Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During a security design review, a team plans to include an open-source cryptographic library obtained from a public repository. In line with secure software supply-chain guidance for selecting third-party components, which evaluation will provide the strongest assurance that the library will not become an unpatched attack vector over time?

  • Benchmark the library's execution speed against proprietary alternatives to ensure adequate performance margins.

  • Check the number of community stars and forks to gauge overall popularity in the developer ecosystem.

  • Verify that the library's public API follows the organization's internal coding style and naming conventions.

  • Confirm that the project maintains a regular patch cadence and publishes timely security advisories for newly discovered vulnerabilities.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot