- Témaindító
- #1
- Csatlakozás
- 2020.09.06.
- Üzenetek
- 7,198
- Reakció pontszám
- 74
- Díjak
- 5
Software Supply Chain Security Securing the End-To-End Supply Chain for Software, Firmware, and Hardware by Cassie Crossley | 6.4 MB
242 Pages
Title: Software Supply Chain Security: Securing the End-To-End Supply Chain for Software, Firmware, and Hardware
Author: Cassie Crossley
Description:
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.
This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.
With this book, you'll learn how to:
Review
"In the last few years, industry has woken up to the need for software transparency. This book does an excellent job on summarizing the current landscape, and providing context for those trying to improve best practices for managing risk."
-- Kate Stewart
Vice President of Dependable Embedded Systems, The Linux Foundation
"During a time of ever increasing threats to our systems, this book serves as a practical guide for any organization looking to include Software Supply Chain Security as part of their risk management program."
-- Grant Schneider
Former US Federal Chief Information Security Officer
"Cassie has been a pioneer in advocating for and advancing SBOM, particularly in critical infrastructure. This volume is a critical contribution that underscores the need for software transaprency, and highlights paths to implementation."
-- Dr. Allan Friedman
SBOM Champion
"Cassie's book is the most thorough, practical, organized, and actionable supply chain advice I've ever received. Via frameworks and detailed plans this book lays out exactly what to do to ensure your entire product supply chain (physical or digital) is reliably secure."
-- Tanya Janca (SheHacksPurple)
Head of Community and Education; author of Bob and Alice Learn Application Security
"Cassie brings a wealth of knowledge to the topic in this book, covering relevant attack vectors, emerging frameworks, vulnerability disclosures, products, open source, third-party suppliers and navigating the complex human element, all too often overlooked in software supply chain security."
-- Chris Hughes
President & Co-Founder, Aquia; Cyber Innovation Fellow (CIF) at CISA; co-author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society
About the Author
Cassie Crossley is an experienced cybersecurity technology executive in Information Technology and Product Development. She has many years of business and technical leadership experience in secure software supply chain, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Cassie has designed frameworks and operating models for end-to-end security in software development lifecycles, third-party risk management, cybersecurity governance, and cybersecurity initiatives. She is a member of the CISA SBOM working groups and presents frequently on the topic of SBOMs and Software Supply Chain Security.
Cassie has held positions at Schneider Electric, Ceridian, Hewlett-Packard, McAfee, Lotus, and IBM. She has an M.B.A. from California State University, Fresno, and her Bachelor of Science degree in Technical and Professional Communication with a specialization in Computer Science from Southern Polytechnic State University (now consolidated into Kennesaw State University).
DOWNLOAD:
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.
This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.
With this book, you'll learn how to:
- Pinpoint the cybersecurity risks in each part of your organization's software supply chain
- Identify the roles that participate in the supply chain-including IT, development, operations, manufacturing, and procurement
- Design initiatives and controls for each part of the supply chain using existing frameworks and references
- Implement secure development lifecycle, source code security, software build management, and software transparency practices
- Evaluate third-party risk in your supply chain
Review
"In the last few years, industry has woken up to the need for software transparency. This book does an excellent job on summarizing the current landscape, and providing context for those trying to improve best practices for managing risk."
-- Kate Stewart
Vice President of Dependable Embedded Systems, The Linux Foundation
"During a time of ever increasing threats to our systems, this book serves as a practical guide for any organization looking to include Software Supply Chain Security as part of their risk management program."
-- Grant Schneider
Former US Federal Chief Information Security Officer
"Cassie has been a pioneer in advocating for and advancing SBOM, particularly in critical infrastructure. This volume is a critical contribution that underscores the need for software transaprency, and highlights paths to implementation."
-- Dr. Allan Friedman
SBOM Champion
"Cassie's book is the most thorough, practical, organized, and actionable supply chain advice I've ever received. Via frameworks and detailed plans this book lays out exactly what to do to ensure your entire product supply chain (physical or digital) is reliably secure."
-- Tanya Janca (SheHacksPurple)
Head of Community and Education; author of Bob and Alice Learn Application Security
"Cassie brings a wealth of knowledge to the topic in this book, covering relevant attack vectors, emerging frameworks, vulnerability disclosures, products, open source, third-party suppliers and navigating the complex human element, all too often overlooked in software supply chain security."
-- Chris Hughes
President & Co-Founder, Aquia; Cyber Innovation Fellow (CIF) at CISA; co-author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society
About the Author
Cassie Crossley is an experienced cybersecurity technology executive in Information Technology and Product Development. She has many years of business and technical leadership experience in secure software supply chain, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Cassie has designed frameworks and operating models for end-to-end security in software development lifecycles, third-party risk management, cybersecurity governance, and cybersecurity initiatives. She is a member of the CISA SBOM working groups and presents frequently on the topic of SBOMs and Software Supply Chain Security.
Cassie has held positions at Schneider Electric, Ceridian, Hewlett-Packard, McAfee, Lotus, and IBM. She has an M.B.A. from California State University, Fresno, and her Bachelor of Science degree in Technical and Professional Communication with a specialization in Computer Science from Southern Polytechnic State University (now consolidated into Kennesaw State University).
DOWNLOAD:
Code:
⚠
A kód megtekintéséhez jelentkezz be.
Please log in to view the code.
Code:
⚠
A kód megtekintéséhez jelentkezz be.
Please log in to view the code.