A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are
susceptible to attack. Proof-of- concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on
how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

A.
Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider
remediation options.

B.
Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any `high’ or `critical’ penetration test
findings and put forward recommendations for mitigation.

C.
Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by
software vendors providing the web application software.

D.
Notify all customers about the threat to their hosted data. Bring the web servers down into “maintenance mode” until the vulnerability can be reliably mitigated
through a vendor patch.