The correct answer is that vendors can introduce vulnerabilities into systems that may be exploited for unauthorized access or other malicious activities. It is important for organizations to evaluate the security practices of their suppliers to protect against these risks. Unauthorized code in updates represents a situation where a vendor may unintentionally or maliciously include harmful code in a software update. While vendors can also be targets of social engineering and may suffer data breaches, these are not specific examples of how vendors would introduce vulnerabilities into an organization's systems. Incorrect patches are related but are a result of a vulnerability introduced rather than describing the risk associated with vendors.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some steps organizations can take to mitigate supply chain risks from vendors?
Open an interactive chat with Bash
What is 'unauthorized code in updates,' and why is it a significant risk?
Open an interactive chat with Bash
How do supply chain attacks such as SolarWinds exploit vendor vulnerabilities?