How would you approach assessing the security of a new software application before its launch at Commonwealth Bank of Australia?