CompTIA CASP+ (CAS-004) — Question 464

Based on third-party software assurance assessments, a company needs to improve its quality and security practices. The common findings include:

• Deprecated functions
• Various race conditions
• Pointer dereferences
• Insecure system calls

Which of the following recommendations would most likely help the company reduce the frequency of these code quality issues?

Answer options

• A. Automated fuzzing and dynamic analysis
• B. IDE-integrated static analysis
• C. Third-party resource management
• D. Two-person control process for code commits
• E. Containerization of any included legacy code

Correct answer: B

Explanation

The correct answer, B, IDE-integrated static analysis, helps identify and fix issues like deprecated functions and race conditions during development, thereby improving overall code quality. Options A and E are useful but do not specifically target code quality issues at the same stage of development. Option C focuses on managing external resources and does not address internal code quality, while D is more about process control rather than direct code analysis.