CompTIA PenTest+ (PT1-002) — Question 108

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

Answer options

• A. The libraries may be vulnerable
• B. The licensing of software is ambiguous
• C. The libraries' code bases could be read by anyone
• D. The provenance of code is unknown
• E. The libraries may be unsupported
• F. The libraries may break the application

Correct answer: A, C

Explanation

The correct answers are A and C because third-party open-source libraries can indeed have vulnerabilities that expose applications to security risks, and their code being publicly accessible raises concerns about potential exploitation. Options B, D, E, and F are valid concerns but do not represent the greatest risks compared to the direct security implications of vulnerabilities and accessibility of the code.