Free CompTIA CySA+ CS0-003 Practice Question
Your organization utilizes a proprietary system for its critical operations. During a routine vulnerability scan, you discover that this system has several security weaknesses. However, any changes to the system require a development cycle from the vendor. What kind of inhibitors to remediation should you include in your vulnerability management report to accurately communicate the challenges to stakeholders?
Legacy systems often represent a risk, but proprietary systems do not need to be included in vulnerability reports.
Proprietary systems may have vendor-specific development cycles that delay immediate remediation.
Affected hosts can be remediated by the application of immediate compensating controls without contacting the vendor.
Since it's proprietary technology, no vulnerabilities should be reported until the vendor confirms them.
