Book description
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.
This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.
With this book, you'll learn how to:
- Pinpoint the cybersecurity risks in each part of your organization's software supply chain
- Identify the roles that participate in the supply chain—including IT, development, operations, manufacturing, and procurement
- Design initiatives and controls for each part of the supply chain using existing frameworks and references
- Implement secure development lifecycle, source code security, software build management, and software transparency practices
- Evaluate third-party risk in your supply chain
Publisher resources
Table of contents
- Foreword
- Preface
- 1. Supply Chain Security
-
2. Supply Chain Frameworks and Standards
- Technology Risk Management Frameworks
-
Supply Chain Frameworks and Standards
- NIST SP 800-161 Cybersecurity Supply Chain Risk Management for Systems and Organizations
- UK Supplier Assurance Framework
- MITRE System of Trust™ (SoT) Framework
- ISO/IEC 20243-1:2023 Open Trusted Technology Provider Standard
- SCS 9001 Supply Chain Security Standard
- ISO 28000:2022 Security and Resilience
- ISO/IEC 27036 Information Security for Supplier Relationships
- Framework and Standards Considerations Summary
- Summary
-
3. Infrastructure Security in the Product Lifecycle
- Developer Environments
- Code Repositories and Build Platforms
- Development Tools
- Labs and Test Environments
- Preproduction and Production Environments
- Software Distribution and Deployment Locations
- Manufacturing and Supply Chain Environments
- Customer Staging for Acceptance Tests
- Service Systems and Tools
- Summary
- 4. Secure Development Lifecycle
- 5. Source Code, Build, and Deployment Management
- 6. Cloud and DevSecOps
- 7. Intellectual Property and Data
- 8. Software Transparency
-
9. Suppliers
-
Cyber Assessments
- Assessment Responses
- Research
- IT Security Including Environmental Security
- Product/Application Security Organization
- Product Security Processes and Secure Development Lifecycle
- Training
- Secure Development and Security Testing
- Build Management, DevSecOps, and Release Management
- Scanning, Vulnerability Management, Patching, and SLAs
- Cloud Applications and Environments
- Development Services
- Manufacturing
- Cyber Agreements, Contracts, and Addendums
- Ongoing Supplier Management
- Summary
-
Cyber Assessments
- 10. Manufacturing and Device Security
- 11. People in the Software Supply Chain
- Appendix. Security Controls
- Index
- About the Author
Product information
- Title: Software Supply Chain Security
- Author(s):
- Release date: February 2024
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781098133702
You might also like
book
Cybersecurity and Third-Party Risk
STRENGTHEN THE WEAKEST LINKS IN YOUR CYBERSECURITY CHAIN Across the world, the networks of hundreds of …
book
Building a Cyber Risk Management Program
Cyber risk management is one of the most urgent issues facing enterprises today. This book presents …
book
Application Security Program Handbook
Stop dangerous threats and secure your vulnerabilities without slowing down delivery. This practical book is a …
book
Secure Software Systems
Secure Software Systems presents an approach to secure software systems design and development that tightly integrates …