Effective CISSP Questions

An aircraft manufacturer is suffering a harsh situation that two aircraft crashed, causing hundreds of deaths, because of the defect of the flight control software system outsourced to the offshore software vendor. As a security professional, which of the following is the best to improve the software quality to avoid this tragedy?
A. Code review
B. Regression testing
C. Formal inspection
D. Agile testing

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Formal inspection.

The distinction between review and inspection is that a review can be conducted in all kinds of different ways, whereas an inspection is a structured and regulated process for determining if an entity contains defects or not. There is a very rigid process in conducting a formal inspection.

Code review can be formal, but it’s often informal (pair programming or peer review), while a formal inspection is always formal and rigid (Fagan inspection).





Leave a Reply