Certified Information Systems Security Professional (CISSP) — Question 278

What is the BEST method to use for assessing the security impact of acquired software?

Answer options

• A. Threat modeling
• B. Common vulnerability review
• C. Software security compliance validation
• D. Vendor assessment

Correct answer: A

Explanation

Threat modeling is the most effective method as it allows for a comprehensive analysis of potential threats and vulnerabilities associated with the acquired software. The other options, while valuable, do not provide the same depth of insight into security risks as threat modeling does.