Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.



Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process.

This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.

With this book, you'll learn how to
• Pinpoint the cybersecurity risks in each part of your organization's software supply chain
• Identify the roles that participate in the supply chain—including IT, development, operations, manufacturing, and procurement
• Design initiatives and controls for each part of the supply chain using existing frameworks and references
• Implement secure development lifecycle, source code security, software build management, and software transparency practices
• Evaluate third-party risk in your supply chain