Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?
Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?
One significant security concern of commercial off-the-shelf (COTS) software is that exploits for this type of software are often well documented and publicly available. This makes it easier for malicious actors to find and use vulnerabilities in COTS software, posing a significant risk. While vendors can mitigate some risks through updates and patches, the fact that vulnerabilities are more likely to be known and accessible increases the security concern for users of COTS software.
"COTS applications are much more easily available in the black hat community. Information such as vulnerabilities and various attack patterns are freely discussed and plotted to someone’s gain, which is a huge security risk for customers of the product." https://www.infosectrain.com/blog/security-in-cots-software-in-sdlc/
D is correct
From CISSP student guide 6th edition: "...COTS software can mean that security is too generic or just simply doesn't exist". bdw, I think it's the best book to study but very difficult to get it.
On the other hand, you don't always know how securely COTS products were developed or whether the vendor would use its flaws against you. There’s also the question of what happens when the vendor discontinues updates and support. For these reasons, you must evaluate COTS vendors as a supply chain security issue.
Think about the dark web.... or hacking forums.
D is a gimme. Most of these are strengths of COTS or just incorrect.