Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During a component selection review, you must choose between two mature open-source libraries that offer equivalent functionality. One is maintained solely by volunteers, while the other is backed by the original developers under a paid support contract. Which attribute of the commercially-supported option most directly lowers software supply-chain risk?

  • Distribution under a permissive license that simplifies legal compliance

  • An active issue tracker that anyone can use to report bugs

  • Public availability of source code for community peer review

  • A binding service-level agreement that commits the vendor to deliver security fixes within specified timelines

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot