Book description
Discover the new cybersecurity landscape of the interconnected software supply chain
In Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, a team of veteran information security professionals delivers an expert treatment of software supply chain security. In the book, you’ll explore real-world examples and guidance on how to defend your own organization against internal and external attacks. It includes coverage of topics including the history of the software transparency movement, software bills of materials, and high assurance attestations.
The authors examine the background of attack vectors that are becoming increasingly vulnerable, like mobile and social networks, retail and banking systems, and infrastructure and defense systems. You’ll also discover:
- Use cases and practical guidance for both software consumers and suppliers
- Discussions of firmware and embedded software, as well as cloud and connected APIs
- Strategies for understanding federal and defense software supply chain initiatives related to security
An essential resource for cybersecurity and application security professionals, Software Transparency will also be of extraordinary benefit to industrial control system, cloud, and mobile security professionals.
Table of contents
- Cover
- Title Page
- Foreword
- Introduction
- CHAPTER 1: Background on Software Supply Chain Threats
- CHAPTER 2: Existing Approaches—Traditional Vendor Risk Management
-
CHAPTER 3: Vulnerability Databases and Scoring Methodologies
- Common Vulnerabilities and Exposures
- National Vulnerability Database
- Software Identity Formats
- Sonatype OSS Index
- Open Source Vulnerability Database
- Global Security Database
- Common Vulnerability Scoring System
- Exploit Prediction Scoring System
- EPSS Model
- EPSS Critiques
- CISA's Take
- Moving Forward
- Summary
- CHAPTER 4: Rise of Software Bill of Materials
- CHAPTER 5: Challenges in Software Transparency
- CHAPTER 6: Cloud and Containerization
-
CHAPTER 7: Existing and Emerging Commercial Guidance
- Supply Chain Levels for Software Artifacts
- Google Graph for Understanding Artifact Composition
- CIS Software Supply Chain Security Guide
- CNCF's Software Supply Chain Best Practices
- CNCF's Secure Software Factory Reference Architecture
- Microsoft's Secure Supply Chain Consumption Framework
- S2C2F Practices
- S2C2F Implementation Guide
- OWASP Software Component Verification Standard
- OpenSSF Scorecard
- The Path Ahead
- Summary
-
CHAPTER 8: Existing and Emerging Government Guidance
- Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
- Software Verification
- NIST's Secure Software Development Framework
- NSAs: Securing the Software Supply Chain Guidance Series
- NSA Appendices
- Recommended Practices Guide for Suppliers
- Recommended Practices Guide for Customers
- Summary
- CHAPTER 9: Software Transparency in Operational Technology
-
CHAPTER 10: Practical Guidance for Suppliers
- Vulnerability Disclosure and Response PSIRT
- Product Security Incident Response Team (PSIRT)
- To Share or Not to Share and How Much Is Too Much?
- Copyleft, Licensing Concerns, and “As-Is” Code
- Open Source Program Offices
- Consistency Across Product Teams
- Manual Effort vs. Automation and Accuracy
- Summary
- CHAPTER 11: Practical Guidance for Consumers
- CHAPTER 12: Software Transparency Predictions
- Index
- Copyright
- Dedication
- About the Authors
- About the Technical Editor
- Acknowledgments
- End User License Agreement
Product information
- Title: Software Transparency
- Author(s):
- Release date: June 2023
- Publisher(s): Wiley
- ISBN: 9781394158485
You might also like
article
Have ChatGPT Ask You Questions
ChatGPT Shortcuts shows future prompt engineers how to harness the full potential of the state-of-the-art AI …
video
GenAI Essentials for Everyone - Overview
Our team of experts has hand-selected and organized the most crucial concepts and practical applications of …
article
Write More Succinct, Effective Emails
Communication is a multifaceted skill that facilitates the flow of information and collaboration in the workplace. …
article
Use GitHub Copilot: Additional Tips
Using GitHub Copilot can feel like magic. The tool automatically fills out entire blocks of code--but …