5 Secure Software Factory
This chapter covers
- Understanding the Implementation Phase of the SDLC and its critical importance in Supply Chain Security
- Identifying the multiple threats against the major systems in the Implementation Phase
- Understanding the need for the creation of a Secure Software Factory to protect against these major threats.
- Building the Secure Software Factory
In the previous chapters, we learned how to threat model and develop some designs for the systems in our System Development Lifecycle to mitigate common attacks against them. We looked at some common systems that are utilized throughout the SDLC like project management, development environments, workspaces, workstations, and third-party package and code ingestion. We also looked at how we apply Zero Trust Architectures and other techniques to these system designs to help us protect against common supply chain attacks. Now we’ll take that a step further and look at how we can apply techniques like Zero Trust to the Implementation Phase of the SDLC.