nerdexam
(ISC)2

CISSP · Question #214

What is one way to mitigate the risk of security flaws in custom software?

The correct answer is B. Include security assurance clauses in the Service Level Agreement (SLA). One way to mitigate the risk of security flaws in custom software is to include security assurance clauses in the Service Level Agreement (SLA) between the customer and the software developer. The SLA is a contract that defines the expectations and obligations of both parties, su

Submitted by tom_us· Mar 5, 2026Software Development Security

Question

What is one way to mitigate the risk of security flaws in custom software?

Options

  • AInclude security language in the Earned Value Management (EVM) contract
  • BInclude security assurance clauses in the Service Level Agreement (SLA)
  • CPurchase only Commercial Off-The-Shelf (COTS) products
  • DPurchase only software with no open source Application Programming Interfaces (APIs)

How the community answered

(36 responses)
  • A
    3% (1)
  • B
    81% (29)
  • C
    6% (2)
  • D
    11% (4)

Explanation

One way to mitigate the risk of security flaws in custom software is to include security assurance clauses in the Service Level Agreement (SLA) between the customer and the software developer. The SLA is a contract that defines the expectations and obligations of both parties, such as the scope, quality, performance, and security of the software. By including security assurance clauses, the customer can specify the security requirements and standards that the software must meet, and the developer can agree to provide evidence of compliance and remediation of

Topics

#software security#supply chain security#Service Level Agreement (SLA)#risk mitigation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice