Securing The Software Supply Chain
Download Securing The Software Supply Chain full books in PDF, epub, and Kindle. Read online free Securing The Software Supply Chain ebook anywhere anytime directly on your device. Fast Download speed and no annoying ads. We cannot guarantee that every ebooks is available!
| Author | : Cassie Crossley |
| Publisher | : "O'Reilly Media, Inc." |
| Total Pages | : 243 |
| Release | : 2024-02-02 |
| Genre | : Business & Economics |
| ISBN | : 1098133676 |
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process. This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware. With this book, you'll learn how to: Pinpoint the cybersecurity risks in each part of your organization's software supply chain Identify the roles that participate in the supply chain—including IT, development, operations, manufacturing, and procurement Design initiatives and controls for each part of the supply chain using existing frameworks and references Implement secure development lifecycle, source code security, software build management, and software transparency practices Evaluate third-party risk in your supply chain
| Author | : Chris Hughes |
| Publisher | : John Wiley & Sons |
| Total Pages | : 257 |
| Release | : 2023-05-03 |
| Genre | : Business & Economics |
| ISBN | : 1394158491 |
Discover the new cybersecurity landscape of the interconnected software supply chain In Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, a team of veteran information security professionals delivers an expert treatment of software supply chain security. In the book, you’ll explore real-world examples and guidance on how to defend your own organization against internal and external attacks. It includes coverage of topics including the history of the software transparency movement, software bills of materials, and high assurance attestations. The authors examine the background of attack vectors that are becoming increasingly vulnerable, like mobile and social networks, retail and banking systems, and infrastructure and defense systems. You’ll also discover: Use cases and practical guidance for both software consumers and suppliers Discussions of firmware and embedded software, as well as cloud and connected APIs Strategies for understanding federal and defense software supply chain initiatives related to security An essential resource for cybersecurity and application security professionals, Software Transparency will also be of extraordinary benefit to industrial control system, cloud, and mobile security professionals.
| Author | : Michael Lieberman |
| Publisher | : Manning |
| Total Pages | : 0 |
| Release | : 2024-11-26 |
| Genre | : Computers |
| ISBN | : 9781633438767 |
Secure your entire software supply chain, including the code you write, the libraries you use, and the platforms you run on. Modern software relies on a collection of original code, libraries, open source tools, plugins, packages, and platforms. Securing the Software Supply Chain teaches you to secure those dependencies to the same rigorous standards as the rest of your systems. Inside this insightful guide, you’ll learn how to: Understand your whole software supply chain Model threats to your software development lifecycle Implement controls to preempt and protect against attack Use cutting-edge security tools and scalable processes Organize and plan improvements Supply chain tools like Sigstore, in-toto, and Kyverno It’s easy to be blissfully unaware of the dangerous vulnerabilities lurking in your software systems. This book reveals techniques securing all components of the software delivery lifecycle. Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications. About the book Securing the Software Supply Chain teaches you everything you need to know to identify and protect the code, data, and infrastructure of your applications. You’ll get a comprehensive breakdown of the kind of threats your software supply chain faces, and how they can be dramatically different from traditional dangers. Learn how to implement a chain of custody throughout your software development lifecycle, with techniques ranging from securing developer workstations to implementing dependency proxies. Real-world examples from a financial services company illustrate each concept, including key signing ceremonies, establishing trust roots, and generating a Software Bill of Materials (SBOM)—vital documentation for supply chain risk management. About the reader For software senior engineers and architects with experience in DevSecOps. About the author Michael Lieberman is CTO and co-founder of Kusari, a cybersecurity startup focused on software supply chain security. Michael has previously worked in the financial industry, architecting cloud migrations with a focus on security. In addition, he is an OpenSSF TAC member; a member of the SLSA steering committee, an emerging supply chain security standard; as well as a CNCF Security TAG lead. Brandon Lum is a co-chair of the CNCF Security TAG, and as a part of Google’s Open Source Security Team, he works on improving the security of the Open Source ecosystem. Previously at IBM Research, Brandon worked on various security areas, such as container content protection via encryption and image signing, identity, Zero Trust architectures, and kernel attack surface reduction.
| Author | : Department of Homeland Security. Cybersecurity and Infrastructure Security Agency |
| Publisher | : |
| Total Pages | : 16 |
| Release | : 2021 |
| Genre | : |
| ISBN | : |
This document provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the National Institute of Standards and Technology (NIST) Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.
| Author | : Cassie Crossley |
| Publisher | : O'Reilly Media |
| Total Pages | : 0 |
| Release | : 2024-03-05 |
| Genre | : Computers |
| ISBN | : 9781098133702 |
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process. This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware. With this book, you'll learn how to: Pinpoint the cybersecurity risks in each part of your organization's software supply chain Find the cybersecurity frameworks and resources that can improve security Identify the roles that participate in the supply chain--including IT, development, operations, manufacturing, and procurement Design initiatives and controls for each part of the supply chain using existing frameworks and references Evaluate third-party risk in your supply chain
| Author | : Cassie Crossley |
| Publisher | : "O'Reilly Media, Inc." |
| Total Pages | : 281 |
| Release | : 2024-02-02 |
| Genre | : Computers |
| ISBN | : 1098133668 |
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process. This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware. With this book, you'll learn how to: Pinpoint the cybersecurity risks in each part of your organization's software supply chain Identify the roles that participate in the supply chain—including IT, development, operations, manufacturing, and procurement Design initiatives and controls for each part of the supply chain using existing frameworks and references Implement secure development lifecycle, source code security, software build management, and software transparency practices Evaluate third-party risk in your supply chain
| Author | : Trey Herr |
| Publisher | : |
| Total Pages | : |
| Release | : |
| Genre | : |
| ISBN | : |
| Author | : Axel Wirth |
| Publisher | : Artech House |
| Total Pages | : 270 |
| Release | : 2020-08-31 |
| Genre | : Computers |
| ISBN | : 163081816X |
Cybersecurity for medical devices is no longer optional. We must not allow sensationalism or headlines to drive the discussion… Nevertheless, we must proceed with urgency. In the end, this is about preventing patient harm and preserving patient trust. A comprehensive guide to medical device secure lifecycle management, this is a book for engineers, managers, and regulatory specialists. Readers gain insight into the security aspects of every phase of the product lifecycle, including concept, design, implementation, supply chain, manufacturing, postmarket surveillance, maintenance, updates, and end of life. Learn how to mitigate or completely avoid common cybersecurity vulnerabilities introduced during development and production. Grow your awareness of cybersecurity development topics ranging from high-level concepts to practical solutions and tools. Get insight into emerging regulatory and customer expectations. Uncover how to minimize schedule impacts and accelerate time-to-market while still accomplishing the main goal: reducing patient and business exposure to cybersecurity risks. Medical Device Cybersecurity for Engineers and Manufacturers is designed to help all stakeholders lead the charge to a better medical device security posture and improve the resilience of our medical device ecosystem.
| Author | : Heather Adkins |
| Publisher | : O'Reilly Media |
| Total Pages | : 558 |
| Release | : 2020-03-16 |
| Genre | : Computers |
| ISBN | : 1492083097 |
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure. Two previous O’Reilly books from Google—Site Reliability Engineering and The Site Reliability Workbook—demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain software systems. In this latest guide, the authors offer insights into system design, implementation, and maintenance from practitioners who specialize in security and reliability. They also discuss how building and adopting their recommended best practices requires a culture that’s supportive of such change. You’ll learn about secure and reliable systems through: Design strategies Recommendations for coding, testing, and debugging practices Strategies to prepare for, respond to, and recover from incidents Cultural best practices that help teams across your organization collaborate effectively
| Author | : Alexandra Paulus |
| Publisher | : |
| Total Pages | : 0 |
| Release | : 2023 |
| Genre | : Computer software |
| ISBN | : |
Given the threats, software supply chain security poses an urgent problem to policy makers. In this analysis, we develop a toolbox that combines diverse instruments with targeted government action to be practical guidance for policy makers. This toolbox approach has the advantage that policy makers can choose instruments suited to their respective positions, considering, for example, available resources and capabilities. After reviewing the instruments and the possibilities for government action, we have compiled three sets of policy priorities that policy makers should focus on, providing three levels of ambition that cater to different national venture points.
