ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your company contracts an external vendor to build a proprietary analytics component that will be embedded in your commercial software. Management wants to avoid any future disputes and ensure it can modify, sublicense, or sell the component without additional permission. Which contractual clause best satisfies this concern?

Define detailed service-level metrics for bug-fix response and resolution times.
Add an indemnification clause requiring the vendor to defend against any patent infringement claims.
Insert a strict confidentiality and non-disclosure clause covering all project deliverables.
Include a work-made-for-hire and IP assignment clause transferring full ownership of the code to your organization.

Report Issue

Answer Description

A clause that declares the deliverable a "work made for hire" (and, when appropriate, explicitly assigns all intellectual property rights to the purchaser) places initial ownership of the copyright and related IP with your organization. This gives the company full control to reuse, modify, or resell the code without returning to the vendor for additional licenses.
‐ An indemnification clause focuses on defending against third-party claims; it does not transfer ownership.
‐ Confidentiality or non-disclosure language protects secrets but leaves ownership with the creator unless otherwise stated.
‐ Service-level agreements address performance or support targets, not who owns the code.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.