Failure to include information security requirements within the build/buy decision would MOST likely result in the need for:

A. compensating controls in the operational environment.
B. commercial product compliance with corporate standards.
C. more stringent source programming standards.
D. security scanning of operational platforms.