A software developer was just informed by the security team that the company’s product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring?

A. Perform supply chain analysis and require third-party suppliers to implement vulnerability management programs.

B. Perform software composition analysis and remediate vulnerabilities found in the software.

C. Perform reverse engineering on the code and rewrite the code in a more secure manner.

D. Perform fuzz testing and implement DAST in the code repositories to find vulnerabilities prior to deployment.








 

Suggested Answer: B

Community Answer: B



This question is in CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.