A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:
Which of the following MOST appropriate corrective action to document for this finding?
The product owner should perform a business impact assessment regarding the ability to implement a WAF.
The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.
The system administrator should evaluate dependencies and perform upgrade as necessary.
The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.
Submit