April 2024
Intermediate to advanced
288 pages
7h 33m
English
Content preview from Effective Vulnerability Management
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
11Secure-by-Design
While we’ve spent a significant amount of time discussing the vulnerability management landscape and its challenges, as well as how to go about addressing vulnerabilities and managing them in large complex environments, we would be remiss if we didn’t take some time to discuss a fundamental shift that’s needed—the shift to secure-by-design/default software and integrating security throughout the system and software development life cycle (SDLC) to stop the bleeding.
With modern organizations drowning in vulnerability backlogs in the hundreds of thousands to millions and consumers increasingly being faced with insecure products and software, no amount of innovation and efficiency in managing vulnerabilities will have the impact that addressing the root of the issue will. This is because most software and digital systems aren’t made with security as a core part of the product development process.
We’ve begun to see an industry-wide shift and calls for secure-by-design software and products, with the message being championed by organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) in the United States as well as key U.S. government technology and security leaders. The concept was even emphasized in the latest U.S. National Cybersecurity Strategy (NCS) (www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf), which called for driving the adoption of secure-by-design principles and shifting the burden ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.