CompTIA CASP+ (CAS-004) — Question 548

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

Answer options

• A. Include stable, long-term releases of third-party libraries instead of using newer versions.
• B. Ensure the third-party library implements the TLS and disable weak ciphers.
• C. Compile third-party libraries into the main code statically instead of using dynamic loading.
• D. Implement an ongoing, third-party software and library review and regression testing.

Correct answer: D

Explanation

The correct answer is D because ongoing reviews and regression testing help identify and mitigate vulnerabilities as they arise in third-party libraries like OpenSSL. Options A and B do not address the need for continuous monitoring, and option C does not necessarily improve security but could complicate updates and maintenance.