Software Supply Chain Security: Securing the End-To-End Supply Chain for Software, Firmware, and Hardware (Paperback)

Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.

This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.

With this book, you'll learn how to:

• Pinpoint the cybersecurity risks in each part of your organization's software supply chain
• Find the cybersecurity frameworks and resources that can improve security
• Identify the roles that participate in the supply chain--including IT, development, operations, manufacturing, and procurement
• Design initiatives and controls for each part of the supply chain using existing frameworks and references
• Evaluate third-party risk in your supply chain

數以兆計的程式碼幫助我們在生活、公司和組織中。但只要有一個軟體的資安漏洞，就能讓整個公司停止業務，造成數十億美元的收入損失和業務恢復。保護軟體的創建和部署，也被稱為軟體供應鏈安全，遠不止於軟體開發過程。

這本實用的書籍全面介紹了安全風險，並確定了您需要在端到端軟體供應鏈中納入的實用控制措施。作者Cassie Crossley示範了為什麼每個參與供應鏈的人都需要參與，以提高組織軟體、韌體和硬體的安全狀態。

通過這本書，您將學習如何：
- 在組織的軟體供應鏈的每個部分中找出資安風險
- 找到能提高安全性的資安框架和資源
- 確定參與供應鏈的角色，包括IT、開發、運營、製造和採購
- 使用現有的框架和參考為供應鏈的每個部分設計計劃和控制措施
- 評估供應鏈中的第三方風險