5d • 🙋♂️ CISSP
CISSP Practice Question (Domain 8: Software Development Security)
A development team integrates a third-party open-source library that processes customer PII. Six months later, a critical vulnerability is disclosed in that library. The vendor has not released a patch. Business stakeholders resist removing the library because it powers a revenue-generating feature. What is the MOST appropriate action?
A. Implement compensating controls around the vulnerable component and document the accepted risk
B. Fork the library and develop an internal patch
C. Escalate to the risk owner for a formal risk acceptance decision
D. Immediately remove the library and disable the affected feature
Come back for the answer tomorrow, or study more now!
0
17 comments
CISSP Practice Question (Domain 8: Software Development Security)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+42
2
+32
3
+29
4
+29
5
+27
Powered by