Exam CISSP topic 1 question 258 discussion

It is A OWASP Secure Code Review Guide page 23 states the following: Who Should Perform Secure Code ReviewsSome organizations assume secure code review can be a job for a security or risk-analysis team member. How-ever all developers need to understand the exposure points of their applications and what threats exist for theirapplications.Many companies have security teams that do not have members with coding backgrounds, which can makeinteractions with development teams challenging. Because of this development teams are usually skeptical ofsecurity input and guidance. Security teams are usually willing to slow things down to ensure confidentialityand integrity controls are in place while developers are face with pressure from business units they support tocreate and update code as quickly as possible."

A. Protecting

A. Protecting Consistently written and well-documented code makes it easier to review and audit for security vulnerabilities and compliance with security standards and best practices. It helps protect the application against potential security threats and risks.

C is the anwer The Security Software Development Life Cycle (SDLC) expects consistent code to allow ease of auditing and enhancing, option C. Consistent, standardized code makes it easier to maintain, update, modify, and add new functionality to an application over time. This matches enhancing. Protecting, copying, and executing code are not directly enabled by consistent coding. Though protection may be an indirect benefit. A key goal of disciplined secure SDLC processes is to produce uniform code that is straightforward to audit for security and quality while also positioning the application to be enhanced with new features over time. Therefore, enhancing is the secondary goal, along with auditing, that consistent code practices aim to achieve. This makes option C correct.

The Security Software Development Life Cycle (SDLC) expects application code to be written in a consistent manner to allow ease of auditing and enhancing1. This is because writing code consistently helps with code readability, maintainability, and ease of auditing.

Vote for C. Enhancing. When a new or better programming style / technique / methodology was found, it is easier to search the entire program and change them (Find and replace) if the codes are consistent.

Security Software Development Life Cycle (SDLC) expects application code to be written in a consistent manner to allow ease of auditing and protecting the integrity of the code, the application, and the data it handles. This includes following a consistent process for code development, testing, and deployment, using secure coding practices and guidelines, and implementing appropriate security controls and monitoring mechanisms. B. Copying, C. Enhancing and D. executing are not the correct answer in this context as the Security Software Development Life Cycle (SDLC) is a process, not an action.

Can someone elaborate please and put a reference?

When the code is consistent, it's easier to understand and test.