February 2024
Intermediate to advanced
244 pages
7h 3m
English
Content preview from Software Supply Chain Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 9. Suppliers
Suppliers can introduce risks to you through the people, practices, code, and technologies that they use to build their product or service. A single code library provided by a supplier, for example, can introduce critical vulnerabilities into your organization, products, or services. Your organization likely has a process for selecting suppliers, which usually includes an evaluation of the supplier’s financial health, the quality of the product it produces, and its ability to deliver the volumes you need. When reviewing criteria for a potential supplier, cybersecurity should also be a weighted factor in your overall evaluation. These supplier evaluations now assess the risk of cybersecurity issues, data breaches, and regulatory compliance, or are used to meet insurance requirements. The evaluations are important, but they may not address the key risks for the supplier’s scope of products or services. For example, the cybersecurity posture of a supplier’s websites and attack surfaces does not necessarily mean that the supplier uses a secure software development lifecycle process or monitors its development environments.
Throughout this chapter, I use the term “supplier” to represent the direct supplier or vendor who provides goods or services to your organization, which would make it a “third-party” supplier. Each third-party supplier may have multiple suppliers itself, making them your fourth-party suppliers. This continues upstream to the fifth party all ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.