Core Software Security: Security at the Source
暫譯: 核心軟體安全:源頭的安全性
Ransome, James, Misra, Anmol
- 出版商: Auerbach Publication
- 出版日期: 2021-06-30
- 售價: $2,350
- 貴賓價: 9.5 折 $2,233
- 語言: 英文
- 頁數: 414
- 裝訂: Quality Paper - also called trade paper
- ISBN: 103202741X
- ISBN-13: 9781032027418
-
相關分類:
資訊安全
海外代購書籍(需單獨結帳)
商品描述
"... an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. ... Readers are armed with firm solutions for the fight against cyber threats."
--Dr. Dena Haritos Tsamitis. Carnegie Mellon University
--Dr. Larry Ponemon, Ponemon Institute "... the definitive how-to guide for software security professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield deftly outline the procedures and policies needed to integrate real security into the software development process. ...A must-have for anyone on the front lines of the Cyber War ..."
--Cedric Leighton, Colonel, USAF (Ret.), Cedric Leighton Associates "Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a magic formula in this book - the methodology and process to build security into the entire software development life cycle so that the software is secured at the source! "
--Eric S. Yuan, Zoom Video Communications There is much publicity regarding network security, but the real cyber Achilles' heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software. Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source.
Book Highlights:
- Supplies a practitioner's view of the SDL
- Considers Agile as a security enabler
- Covers the privacy elements in an SDL
- Outlines a holistic business-savvy SDL framework that includes people, process, and technology
- Highlights the key success factors, deliverables, and metrics for each phase of the SDL
- Examines cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT
- Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book's SDL framework
View the authors' website at http: //www.androidinsecurity.com/
商品描述(中文翻譯)
'... 一本引人入勝的書籍,將使大型和小型軟體開發及工程組織的讀者能夠在其產品中建立安全性。... 讀者將獲得堅實的解決方案,以對抗網路威脅。'
--德娜·哈里托斯·查米提斯博士,卡內基梅隆大學
--拉里·波內蒙博士,波內蒙研究所'... 這是針對軟體安全專業人士的權威實用指南。Ransome博士、Anmol Misra和Brook Schoenfield巧妙地概述了將真正的安全性整合到軟體開發過程中所需的程序和政策。... 對於任何在網路戰爭前線的人來說,這是必備的。'
--塞德里克·萊頓,退役美國空軍上校,塞德里克·萊頓協會'Ransome博士、Anmol Misra和Brook Schoenfield在這本書中給你一個魔法公式 - 將安全性建構於整個軟體開發生命週期的方法論和過程,確保軟體在源頭上是安全的!'
--艾瑞克·S·袁,Zoom Video Communications關於網路安全的宣傳很多,但真正的網路阿基里斯之踵是安全性不足的軟體。數以百萬計的軟體漏洞創造了一個網路的紙牌屋,我們在其中進行數位生活。作為回應,安全專業人士建立了越來越複雜的網路堡壘來保護這些脆弱的軟體。儘管他們的努力,網路防禦始終無法保護我們的數位財寶。為什麼?安全產業未能與創造性和創新的人員充分接觸,這些人編寫軟體。核心軟體安全闡述了以開發者為中心的軟體安全,這是一個整體過程,旨在將創造力與安全性結合。只要軟體是由人類開發的,就需要人類的元素來修復它。以開發者為中心的安全不僅可行,而且具有成本效益和操作相關性。這種方法論將安全性建構於軟體開發中,這是我們網路基礎設施的核心。無論採用何種開發方法,軟體必須在源頭上得到保障。
書籍亮點:
- 提供實務者對SDL的觀點
- 將敏捷視為安全的促進者
- 涵蓋SDL中的隱私元素
- 概述一個包含人員、過程和技術的整體商業導向SDL框架
- 突顯SDL每個階段的關鍵成功因素、可交付成果和指標
- 檢視以開發者為中心的軟體安全計畫和PSIRT的成本效益、最佳化性能和組織結構
- 包括著名安全架構師Brook Schoenfield的一章,他分享了在應用本書的SDL框架中的見解和經驗
查看作者的網站:http://www.androidinsecurity.com/
作者簡介
Dr. James Ransome is the Senior Director of Product Security and responsible for all aspects of McAfee's Product Security Program, a corporate-wide initiative that supports McAfee's business units in delivering best-in-class, secure software products to customers. In this role, James sets program strategy, manages security engagements with McAfee business units, maintains key relationships with McAfee product engineers, and works with other leaders to help define and build product security capabilities. His career has been marked by leadership positions in private and public industries, including three chief information security officer (CISO) and four chief security officer (CSO) roles. Prior to entering the corporate world, James had 23 years of government service in various roles supporting the U.S. intelligence community, federal law enforcement, and the Department of Defense.
