Cargando…
Software transparency : supply chain security in an era of a software-driven society /
Discover the new cybersecurity landscape of the interconnected software supply chain In Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, a team of veteran information security professionals delivers an expert treatment of software supply chain security. In the boo...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Otros Autores: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Hoboken :
John Wiley & Sons, Inc.,
2023.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
MARC
| LEADER | 00000cam a22000007i 4500 | ||
|---|---|---|---|
| 001 | OR_on1379289529 | ||
| 003 | OCoLC | ||
| 005 | 20231017213018.0 | ||
| 006 | m o d | | ||
| 007 | cr ||||||||||| | ||
| 008 | 230506s2023 nju fo 000 0 eng d | ||
| 040 | |a UKAHL |b eng |e rda |e pn |c UKAHL |d UKMGB |d ORMDA |d EBLCP |d YDX |d OCLCF |d OCLCQ |d OCLCO | ||
| 015 | |a GBC390267 |2 bnb | ||
| 016 | 7 | |a 021049071 |2 Uk | |
| 019 | |a 1378187693 |a 1378391810 | ||
| 020 | |a 9781394158492 |q (ePub ebook) | ||
| 020 | |a 1394158491 | ||
| 020 | |z 9781394158485 |q paperback | ||
| 020 | |a 9781394158508 |q electronic book | ||
| 020 | |a 1394158505 |q electronic book | ||
| 020 | |z 1394158483 | ||
| 029 | 1 | |a UKMGB |b 021049071 | |
| 029 | 1 | |a AU@ |b 000074864828 | |
| 035 | |a (OCoLC)1379289529 |z (OCoLC)1378187693 |z (OCoLC)1378391810 | ||
| 037 | |a 9781394158492 |b Wiley, US | ||
| 037 | |a 9781394158485 |b O'Reilly Media | ||
| 050 | 4 | |a QA76.9.A25 | |
| 082 | 0 | 4 | |a 005.8 |2 23/eng/20230620 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Hughes, Chris, |e author. | |
| 245 | 1 | 0 | |a Software transparency : |b supply chain security in an era of a software-driven society / |c Chris Hughes and Tony Turner ; foreword by Allan Friedman ; technical editor, Steve Springett. |
| 264 | 1 | |a Hoboken : |b John Wiley & Sons, Inc., |c 2023. | |
| 300 | |a 1 online resource | ||
| 336 | |a text |2 rdacontent | ||
| 337 | |a computer |2 rdamedia | ||
| 338 | |a online resource |2 rdacarrier | ||
| 520 | |a Discover the new cybersecurity landscape of the interconnected software supply chain In Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, a team of veteran information security professionals delivers an expert treatment of software supply chain security. In the book, you'll explore real-world examples and guidance on how to defend your own organization against internal and external attacks. It includes coverage of topics including the history of the software transparency movement, software bills of materials, and high assurance attestations. The authors examine the background of attack vectors that are becoming increasingly vulnerable, like mobile and social networks, retail and banking systems, and infrastructure and defense systems. You'll also discover: Use cases and practical guidance for both software consumers and suppliers Discussions of firmware and embedded software, as well as cloud and connected APIs Strategies for understanding federal and defense software supply chain initiatives related to security An essential resource for cybersecurity and application security professionals, Software Transparency will also be of extraordinary benefit to industrial control system, cloud, and mobile security professionals. | ||
| 505 | 0 | |a Cover -- Title Page -- Copyright Page -- Contents at a Glance -- Contents -- Foreword -- Introduction -- What Does This Book Cover? -- Who Will Benefit Most from This Book? -- Special Features -- Chapter 1 Background on Software Supply Chain Threats -- Incentives for the Attacker -- Threat Models -- Threat Modeling Methodologies -- Stride -- Stride-LM -- Open Worldwide Application Security Project (OWASP) Risk-Rating Methodology -- DREAD -- Using Attack Trees -- Threat Modeling Process -- Landmark Case 1: SolarWinds -- Landmark Case 2: Log4j -- Landmark Case 3: Kaseya | |
| 505 | 8 | |a What Can We Learn from These Cases? -- Summary -- Chapter 2 Existing Approaches-Traditional Vendor Risk Management -- Assessments -- SDL Assessments -- Application Security Maturity Models -- Governance -- Design -- Implementation -- Verification -- Operations -- Application Security Assurance -- Static Application Security Testing -- Dynamic Application Security Testing -- Interactive Application Security Testing -- Mobile Application Security Testing -- Software Composition Analysis -- Hashing and Code Signing -- Summary -- Chapter 3 Vulnerability Databases and Scoring Methodologies | |
| 505 | 8 | |a Common Vulnerabilities and Exposures -- National Vulnerability Database -- Software Identity Formats -- CPE -- Software Identification Tagging -- PURL -- Sonatype OSS Index -- Open Source Vulnerability Database -- Global Security Database -- Common Vulnerability Scoring System -- Base Metrics -- Temporal Metrics -- Environmental Metrics -- CVSS Rating Scale -- Critiques -- Exploit Prediction Scoring System -- EPSS Model -- EPSS Critiques -- CISA's Take -- Common Security Advisory Framework -- Vulnerability Exploitability eXchange | |
| 505 | 8 | |a Stakeholder-Specific Vulnerability Categorization and Known Exploited Vulnerabilities -- Moving Forward -- Summary -- Chapter 4 Rise of Software Bill of Materials -- SBOM in Regulations: Failures and Successes -- NTIA: Evangelizing the Need for SBOM -- Industry Efforts: National Labs -- SBOM Formats -- Software Identification (SWID) Tags -- CycloneDX -- Software Package Data Exchange (SPDX) -- Vulnerability Exploitability eXchange (VEX) and Vulnerability Disclosures -- VEX Enters the Conversation -- VEX: Adding Context and Clarity -- VEX vs. VDR -- Moving Forward | |
| 505 | 8 | |a Using SBOM with Other Attestations -- Source Authenticity -- Build Attestations -- Dependency Management and Verification -- Sigstore -- Adoption -- Sigstore Components -- Commit Signing -- SBOM Critiques and Concerns -- Visibility for the Attacker -- Intellectual Property -- Tooling and Operationalization -- Summary -- Chapter 5 Challenges in Software Transparency -- Firmware and Embedded Software -- Linux Firmware -- Real-Time Operating System Firmware -- Embedded Systems -- Device-Specific SBOM -- Open Source Software and Proprietary Code -- User Software -- Legacy Software -- Secure Transport | |
| 590 | |a O'Reilly |b O'Reilly Online Learning: Academic/Public Library Edition | ||
| 650 | 0 | |a Computer security. | |
| 650 | 0 | |a Computer software. | |
| 650 | 6 | |a Sécurité informatique. | |
| 650 | 6 | |a Logiciels. | |
| 650 | 7 | |a software. |2 aat | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Computer software |2 fast | |
| 700 | 1 | |a Turner, Tony, |e author. | |
| 700 | 1 | |a Springett, Steve, |e editor. | |
| 700 | 1 | |a Friedman, Allan, |e writer of foreword. | |
| 776 | 0 | 8 | |i Print version: |z 9781394158485 |
| 856 | 4 | 0 | |u https://learning.oreilly.com/library/view/~/9781394158485/?ar |z Texto completo (Requiere registro previo con correo institucional) |
| 938 | |a Askews and Holts Library Services |b ASKH |n BDZ0053204212 | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL7243475 | ||
| 938 | |a YBP Library Services |b YANK |n 305297497 | ||
| 994 | |a 92 |b IZTAP | ||