CompTIA Security+ SY0-601 – Question146

Which of the following is the MOST relevant security check to be performed before embedding third-party
libraries in developed code?


A.
Check to see if the third party has resources to create dedicated development and staging environments.
B. Verify the number of companies that downloaded the third-party code and the number of contributions on
the code repository.
C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries'
developers.
D. Read multiple penetration-testing reports for environments running software that reused the library.

Correct Answer: C