A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex
vulnerabilities that may exist in a payment system being internally developed. The payment system being
developed will be sold to a number of organizations and is in direct competition with another leading product.
The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the
competition in terms of the product’s reliability, stability, and performance. Which of the following would provide
the MOST thorough testing and satisfy the CEO’s requirements?
A.
Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for
random testing.
B.
Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address
all findings.
C.
Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address
all findings.
D.
Use the most qualified and senior developers on the project to perform a variety of White box testing and
code reviews.