Certified Information Systems Security Professional (CISSP) — Question 19

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

Answer options

• A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.
• B. Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.
• C. Open source libraries contain unknown vulnerabilities, so they should not be used.
• D. Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.

Correct answer: A

Explanation

The correct answer, A, highlights that open-source libraries can have known vulnerabilities that malicious actors may exploit. This is important for developers to consider as they can expose the software to risks. Options B and D incorrectly downplay the risks associated with vulnerabilities, while option C suggests an overly cautious approach by ruling out the use of open-source libraries entirely.