CompTIA CySA+ CS0-003 Practice Question
Your organization utilizes a proprietary system for its critical operations. During a routine vulnerability scan, you discover that this system has several security weaknesses. However, any changes to the system require a development cycle from the vendor. What kind of inhibitors to remediation should you include in your vulnerability management report to accurately communicate the challenges to stakeholders?
Affected hosts can be remediated by the application of immediate compensating controls without contacting the vendor.
Proprietary systems may have vendor-specific development cycles that delay immediate remediation.
Since it's proprietary technology, no vulnerabilities should be reported until the vendor confirms them.
Legacy systems often represent a risk, but proprietary systems do not need to be included in vulnerability reports.