CompTIA CASP+ (CAS-004) — Question 407

A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective?

Answer options

• A. Performing software composition analysis
• B. Requiring multifactor authentication
• C. Establishing coding standards and monitoring for compliance
• D. Implementing a robust unit and regression-testing scheme

Correct answer: A

Explanation

The correct answer, performing software composition analysis, is essential for identifying and managing vulnerabilities in third-party components. The other options, while important for security and quality, do not directly address the specific risks associated with third-party software in the supply chain.