A new product does not display personally identifiable information, will not let private documents be printed, and requires elevation of privilege to retrieve archive documents. Which secure coding practice is this describing?

Using a web-based common vulnerability scoring system (CVSS) calculator, a security response team

member performed an assessment on a reported vulnerability in the company's claims intake component. The

base score of the vulnerability was 3.5 and changed to 5.9 after adjusting temporal and environmental metrics.

Which rating would CVSS assign this vulnerability?

Which privacy impact statement requirement type defines how personal information will be protected when authorized or independent external entities are involved?

Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required?

Which secure coding best practice says to use well-vetted algorithms to ensure that the application uses random identifiers, that identifiers are appropriately restricted to the application, and that user processes are fully terminated on logout?