welcome
Thank you for purchasing the MEAP of Securing the Software Supply Chain. I hope that you will find the content to be of immediate use and that, with your help, the final book will be great!
This book is written for technical professionals who are familiar with the basics of security and development, and want to learn more about the latest threats and best practices.
Supply chain attacks have been on the rise with over 600% year-over-year growth in recent years. However, Supply chain security is a complex and ever-evolving field, but it is essential for protecting organizations from a wide range of attacks.
Implementing supply chain security can be difficult due to its complex and intertwined network of actors and systems. Without the right approach, it can be an insurmountable problem. By the end of this book, you should understand:
- What is Supply Chain Security
- How to threat model Supply Chain Security in your organization
- How to architect your organization to be resilient to supply chain threats
- How to implement Supply Chain Security controls
The book is divided into three parts. Part 1 will provide an overview of what Software Supply Chain Security is and why it's important, and how it’s different from traditional IT security. Part 2 will discuss threat modeling supply chain security risk within the Software Development Lifecycle (SDLC) and Part 3 will provide guidance on architecting and implementing a supply chain security program.