An organization has had component integration related vulnerabilities exploited in consecutive
releases of the software it hosts. The only reason the company was able to identify the
compromises was because of a correlation of slow server performance and an attentive security
analyst noticing unusual outbound network activity from the application servers. End-to-end
management of the development process is the responsibility of the applications development
manager and testing is done by various teams of programmers. Which of the following will MOST
likely reduce the likelihood of similar incidents?

A.
Conduct monthly audits to verify that application modifications do not introduce new
vulnerabilities.

B.
Implement a peer code review requirement prior to releasing code into production.

C.
Follow secure coding practices to minimize the likelihood of creating vulnerable applications.

D.
Establish cross-functional planning and testing requirements for software development
activities.