A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being
internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The
CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability,
and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?
A.
Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.
B.
Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.
C.
Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
D.
Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.