Practical Core Software Security: A Reference Framework
暫譯: 實用核心軟體安全：參考框架

Name: Practical Core Software Security: A Reference Framework
Price: 3240 TWD
Availability: OnlineOnly
Author: Ransome, James F., Misra, Anmol, Merkow, Mark S.
ISBN: 1032276037

Ransome, James F., Misra, Anmol, Merkow, Mark S.

出版商: Auerbach Publication
出版日期: 2022-08-02
售價: $3,410
貴賓價: 9.5 折 $3,240
語言: 英文
頁數: 262
裝訂: Quality Paper - also called trade paper
ISBN: 1032276037
ISBN-13: 9781032276038
相關分類: 資訊安全

海外代購書籍(需單獨結帳)

商品描述

As long as humans write software, the key to successful software security is making the software development program process more efficient and effective. Although the approach of this textbook includes people, process, and technology approaches to software security, Practical Core Software Security: A Reference Framework stresses the people element of software security, which is still the most important part to manage as software is developed, controlled, and exploited by humans.

The text outlines a step-by-step process for software security that is relevant to today's technical, operational, business, and development environments. It focuses on what humans can do to control and manage a secure software development process using best practices and metrics. Although security issues will always exist, students learn how to maximize an organization's ability to minimize vulnerabilities in software products before they are released or deployed by building security into the development process.

The authors have worked with Fortune 500 companies and have often seen examples of the breakdown of security development lifecycle (SDL) practices. The text takes an experience-based approach to apply components of the best available SDL models in dealing with the problems described above. Software security best practices, an SDL model, and framework are presented in this book. Starting with an overview of the SDL, the text outlines a model for mapping SDL best practices to the software development life cycle (SDLC). It explains how to use this model to build and manage a mature SDL program. Exercises and an in-depth case study aid students in mastering the SDL model.

Professionals skilled in secure software development and related tasks are in tremendous demand today. The industry continues to experience exponential demand that should continue to grow for the foreseeable future. This book can benefit professionals as much as students. As they integrate the book's ideas into their software security practices, their value increases to their organizations, management teams, community, and industry.

商品描述(中文翻譯)

只要人類編寫軟體，成功的軟體安全關鍵在於使軟體開發程序過程更有效率和更有效。雖然本教科書的方法包括人員、過程和技術三個方面的軟體安全，實用核心軟體安全：參考 框架強調了軟體安全中的人員元素，這仍然是管理軟體開發、控制和利用過程中最重要的部分。

本書概述了一個與當今技術、操作、商業和開發環境相關的軟體安全逐步過程。它專注於人類如何利用最佳實踐和指標來控制和管理安全的軟體開發過程。雖然安全問題將永遠存在，學生將學會如何最大化組織在軟體產品發布或部署之前，通過將安全性融入開發過程來最小化漏洞的能力。

作者曾與《財富》500 強公司合作，並經常看到安全開發生命週期（SDL）實踐崩潰的例子。本書採取基於經驗的方法，應用最佳可用 SDL 模型的組件來解決上述問題。本書介紹了軟體安全最佳實踐、SDL 模型和框架。從 SDL 概述開始，文本概述了一個將 SDL 最佳實踐映射到軟體開發生命週期（SDLC）的模型。它解釋了如何使用此模型來建立和管理成熟的 SDL 程序。練習和深入的案例研究幫助學生掌握 SDL 模型。

今天，擅長安全軟體開發及相關任務的專業人士需求極大。該行業持續經歷指數級的需求，這一趨勢在可預見的未來將持續增長。本書對專業人士和學生都有益處。當他們將書中的理念融入自己的軟體安全實踐時，他們對組織、管理團隊、社區和行業的價值也隨之增加。

作者簡介

James Ransome, PhD, CISSP, CISM is the Chief Scientist for CYBERPHOS, an early-stage cybersecurity startup. He is also a member of the board of directors for the Bay Area Chief Security Officer Council. Most recently, James was the Senior Director of Security Development Lifecycle Engineering for Intel's Product Assurance and Security (IPAS). In that capacity, he led a team of SDL engineers, architects, and product security experts to drive and implement security practices across the company. Prior to that, James was the Senior Director of Product Security and PSIRT at Intel Security (formerly McAfee).

Anmol Misra is an accomplished leader, researcher, author, and security expert, with over 16 years of experience in technology and cybersecurity. His engineering, security, and consulting background makes him uniquely suited to drive the adoption of disruptive technologies. He is a team builder focused on mentoring and nurturing high-potential leaders, fostering excellence, and building industry partnerships. He is known for his pragmatic approach to security.

Mark S. Merkow, CISSP, CISM, CSSLP has over 25 years of experience in corporate information security and 17 years in the AppSec space helping to establish and lead application security initiatives to success and sustainment. Mark is a faculty member at the University of Denver, where he works developing and instructing online courses in topics across the Information Security spectrum, with a focus on secure software development. He also works as an advisor to the University of Denver's Information and Computing Technology Curriculum Team for new course development and changes to the curriculum and for Strayer University as an advisor to the undergraduate and graduate programs in information security.

作者簡介(中文翻譯)

詹姆斯·蘭索姆 (James Ransome), PhD, CISSP, CISM 是 CYBERPHOS 的首席科學家，這是一家早期階段的網路安全初創公司。他同時也是灣區首席安全官協會的董事會成員。最近，詹姆斯擔任英特爾產品保證與安全 (IPAS) 的安全開發生命週期工程高級總監。在此職位上，他領導了一支由 SDL 工程師、架構師和產品安全專家組成的團隊，推動並實施公司內的安全實踐。在此之前，詹姆斯是英特爾安全 (前身為 McAfee) 的產品安全和 PSIRT 高級總監。

安莫爾·米斯拉 (Anmol Misra) 是一位成功的領導者、研究者、作者和安全專家，擁有超過 16 年的技術和網路安全經驗。他的工程、安全和諮詢背景使他獨特地適合推動顛覆性技術的採用。他是一位專注於指導和培養高潛力領導者的團隊建設者，致力於促進卓越和建立行業夥伴關係。他以務實的安全方法而聞名。

馬克·S·梅爾科 (Mark S. Merkow), CISSP, CISM, CSSLP 在企業資訊安全領域擁有超過 25 年的經驗，在應用安全 (AppSec) 領域則有 17 年的經驗，幫助建立並領導應用安全倡議以實現成功和持續性。馬克是丹佛大學的教職員，負責開發和教授涵蓋資訊安全範疇的線上課程，專注於安全軟體開發。他還擔任丹佛大學資訊與計算技術課程團隊的顧問，負責新課程的開發和課程變更，以及擔任斯特雷爾大學資訊安全本科和研究生課程的顧問。