Which item describes when testing is complete in a security test plan?

Testing is considered complete when the exit criteria are met. The plan defines these criteria to specify exactly when to stop testing and proceed, covering things like achieving the required test coverage, meeting acceptable defect thresholds (such as no critical defects outstanding or a defined residual defect rate), and obtaining stakeholder approval to accept the risk. It also includes completing the required deliverables. Entry criteria, by contrast, specify what must be true to begin testing (for example, a ready build and a prepared test environment). Factors like how long testing runs, how many developers are on the team, or the project budget influence how testing is done, but they do not in themselves determine when testing is finished.