CISA Certified Information Systems Auditor – Question2992

The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software?

A.
Rewrite the patches and apply them
B. Code review and application of available patches
C. Develop in-house patches
D. identify and test suitable patches before applying them

Correct Answer: D

Explanation:

Explanation:
Suitable patches from the existing developers should be selected and tested before applying them. Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches.