ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
While evaluating a cryptographic library for a payment system, the team must decide between a popular community-supported open-source package and a proprietary library backed by a vendor with a service-level agreement (SLA). Which risk is uniquely higher for the community-supported option when compared with the commercially licensed and supported alternative?
Acquisition costs could unexpectedly exceed the allocated licensing budget.
Engineers must compile source updates themselves, increasing deployment effort.
There is no contractual obligation ensuring that security patches will be delivered within an agreed timeline.
Attackers can study publicly available source code to find exploitable flaws.
Because community-supported open-source projects usually have no contractual relationship with the consuming organization, there is no legally enforceable commitment that maintainers will publish fixes within a defined time. This uncertainty can leave known vulnerabilities unpatched for an extended period, raising operational risk. Although open source exposes code publicly and may require license compliance, these factors also apply, in different ways, to commercial products and do not stem from the lack of formal support. Conversely, the risk of high license fees or vendor lock-in is more characteristic of proprietary, commercially supported software than of community projects.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a service-level agreement (SLA)?
Open an interactive chat with Bash
Why is patch delivery timeline risk higher for open-source libraries?
Open an interactive chat with Bash
How does open-source code visibility impact security risks?
Open an interactive chat with Bash
What is a Service-Level Agreement (SLA) in software security?
Open an interactive chat with Bash
Why are security patches critical in open-source software?
Open an interactive chat with Bash
How does open-source transparency differ from proprietary software in terms of security?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .