Certified Information Systems Security Professional (CISSP) — Question 372

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?

Answer options

• A. Request for proposals (RFP) avoid purchasing software that does not meet business needs.
• B. Contracting processes eliminate liability for security vulnerabilities for the purchaser.
• C. Decommissioning of old software reduces long-term costs related to technical debt.
• D. Software that does not perform as intended may be exploitable which makes it vulnerable to attack.

Correct answer: D

Explanation

The correct answer, D, highlights that software that does not work as expected may have vulnerabilities that attackers can exploit, increasing risk. Options A and B incorrectly focus on procurement processes rather than the inherent risks of the software itself, while option C addresses cost but does not relate directly to the security implications of software performance.