CompTIA CASP+ (CAS-004) — Question 606

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

Answer options

• A. Software composition analysis
• B. A SCAP scanner
• C. A SAST
• D. A DAST

Correct answer: A

Explanation

Implementing Software Composition Analysis (SCA) is crucial for identifying and managing vulnerabilities in third-party libraries, ensuring that outdated packages are replaced or updated before release. The other options, such as SCAP, SAST, and DAST, focus on different aspects of security but do not specifically address the issue of outdated third-party components.