The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software? 
A、Rewrite the patches and apply them 
B、Code review and application of available patches 
C、Develop in-house patches 
D、Identify and test suitable patches before applying them