Get the Book! Software Supply Chain Security
From Amazon
From O'Reilly Media
From O'Reilly Media
Purchase from Amazon and leave a review!
From O'Reilly Media
From O'Reilly Media
From O'Reilly Media
Get a free 30 day free trial to O'Reilly Media platform. You'll have full access to "Software Supply Chain Security" and thousands of other books!
Bulk Purchase
From O'Reilly Media
Bulk Purchase
O'Reilly can offer a bulk discount: 40% off 5-99 copies, 45% off 100-299 copies, and 50% or more for larger quantities. Taxes and shipping extra. Only available in certain countries.
About the Book
Purpose
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.
This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.
Key Learnings
- Pinpoint the cybersecurity risks in each part of your organization's software supply chain
- Find the cybersecurity frameworks and resources that can improve security
- Identify the roles that participate in the supply chain—including IT, development, operations, manufacturing, and procurement
- Design initiatives and controls for each part of the supply chain using existing frameworks and references
- Evaluate third-party risk in your supply chain
Cassie Crossley
Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware”. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Ms. Crossley has designed frameworks and operating models for end-to-end security in software development lifecycles, third party risk management, cybersecurity governance, and cybersecurity initiatives.
She is a member of the CISA SBOM working groups and presents frequently on the topic of SBOMs and Supply Chain Security. Ms. Crossley has an M.B.A. from California State University, Fresno, and her Bachelor of Science degree in Technical and Professional Communication with a specialization in Computer Science.
Chapter Summaries
This book is organized as follows:
● Chapters 1 and 2 provide an introduction to the concepts of software supply chain security and explanations of the various frameworks and references in supply chain risk management.
● Chapter 3 summarizes the various infrastructure security controls that need special attention for software supply chain security.
● Chapters 4 explores the key practices within a secure development lifecycle and the various frameworks available.
● Chapter 5 and 6 describe the various types of source code and how to maintain their integrity during development, build, deployment, and operations for software, products, infrastructure, and cloud applications.
● Chapter 7 presents the security risks regarding intellectual property of source code and any data used in the supply chain.
● Chapter 8 discusses the transparency of the products and services through a software bill of materials and vulnerability disclosures.
● Chapter 9 prepares organizations to perform assessments for and manage cyber agreements with third-party suppliers.
● Chapter 10 specifies risks and controls for products that navigate through upstream processes such as manufacturing, logistics, or customer projects before reaching the consumer.
● Chapter 11 focuses on the risks introduced by people in the supply chain, and how to address those risks with awareness and training.