A new web application system was purchased from a vendor and configured by the internal
development team. Before the web application system was moved into production, a vulnerability
assessment was conducted. A review of the vulnerability assessment report indicated that the
testing team discovered a minor security issue with the configuration of the web application. The
security issue should be reported to:
A.
CISO immediately in an exception report.
B.
Users of the new web application system.
C.
The vendor who supplied the web application system.
D.
Team lead in a weekly report.