CompTIA CASP+ (CAS-004) — Question 337

A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

Answer options

• A. Collect proof that the exploit works in order to expedite the process.
• B. Publish proof-of-concept exploit code on a personal blog.
• C. Recommend legal consultation about the process.
• D. Visit a bug bounty website for the latest information.

Correct answer: C

Explanation

The correct answer is C because obtaining legal consultation is crucial to ensure that the researcher follows the proper procedures and protects themselves from potential legal repercussions. Option A is not advisable as it may lead to unauthorized actions, B could expose sensitive information and violate policies, and D does not provide specific guidance tailored to their situation.