From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Assess those risks
From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Assess those risks
- [Instructor] Once you've identified those risks, you'll want to prioritize them so you can take the appropriate action. The next step in securing your software supply chain is to assess those risks. During this step, your goal is to determine some sort of risk score or criticality for each supply chain risk you've identified. While the formula risk equals likelihood times impact remains popular, it's not the only option. The FAIR cyber risk framework is one well-known alternative that favors a quantitative approach. Ultimately, the formula you use should enable your organization to prioritize these risks. From a technical perspective, vulnerabilities that you find in the components received from third parties may represent a risk to your organization. Finding those vulnerabilities can be a little tricky though, especially in the software as a service world. SaaS vendors don't often give customers permission to scan their…