CompTIA CASP+ (CAS-004) — Question 533

A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks?

Answer options

• A. Code reviews
• B. Supply chain visibility
• C. Software audits
• D. Source code escrows

Correct answer: D

Explanation

Source code escrows are a safeguard that allows access to the source code under certain conditions, ensuring that a company can maintain or update the software even if the vendor goes out of business. Code reviews, supply chain visibility, and software audits are important practices but do not specifically address the risk of losing access to software when the vendor is no longer available.