June 2023
Intermediate to advanced
336 pages
10h 12m
English
Content preview from Software Transparency
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
CHAPTER 11Practical Guidance for Consumers
On the flip side of software suppliers are software consumers. These consumers are trying to make sense of the array of guidance, best practices, and requirements that are emerging and inevitably involved in the push-and-pull dynamic of the relationship between suppliers and consumers. Each have different perspectives, incentives, and goals as well and potentially differing regulatory requirements. While some software consumers may be large enterprise environments with robust cybersecurity staff and expertise, this isn't always the case, as many consumers are small and mid-sized businesses (SMBs) with limited to no internal cybersecurity expertise and resources. These smaller organizations often must rely on outside managed service providers and partners, and simply prioritize activities that are realistic based on their resources when it comes to secure software consumption. In this chapter, we discuss some practical guidance for consumers, building on many of the recommendations made in Chapter 7, “Existing and Emerging Commercial Guidance,” and Chapter 8, “Existing and Emerging Government Guidance.”
Thinking Broad and Deep
While this chapter on guidance for consumers includes discussions and recommendations associated with software bills of materials (SBOMs), we want to emphasize that the SBOM is merely one emerging tool and resource in the broader discussion of software supply chain security. However, given its heavy focus in ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.