It is necessary to ensure that software packages that financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation acquire and develop are effectively and securely integrated into the existing ICT environment, in accordance with established business and information security objectives. Financial entitiesas defined in Article 2, points (a) to (t) should therefore thoroughly evaluate such software packages. For that purpose, and to identify vulnerabilitiesmeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited; and potential security gaps within both software packages and the broader ICT systems, financial entitiesas defined in Article 2, points (a) to (t) should carry out ICT security testing. To assess the integrity of the software and to ensure that the use of that software does not pose ICT security risks, financial entitiesas defined in Article 2, points (a) to (t) should also review source codes of software acquired, including, where feasible, of proprietary software provided by ICT third-party service providersmeans an undertaking providing ICT services;, using both static and dynamic testing methods.