ISC2 CISSP Practice Question

The correct answer is the vendor's patch management and vulnerability disclosure process. This factor directly affects how quickly and effectively security vulnerabilities will be addressed throughout the software's lifecycle. A vendor with a robust, transparent process for disclosing vulnerabilities and delivering timely patches will help maintain the security of the software over time.

The software's compliance with secure development lifecycle methodologies is important but focuses on how the software was developed rather than ongoing security maintenance. While a secure development process can produce more secure initial software, it doesn't address the critical aspect of how vulnerabilities discovered after release will be handled.

The implementation of cryptographic standards and key management protocols is a specific technical aspect of security that may be important for certain applications, particularly those handling sensitive data. However, it addresses only one component of security rather than the broader, ongoing security posture of the software throughout its lifecycle

.The software's third-party dependency management and supply chain controls focuses on the security of components incorporated into the software and the integrity of the delivery process. While these are significant security considerations, they don't address the critical aspect of how the vendor will respond to and remediate newly discovered vulnerabilities after the software is deployed.RetryClaude can make mistakes. Please double-check responses.