James holds a Ph.D. in Information Systems. He developed/tested a security model, architecture, and provided leading practices for converged wired/wireless network security for his doctoral dissertation as part of a NSA/DHS Center of Academic Excellence in Information Assurance Education program. He is the author of several books on information security, and Core Software Security: Security at the Source is his 10th. James is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, and he is a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow. Anmol Misra is an author and a security professional with a wide range of experience in the field of information security. His expertise includes mobile and application security, vulnerability management, application and infrastructure security assessments, and security code reviews. He is a Program Manager in Cisco's Information Security group. In this role, he is responsible for developing and implementing security strategy and programs to drive security best practices into all aspects of Cisco's hosted products. Prior to joining Cisco, Anmol was a Senior Consultant with Ernst & Young LLP. In this role, he advised Fortune 500 clients on defining and improving information security programs and practices. He helped corporations to reduce IT security risk and achieve regulatory compliance by improving their security posture. Anmol is co-author of Android Security: Attacks and Defenses, and is a contributing author of Defending the Cloud: Waging War in Cyberspace. He holds a master's degree in Information Networking from Carnegie Mellon University and a Bachelor of Engineering degree in Computer Engineering. He is based out of San Francisco, California.作者簡介(中文翻譯)
詹姆斯·蘭索姆博士是產品安全的高級總監,負責 McAfee 產品安全計畫的各個方面,這是一項全公司範圍的倡議,旨在支持 McAfee 的業務單位向客戶提供一流的安全軟體產品。在這個角色中,詹姆斯制定計畫策略,管理與 McAfee 業務單位的安全合作,維持與 McAfee 產品工程師的關鍵關係,並與其他領導者合作,幫助定義和建立產品安全能力。他的職業生涯中曾擔任私營和公共行業的領導職位,包括三個首席資訊安全官 (CISO) 和四個首席安全官 (CSO) 的角色。在進入企業界之前,詹姆斯在支持美國情報界、聯邦執法機構和國防部的各種角色中擁有 23 年的政府服務經驗。
詹姆斯擁有資訊系統的博士學位。他在其博士論文中開發/測試了一個安全模型、架構,並提供了針對融合有線/無線網路安全的最佳實踐,這是作為國家安全局 (NSA) /國土安全部 (DHS) 資訊保障教育卓越中心計畫的一部分。他是幾本資訊安全書籍的作者,《核心軟體安全:源頭的安全》是他的第十本書。詹姆斯是計算與資訊學科的國際榮譽學會 Upsilon Pi Epsilon 的成員,並且是認證資訊安全經理 (CISM)、認證資訊系統安全專業人員 (CISSP) 和 Ponemon Institute 的傑出研究員。
安莫爾·米斯拉是一位作者和安全專業人士,在資訊安全領域擁有廣泛的經驗。他的專長包括行動和應用安全、漏洞管理、應用和基礎設施安全評估以及安全代碼審查。他是思科資訊安全小組的計畫經理。在這個角色中,他負責制定和實施安全策略和計畫,以將安全最佳實踐推動到思科所有托管產品的各個方面。在加入思科之前,安莫爾曾是安永會計師事務所的高級顧問。在這個角色中,他為《財富》500 強客戶提供建議,幫助他們定義和改善資訊安全計畫和實踐。他幫助企業降低 IT 安全風險並通過改善其安全狀態來實現合規性。
安莫爾是 Android Security: Attacks and Defenses 的共同作者,並且是 Defending the Cloud: Waging War in Cyberspace 的貢獻作者。他擁有卡內基梅隆大學的資訊網路碩士學位和計算機工程的學士學位。他目前居住在加利福尼亞州的舊金山。
