ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a pre-release audit, you learn that developers statically linked an image-processing library released under the GNU GPLv3 into a proprietary application the company intends to sell. Management wants to keep the application closed source but still needs the same functionality. Which corrective control best mitigates the risk of violating the open-source license?
Distribute only compiled binaries of the application and store the proprietary source code in encrypted escrow.
Keep the GPL component and add an attribution notice in product documentation before commercial distribution.
Release the whole application's source code under GPLv3 to comply fully with the library's copyleft requirements.
Replace the GPL library with an equivalent component distributed under a permissive license (for example, MIT or BSD) after confirming technical compatibility.
The GNU GPLv3 is a copyleft license that requires any derivative work incorporating GPL-licensed code to be distributed under the GPL and accompanied by complete, buildable source. Continuing to ship a closed-source product with the GPL library (even with a mere attribution notice) or distributing only binaries would still violate the license. Releasing the entire product under the GPL would satisfy the license but conflicts with management's goal to keep the code proprietary. The practical way to preserve functionality while avoiding the copyleft obligation is to replace the GPL component with an alternative library published under a permissive license such as MIT or BSD, whose terms allow inclusion in proprietary software without source-code disclosure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the GNU GPLv3 license?
Open an interactive chat with Bash
What is the difference between permissive licenses like MIT or BSD and copyleft licenses like GPL?
Open an interactive chat with Bash
Why is replacing the GPL library with one under a permissive license the best corrective control?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .