CompTIA SecurityX (CAS-005) — Question 195

A company needs to define a new road map for improving secure coding practices in the software development life cycle and implementing better security standards. Which of the following is the best way for the company to achieve this goal?

Answer options

• A. Performing a Software Assurance Maturity Model assessment and generating a road map as a final result
• B. Conducting a threat-modeling exercise for the main applications and developing a road map based on the necessary security implementations
• C. Developing a new road map, including secure coding best practices, based on the security area road map and annual goals defined by the Chief Information Security Officer
• D. Using the best practices in the OWASP secure coding manual to define a new road map

Correct answer: A

Explanation

The correct answer is A because a Software Assurance Maturity Model assessment provides a comprehensive evaluation of current practices and facilitates the creation of a tailored road map for improvement. Options B and C focus on specific areas but do not encompass the overall maturity assessment necessary for a complete strategy. Option D, while useful, is limited to OWASP practices and does not provide a holistic view of the company's secure coding needs.