Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
A. Executive summary of the penetration-testing methods used
B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
C. Quantitative impact assessments given a successful software compromise
D. Code context for instances of unsafe type-casting operations
