Mechanisms exist to require system developers and integrators to create and execute a Security Test and Evaluation (ST&E) plan to identify and remediate flaws during development.
Does the organization require system developers and integrators to create and execute a Security Test and Evaluation (ST&E) plan to identify and remediate flaws during development?