What is one way to mitigate the risk of security flaws in custom software?

A.
Include security language in the Earned Value Management (EVM) contract

B.
Include security assurance clauses in the Service Level Agreement (SLA)

C.
Purchase only Commercial Off-The-Shelf (COTS) products

D.
Purchase only software with no open source Application Programming Interfaces (APIs)

Explanation: