Chapter 12: Software Development Security
-
1. A. Waterfall continues to be useful in complex software development efforts where requirements are well documented and careful planning is required. Spiral would fit better if risks were likely to change during the development effort, whereas Agile Scrum is well suited to changing requirements. Rapid Application Development’s prototype model is not a good fit for controlling a nuclear reactor!
-
2. D. During the rework stage of Fagan inspection, issues may be identified that require the process to return to the planning stage and then proceed back through the remaining stages to re-review the code.
-
3. B. Adam is conducting static code analysis by reviewing the source code. Dynamic code analysis requires running the program, and both mutation testing and fuzzing are types of dynamic analysis.
-
4. B. Sam is conducting a regression test, which verifies that changes have not introduced new issues to his application. Code review...