P.4 Discover vulnerabilities

Use automated and manual vulnerability discovery techniques to identify previously-undisclosed vulnerabilities in in-house and third-party code, including AI models.

Controls

P.4.1 Security code review

Detect security vulnerabilities introduced during architecture, design, and source code creation including those injected with malicious intent

P.4.2 Automated security scanning tools

Choose tools to efficiently discover previously-undetected vulnerabilities

P.4.3 Automated vulnerability detection

Detect vulnerabilities before deployment through the use of automated tools to reduce the window of opportunity for attackers.

P.4.4 Executable security testing

Discover vulnerabilities only detected through executable testing

P.4.5 Regular third-party compliance

Identify increased security risk of third-party and open-source components