Certified Information Systems Security Professional (CISSP) — Question 364

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

Answer options

• A. Vendors take on the liability for COTS software vulnerabilities.
• B. In-house developed software is inherently less secure.
• C. COTS software is inherently less secure.
• D. Exploits for COTS software are well documented and publicly available.

Correct answer: D

Explanation

The correct answer is D because COTS software is widely used, making its vulnerabilities a prime target for attackers, and detailed exploit information is often available online. Option A is incorrect as vendors typically limit their liability. Option B incorrectly suggests in-house software is always more secure, which is not necessarily true. Option C is misleading, as COTS software can be secure, depending on the vendor's practices.