Software Transparency: Supply Chain Security in an Era of a Software-Driven Society
- 6h 1m
- Chris Hughes, Tony Turner
- John Wiley & Sons (US)
- 2023
Discover the new cybersecurity landscape of the interconnected software supply chain
In Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, a team of veteran information security professionals delivers an expert treatment of software supply chain security. In the book, you’ll explore real-world examples and guidance on how to defend your own organization against internal and external attacks. It includes coverage of topics including the history of the software transparency movement, software bills of materials, and high assurance attestations.
The authors examine the background of attack vectors that are becoming increasingly vulnerable, like mobile and social networks, retail and banking systems, and infrastructure and defense systems. You’ll also discover:
- Use cases and practical guidance for both software consumers and suppliers
- Discussions of firmware and embedded software, as well as cloud and connected APIs
- Strategies for understanding federal and defense software supply chain initiatives related to security
An essential resource for cybersecurity and application security professionals, Software Transparency will also be of extraordinary benefit to industrial control system, cloud, and mobile security professionals.
About the Author
CHRIS HUGHES is the co-founder and Chief Information Security Officer of Aquia. He is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and the University of Maryland Global Campus, and a co-host of the Resilient Cyber Podcast.
TONY TURNER has 25 years’ experience as a cybersecurity engineer, architect, consultant, executive, and community builder. He is the Founder of Opswright, a software company creating solutions for security engineering in critical infrastructure and leads the OWASP Orlando chapter.
In this Book
-
Foreword
-
Background on Software Supply Chain Threats
-
Existing Approaches—Traditional Vendor Risk Management
-
Vulnerability Databases and Scoring Methodologies
-
Rise of Software Bill of Materials
-
Challenges in Software Transparency
-
Cloud and Containerization
-
Existing and Emerging Commercial Guidance
-
Existing and Emerging Government Guidance
-
Software Transparency in Operational Technology
-
Practical Guidance for Suppliers
-
Practical Guidance for Consumers
-
Software Transparency Predictions