CISSP - Software Development Security - Section 8.4
Assess the security impact of acquired software including commercial-off-the-shelf, open source, third-party, and managed services.
Assess the security impact of acquired software by evaluating commercial off-the-shelf (COTS), open source, third-party, and managed service components including SaaS, IaaS, and PaaS offerings. Apply consistent evaluation criteria - such as vendor patching cadence, licence terms, and dependency risk - before incorporating acquired software into the organisation's environment.
COTSopen sourcethird-party softwaremanaged servicesSaaS/IaaS/PaaS
More in this domain
Back to all Software Development Security objectives, or the CISSP cert hub.
Examworthy is not affiliated with or endorsed by (ISC)2. Original, blueprint-aligned practice material only.