Which of the following open source software issues pose the MOST risk to an application?
Correct Answer: C
The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated poses the most risk to an application. Open source software is software that is developed and distributed under a license that allows anyone to access, modify, and share the source code. Open source software can offer various benefits, such as cost savings, innovation, flexibility, and transparency. However, open source software can also introduce various risks, such as security, legal, operational, and reputational risks. One of the main security risks of open source software is the presence of vulnerabilities that can be exploited by attackers to compromise the application or the system that uses the software. Common Vulnerabilities and Exposures (CVE) is a system that assigns unique identifiers and descriptions to publicly known vulnerabilities in software. A software that has multiple CVEs and only some are remediated means that the software still has unresolved vulnerabilities that can pose a high risk to the application. The software may not have received timely or adequate patches or updates from the developers or the community, or the patches or updates may not have been applied by the users or the administrators. Therefore, the software may be exposed to potential attacks that can cause data loss, data breach, denial of service, or unauthorized access. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Software Development Security, page 451. CISSP Practice Exam - FREE 20 Questions and Answers, Question 17.