In many cases, our approach to mitigating the risks of acquired software will begin with an assessment of the vendor.
A key element in assessing the security of acquired software is, rather obviously, its performance on an internal assessment.
剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:8.14 评估外部获取软件的安全性