Building in Security at Agile Speed
暫譯: 以敏捷速度構建安全性

Ransome, James, Schoenfield, Brook S. E.

Building in Security at Agile Speed
  • 出版商: Auerbach Publication
  • 出版日期: 2021-04-21
  • 售價: $2,970
  • 貴賓價: 9.5$2,822
  • 語言: 英文
  • 頁數: 326
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 0367433265
  • ISBN-13: 9780367433260
  • 相關分類: Agile Software資訊安全

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Today's high-speed and rapidly changing development environments demand equally high-speed security practices. Still, achieving security remains a human endeavor, a core part of designing, generating and verifying software. Dr. James Ransome and Brook S.E. Schoenfield have built upon their previous works to explain that security starts with people; ultimately, humans generate software security. People collectively act through a particular and distinct set of methodologies, processes, and technologies that the authors have brought together into a newly designed, holistic, generic software development lifecycle facilitating software security at Agile, DevOps speed.

--Eric. S. Yuan, Founder and CEO, Zoom Video Communications, Inc.

It is essential that we embrace a mantra that ensures security is baked in throughout any development process. Ransome and Schoenfield leverage their abundance of experience and knowledge to clearly define why and how we need to build this new model around an understanding that the human element is the ultimate key to success.

--Jennifer Sunshine Steffens, CEO of IOActive

Both practical and strategic, Building in Security at Agile Speed is an invaluable resource for change leaders committed to building secure software solutions in a world characterized by increasing threats and uncertainty. Ransome and Schoenfield brilliantly demonstrate why creating robust software is a result of not only technical, but deeply human elements of agile ways of working.

--Jorgen Hesselberg, author of Unlocking Agility and Cofounder of Comparative Agility

The proliferation of open source components and distributed software services makes the principles detailed in Building in Security at Agile Speed more relevant than ever. Incorporating the principles and detailed guidance in this book into your SDLC is a must for all software developers and IT organizations. --George K Tsantes, CEO of Cyberphos, former partner at Accenture and Principal at EY

Detailing the people, processes, and technical aspects of software security, Building in Security at Agile Speed emphasizes that the people element remains critical because software is developed, managed, and exploited by humans. This book presents a step-by-step process for software security that is relevant to today's technical, operational, business, and development environments with a focus on what humans can do to control and manage the process in the form of best practices and metrics.

商品描述(中文翻譯)

今天的高速和快速變化的開發環境要求同樣高速的安全實踐。然而,實現安全仍然是一項人類的努力,是設計、生成和驗證軟體的核心部分。詹姆斯·蘭索姆博士和布魯克·S.E.·肖恩菲爾德基於他們之前的工作,解釋了安全始於人類;最終,人類生成軟體安全。人們通過一套特定且獨特的方法論、流程和技術共同行動,作者將這些整合成一個新設計的整體通用軟體開發生命週期,以促進在敏捷和DevOps速度下的軟體安全。

--艾瑞克·S·袁,Zoom Video Communications, Inc. 創始人兼首席執行官

我們必須接受一個口號,確保安全在任何開發過程中都能內建。蘭索姆和肖恩菲爾德利用他們豐富的經驗和知識,清楚地定義了為什麼以及如何圍繞人類因素建立這個新模型,因為人類因素是成功的終極關鍵。

--珍妮佛·陽光·斯特芬斯,IOActive 首席執行官

《在敏捷速度下內建安全》同時具備實用性和策略性,是致力於在日益增加的威脅和不確定性中構建安全軟體解決方案的變革領導者的寶貴資源。蘭索姆和肖恩菲爾德精彩地展示了為什麼創建穩健的軟體不僅是技術的結果,也是敏捷工作方式中深刻的人類因素的結果。

--約根·赫塞爾伯格,《解鎖敏捷性》作者及Comparative Agility 共同創辦人

開源組件和分散式軟體服務的激增使得《在敏捷速度下內建安全》中詳細說明的原則比以往任何時候都更具相關性。將本書中的原則和詳細指導納入您的軟體開發生命週期(SDLC)對所有軟體開發人員和IT組織來說都是必須的。

--喬治·K·詹特斯,Cyberphos 首席執行官,前安永合夥人及首席顧問

《在敏捷速度下內建安全》詳細說明了軟體安全的人員、流程和技術方面,強調人員因素仍然至關重要,因為軟體是由人類開發、管理和利用的。本書提供了一個逐步的軟體安全過程,與當今的技術、運營、商業和開發環境相關,重點在於人類可以如何以最佳實踐和指標來控制和管理這一過程。

作者簡介

Dr. James Ransome is the Chief Scientist for CyberPhos, an early-stage cybersecurity startup, and continues to do ad hoc consulting. He also serves on the Board of Directors for the Bay Area CSO Council. Most recently, Dr. Ransome was the Senior Director, Security Development Lifecycle (SDL) Engineering, in the Intel Product Security and Assurance, Governance and Operations (IPAS GO) Group, where he led and developed a team of SDL engineers, architects, and product security experts that implemented and drove security practices across all of Intel. Prior to that, he was the Senior Director of Product Security and PSIRT at Intel Security and McAfee, LLC. Over a six-year period, he built, managed, and enhanced a developer-centric, self-sustaining, and scalable software security program, with an extended team of 120 software security architects embedded in each product team. All of this was a result of implementing and enhancing the model described in his most recent book, Core Software Security: Security at the Source, which has become a standard reference for many corporate security leaders who are responsible for developing their own SDLs.

Brook S. E. Schoenfield is the author of Secrets of a Cyber Security Architect, Securing Systems: Applied Security Architecture and Threat Models, and Chapter 9: Applying the SDL Framework to the Real World in Core Software Security: Security at the Source. He has been published by CRC Press, Auerbach, SANS Institute, Cisco, SAFECode, and the IEEE. Occasionally, he even posts to his security architecture blog, brookschoenfield.com.

作者簡介(中文翻譯)

詹姆斯·蘭索姆博士是CyberPhos的首席科學家,這是一家早期階段的網路安全初創公司,他持續進行臨時顧問工作。他同時擔任灣區CSO理事會的董事會成員。最近,蘭索姆博士擔任英特爾產品安全與保證、治理與運營(IPAS GO)小組的安全開發生命週期(SDL)工程的高級總監,負責領導和發展一支SDL工程師、架構師和產品安全專家的團隊,推動並實施英特爾全公司的安全實踐。在此之前,他是英特爾安全和McAfee, LLC的產品安全和PSIRT的高級總監。在六年的時間裡,他建立、管理並增強了一個以開發者為中心、自我維持且可擴展的軟體安全計畫,擁有120名嵌入各產品團隊的軟體安全架構師的擴展團隊。這一切都是他最近出版的書籍核心軟體安全:源頭的安全中所描述的模型實施和增強的結果,該書已成為許多負責開發自己SDL的企業安全領導者的標準參考。

布魯克·S·E·肖恩菲爾德網路安全架構師的秘密系統安全:應用安全架構與威脅模型的作者,以及核心軟體安全:源頭的安全中第九章:將SDL框架應用於現實世界的作者。他的作品曾由CRC Press、Auerbach、SANS Institute、Cisco、SAFECode和IEEE出版。他偶爾還會在他的安全架構部落格brookschoenfield.com上發表文章。

類似商品