Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
Peer review and approval involves having other developers examine the code before it is integrated into the main project. This process helps to identify and prevent the introduction of malicious code, ensures adherence to coding standards, and maintains the integrity of the development process. Peer reviews offer an additional layer of oversight that is critical for detecting potential security threats from insiders.
Correct Answer: D Peer review and approval is a practice that involves having other developers or experts review the code before it is deployed or released. Peer review and approval can help detect and prevent malicious code, errors, bugs, vulnerabilities, and poor quality in the development process. Peer review and approval can also enforce coding standards, best practices, and compliance requirements. Peer review and approval can be done manually or with the help of tools, such as code analysis, code review, and code signing. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 543 2
D. Peer review and approval