Why does compiled code pose more of a security risk than interpreted code?

A.
Because malicious code can be embedded in compiled code and be difficult to detect.

B.
If the executed compiled code fails, there is a chance it will fail insecurely.

C.
Because compilers are not reliable.

D.
There is no risk difference between interpreted code and compiled code.

Explanation:
Compiled code poses more of a security risk than interpreted code because of malicious code can be
embedded in the compiled code and be difficult to detect.
Incorrect Answers:
B: Compiled code that fails would be an example of an application runtime error, which in itself is no security
risk.
C: Compilers are to be trusted.
D: Compiled code is more of a security risk.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 425