June 2023
Intermediate to advanced
336 pages
10h 12m
English
Content preview from Software Transparency
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
CHAPTER 10Practical Guidance for Suppliers
While we have discussed many of the emerging sources of industry guidance from private and public sector organizations, the next couple of chapters will strive to give some practical guidance to both suppliers and consumers. This will include a synthesis of guidance from the sources we've discussed, as well as industry best practices and advice based on the author's professional experience as well.
Not all the recommendations, best practices, and processes may be practical to implement for all suppliers. Just like the diverse ecosystem of software consumers, software suppliers exist on a spectrum as it relates to resources, expertise, and constraints. It will often be a dichotomy between software consumers and suppliers, depending on the industry, business relationship, regulatory requirements, and contractual aspects at play to come to terms with what does or doesn't get implemented, provided, or disclosed and under what circumstances.
Vulnerability Disclosure and Response PSIRT
We've spoken quite a bit about industry frameworks such as NIST's Secure Software Development Framework (SSDF) in other chapters of this book, so it makes sense to cite it as an example here as well.
As discussed, SSDF calls for organizations to implement sound practices to help aid secure software development. It lays out the practices across four groups: Preparing the Organization, Protecting Software, Producing Well-Secured Software, and Responding to ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.