An organization has discovered a recurring problem with unsecure code being released into production. Which of the following is the information security manager action?
An organization has discovered a recurring problem with unsecure code being released into production. Which of the following is the information security manager action?
When unsecure code is being released into production, it is essential to ensure that the people writing the code do not have the ability to deploy it directly to production. Implementing segregation of duties between development and production can help prevent unsecure code from being released by ensuring that developers and operations teams follow separate and distinct roles. This helps introduce a system of checks and balances, reducing the likelihood of mistakes or unsecure code being deployed.
I go for A, since there is a conflict of interests, if developers are tasked to release codes into the production environment. They may skip testing or perform test cases that are easy to pass to lessen potential workload regarding fixes or identified bugs. I see why people choose D, since releasing softwarecode is into the production environment is part of the change management process. But in this case, answer A is just more precise to tackle the problem.
D. Review existing change management processes.
D. Review existing change management processes.