CompTIA Security+ (SY0-601) — Question 817

Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code?

Answer options

• A. Check to see if the third party has resources to create dedicated development and staging environments.
• B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository.
• C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries' developers.
• D. Read multiple penetration-testing reports for environments running software that reused the library.

Correct answer: C

Explanation

The correct answer is C because assessing existing vulnerabilities and the developers' response is crucial for ensuring the security of the integrated library. Options A, B, and D, while relevant, do not directly address the immediate security risks associated with the code itself.