Overview
Modern software relies on a complex web of third-party components, open-source libraries, and multinational hardware providers. This course explores the inherent risks of the supply chain, examining how upstream modifications propagate through your infrastructure. You will analyze real-world failures, such as the colors.js incident, to understand how automated updates and unvetted dependencies can lead to espionage, data theft, and catastrophic system disruption.
You will gain a deep understanding of the supply chain lifecycle, from proof-of-concept development to the integration of COTS software. The course covers strategies for managing component-based engineering and evaluating hidden security properties. You will learn to implement robust management procedures, including SBOM usage and supplier risk programs, to secure your digital assets.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Watch now
Unlock full access