly happens in the testing phase.

it is development, you may see it also as testing at the same time

C. Test phase: "Assessments entail the performance of functional testing: unit testing, code quality testing, integration testing, system testing, security testing, performance testing and acceptance testing, as well as nonfunctional testing. If a defect is identified, developers are notified. Validated (actual) defects are resolved, and a new version of the software is produced. The best method for ensuring that all tests are run regularly and reliably, is to implement automated testing. " So automated testing is a keyword and security. https://www.synopsys.com/glossary/what-is-sdlc.html

Answer B: SDLC 6 stages : 1-Planning & Analysis 2-Design 3- Development 4-Testing 5- Deployment 6- Maintenance so based on the provided scenario will fall in to Development SDLC stage

Correct answer is C. Development is not a phase in SDLC. The SDLC phases are: Requirements analysis/Design/Implementation/Testing/Evolution

Code review by developers is part of the Development Phase https://resources.infosecinstitute.com/topic/secure-code-review-practical-approach/#:~:text=In%20the%20SDLC%20(Software%20Development,the%20code%20review%2C%20or%20both.

the FIRST appearance

it shall start already in Design phase

should be C, test environment for auto code review