CISSP · Question #1246
What Is a risk of using commercial off-the-shelf (COTS) products?
The correct answer is A. COTS products may not map directly to an organization's security requirements.. A risk of using commercial off-the-shelf (COTS) products is that they may not map directly to an organization's security requirements. COTS products are software or hardware products that are ready-made and available for purchase from vendors or suppliers, without any customizati
Question
What Is a risk of using commercial off-the-shelf (COTS) products?
Options
- ACOTS products may not map directly to an organization's security requirements.
- BCOTS products are typically more expensive than developing software in-house.
- CCost to implement COTS products is difficult to predict.
- DVendors are often hesitant to share their source code.
How the community answered
(57 responses)- A93% (53)
- B4% (2)
- C2% (1)
- D2% (1)
Explanation
A risk of using commercial off-the-shelf (COTS) products is that they may not map directly to an organization's security requirements. COTS products are software or hardware products that are ready-made and available for purchase from vendors or suppliers, without any customization or modification. COTS products can offer some advantages, such as lower cost, faster deployment, or better compatibility, but they can also pose some risks, such as: COTS products may not map directly to an organization's security requirements, as they are designed for general or common purposes, and they may not meet the specific or unique needs or expectations of the organization. For example, a COTS product may not support the organization's preferred encryption algorithm, authentication method, or access control model, or it may have some security vulnerabilities or weaknesses that could compromise the organization's security posture or compliance. COTS products are typically more difficult to secure or update, as the organization does not have full control or visibility over the product's source code, configuration, or functionality. The organization has to rely on the vendor or the supplier to provide security patches, fixes, or enhancements, which may not be timely, reliable, or compatible. The organization may also face some compatibility or interoperability issues with other systems or products, or some legal or contractual constraints or obligations, when using COTS products. COTS products may introduce some hidden or unexpected costs or risks, as the organization may have to pay for additional licenses, fees, or services, or deal with some performance, quality, or usability issues, when using COTS products. The organization may also have to share or disclose some sensitive or confidential information with the vendor or the supplier, or accept some terms or conditions that may limit the organization's rights or options, when using COTS
Topics
Community Discussion
No community discussion yet for this question.