September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
276
|
第
17
章
一些特别危险的漏洞示例包括
Spectre
和
Meltdown
(
CVE-2017-5715
和
CVE-2017-5753
)、
glibc
(
CVE-2015-0235
)、
Stagefright
(
CVE-2015-1538
)
、破壳漏洞(
CVE-2014-6271
)和
心脏滴血漏洞(
CVE-2014-0160
)。
CVD
CVD
的含义有多种解释。
ISO/IEC 29147:2018
标准提供了一些指引。在
Google
,我们
通常将
CVD
定义为一个过程,在此期间团队必须谨慎地平衡好供应商发布安全补丁
所需的时间,缺陷发现或报告者的需求和期望,以及用户群体和客户的需求。
17.2
指挥事件
既然已经讨论了分诊和风险评估的流程,接下来的
3
节就假定已经发生了“重大事件”:
已经确定或怀疑发生了一次有针对性的入侵行动,并且需要开展全面的事件响应。
17.2.1
第一步
:
不要惊慌
许多响应人员遇到严重事件升级的情况时会产生恐慌感,并且肾上腺素激增。在进行基础
训练时,消防、救援和医疗领域的应急响应人员被告诫不要在发生紧急情况的现场奔跑。
奔跑不仅会增加现场发生事故的可能性,还会使问题变得更糟糕,并且可能给响应人员和
公众带来恐慌感。类似地,在发生安全事故时,即使你争分夺秒,一旦计划失败也会前功
尽弃。
尽管网站可靠性工程师和
Google
的安全团队执行事件管理的方式类似
,但针对安全事件
启动危机管理响应与针对停机之类的可靠性事件启动响应是有区别的。当发生停机时,随
叫随到的网站可靠性工程师准备采取行动。他们的目标是快速发现错误并将系统修复,使 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.