Certified Information Systems Security Professional (CISSP) — Question 386

Which element of software supply chain management has the GREATEST security risk to organizations?

Answer options

• A. Unsupported libraries are often used.
• B. Applications with multiple contributors are difficult to evaluate.
• C. Vulnerabilities are difficult to detect.
• D. New software development skills are hard to acquire.

Correct answer: A

Explanation

Unsupported libraries present a significant security risk because they may have unpatched vulnerabilities that can be exploited by attackers. While applications with multiple contributors and difficult-to-detect vulnerabilities also pose risks, unsupported libraries are more directly associated with immediate security threats. The challenge of acquiring new software development skills is less relevant to the security of the software supply chain itself.