Untitled
暫譯: 無標題

Unknown, Unknown

Untitled
  • 出版商: Manning
  • 出版日期: 2025-01-28
  • 售價: $2,200
  • 貴賓價: 9.5$2,090
  • 語言: 英文
  • 頁數: 200
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1633438767
  • ISBN-13: 9781633438767

    • 海外代購書籍(需單獨結帳)

商品描述

Secure your entire software supply chain, including the code you write, the libraries you use, and the platforms you run on.

Modern software relies on a collection of original code, libraries, open source tools, plugins, packages, and platforms. Securing the Software Supply Chain teaches you to secure those dependencies to the same rigorous standards as the rest of your systems.

Inside this insightful guide, you'll learn how to:

  • Understand your whole software supply chain
  • Model threats to your software development lifecycle
  • Implement controls to preempt and protect against attack
  • Use cutting-edge security tools and scalable processes
  • Organize and plan improvements
  • Supply chain tools like Sigstore, in-toto, and Kyverno

It's easy to be blissfully unaware of the dangerous vulnerabilities lurking in your software systems. This book reveals techniques securing all components of the software delivery lifecycle.

Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications.

About the book

Securing the Software Supply Chain teaches you everything you need to know to identify and protect the code, data, and infrastructure of your applications. You'll get a comprehensive breakdown of the kind of threats your software supply chain faces, and how they can be dramatically different from traditional dangers. Learn how to implement a chain of custody throughout your software development lifecycle, with techniques ranging from securing developer workstations to implementing dependency proxies.

Real-world examples from a financial services company illustrate each concept, including key signing ceremonies, establishing trust roots, and generating a Software Bill of Materials (SBOM)--vital documentation for supply chain risk management.

About the reader

For software senior engineers and architects with experience in DevSecOps.

About the author

Michael Lieberman is CTO and co-founder of Kusari, a cybersecurity startup focused on software supply chain security. Michael has previously worked in the financial industry, architecting cloud migrations with a focus on security. In addition, he is an OpenSSF TAC member; a member of the SLSA steering committee, an emerging supply chain security standard; as well as a CNCF Security TAG lead.

Brandon Lum is a co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the Open Source ecosystem. Previously at IBM Research, Brandon worked on various security areas, such as container content protection via encryption and image signing, identity, Zero Trust architectures, and kernel attack surface reduction.

商品描述(中文翻譯)

確保您的整個軟體供應鏈,包括您撰寫的程式碼、使用的函式庫以及運行的平台。

現代軟體依賴於一系列原始程式碼、函式庫、開源工具、插件、套件和平台。保護軟體供應鏈教您如何以與系統其他部分相同的嚴格標準來保護這些依賴項。

在這本深具洞察力的指南中,您將學習如何:

  • 了解您的整個軟體供應鏈
  • 建模對您的軟體開發生命週期的威脅
  • 實施控制措施以預防和保護免受攻擊
  • 使用尖端的安全工具和可擴展的流程
  • 組織和規劃改進
  • 供應鏈工具,如 Sigstore、in-toto 和 Kyverno

對於潛伏在您的軟體系統中的危險漏洞,輕易地保持無知是很容易的。本書揭示了保護軟體交付生命週期所有組件的技術。

購買印刷版書籍可獲得 Manning Publications 提供的免費 PDF 和 ePub 格式電子書。

關於本書

保護軟體供應鏈教您識別和保護應用程式的程式碼、數據和基礎設施所需的所有知識。您將全面了解您的軟體供應鏈面臨的威脅類型,以及這些威脅如何與傳統危險截然不同。學習如何在您的軟體開發生命週期中實施保管鏈,技術範圍從保護開發者工作站到實施依賴代理。

來自金融服務公司的實際案例說明了每個概念,包括關鍵簽署儀式、建立信任根和生成軟體材料清單 (SBOM)——供應鏈風險管理的重要文件。

關於讀者

針對具有 DevSecOps 經驗的軟體資深工程師和架構師。

關於作者

Michael Lieberman 是 Kusari 的首席技術官及共同創辦人,這是一家專注於軟體供應鏈安全的網路安全初創公司。Michael 之前在金融行業工作,專注於安全的雲端遷移架構。此外,他還是 OpenSSF TAC 成員;SLSA 指導委員會成員,這是一個新興的供應鏈安全標準;以及 CNCF 安全 TAG 的負責人。

Brandon Lum 是 CNCF 安全 TAG 的共同主席,作為 Google 開源安全團隊的一部分,他致力於改善開源生態系統的安全性。Brandon 之前在 IBM 研究所工作,專注於各種安全領域,如通過加密和映像簽名保護容器內容、身份、零信任架構和內核攻擊面減少。

作者簡介

Michael Lieberman is CTO and co-founder of Kusari, a cybersecurity startup focused on software supply chain security. Michael has previously worked in the financial industry, architecting cloud migrations with a focus on security. In addition, he is an OpenSSF TAC member; a member of the SLSA steering committee, an emerging supply chain security standard; as well as a CNCF Security TAG lead.

Brandon Lum is a co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the Open Source ecosystem. Previously at IBM Research, Brandon worked on various security areas, such as container content protection via encryption and image signing, identity, Zero Trust architectures, and kernel attack surface reduction.

作者簡介(中文翻譯)

Michael Lieberman 是 Kusari 的首席技術官及共同創辦人,這是一家專注於軟體供應鏈安全的網路安全新創公司。Michael 之前在金融業工作,專注於安全性的雲端遷移架構。此外,他還是 OpenSSF TAC 的成員;SLSA 指導委員會的成員,這是一個新興的供應鏈安全標準;以及 CNCF Security TAG 的負責人。

Brandon Lum 是 CNCF Security TAG 的共同主席,作為 Google 開源安全團隊的一部分,他致力於改善開源生態系統的安全性。Brandon 之前在 IBM 研究所工作,專注於各種安全領域,例如透過加密和映像簽名進行容器內容保護、身份識別、零信任架構以及內核攻擊面減少。

類似商品