A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all
common web-based development frameworks are susceptible to attack. Proof-of- concept details have
emerged on the Internet. A security advisor within a company has been asked to provide recommendations on
how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor
should respond?

A.
Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data.
Attempt to exploit via the proof-of-concept code. Consider remediation options.

B.
Hire an independent security consulting agency to perform a penetration test of the web servers. Advise
management of any `high’ or `critical’ penetration test findings and put forward recommendations for
mitigation.

C.
Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to
wait until the news has been independently verified by software vendors providing the web application
software.

D.
Notify all customers about the threat to their hosted data. Bring the web servers down into “maintenance
mode” until the vulnerability can be reliably mitigated through a vendor patch.