You are in charge of a new software development project. During a project team meeting, one of the developers expresses concerns about potential security vulnerabilities arising from outdated third-party libraries. What should you do FIRST as part of the 'Identify Risks' process?
Place the demand in the backlog until security testing can be done.
Advise the developer to upgrade the library and submit a code change request.
Document the concerns as risks, including their nature and potential impact on the project.
Replace all outdated third-party libraries.