Exam SY0-601 topic 1 question 48 discussion

GREATEST security concern would be unknown backdoor

A- Intellectual Property Theft: I'm guessing by that point a legal contract is already on ground to mitigate such an issue. Unknown Backdoor, in my opinion, is equivalent to a zero-day attack. You have no idea if these contractors knowingly or unknowingly but a backdoor in your code Quality Assurance: I'm guessing that's why you hired them in the first place because you know they deliver quality service.

The GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility of an unknown backdoor being introduced into the code. An unknown backdoor refers to unauthorized access points deliberately inserted into the software without the knowledge or consent of the organization. When outsourcing code development, the organization has less direct control over the development process and may not have full visibility into the contractor's practices. This lack of oversight could potentially lead to the inclusion of hidden backdoors, which can be exploited by malicious actors to gain unauthorized access to the application and its data.

While intellectual property theft, elevated privileges, and quality assurance are all important considerations when outsourcing code development, the presence of an unknown backdoor poses the greatest security risk. An unknown backdoor is a hidden entry point or vulnerability intentionally or unintentionally inserted into the code by a malicious or compromised developer. It can provide unauthorized access to the application or its underlying systems, allowing attackers to exploit the application's functionality or compromise sensitive data. An unknown backdoor can be difficult to detect and may remain undetected for an extended period, allowing attackers to maintain persistent access and potentially exploit the application or compromise the organization's systems or data. It can bypass security controls and enable unauthorized actions, posing a significant risk to the security and integrity of the internet-facing application.

The greatest security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility of an unknown backdoor. This is because a contractor may intentionally or unintentionally insert malicious code into the application that could compromise the security and privacy of user data and the organization's systems. This risk is elevated if the contractor is not fully vetted, or if the organization does not have adequate safeguards in place to ensure the security and integrity of the codebase. To mitigate this risk, the organization should have strict security policies and procedures in place for outsourcing, including background checks for contractors, code review and testing procedures, and continuous monitoring and incident response processes.

C. I think Unknown Backdoors would be the GREATEST security concern is the best answer. I do believe D is very good answer because that would be the first step in risk assessment and mitigation is Quality Assurance.

google

GREATEST security concern - for me this would be C - Unknown Backdoor

If you're outsourcing dev work, you probably have a contract with a legit company and you had probably also reviewed their documents and AOC's and stuff. Without good QA, there could be a purposeful OR unintended backdoor in the application if somebody was an incompetent developer With good QA, ideally they would be doing automated security testing to look for a backdoor in the program.