From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Respond to those risks

Respond to those risks

From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition

Start my 1-month free trial

Respond to those risks

- [Instructor] With the prioritized list of risks in hand, now you're ready to take action. The third step in securing your software supply chain is responding to those risks. In our previous discussions around risk management, we covered four traditional responses to an identified risk. You can remediate it. You can mitigate it. You can transfer it. Or you can accept it. However, that SAFECode white paper I mentioned in the previous video provides you with a bit more granularity in how you choose to treat your software supply chain risks with a clear bend toward technical risks. Since we're talking about software here, the first option you'll want to consider is whether or not you can patch or update the vulnerable code. This option assumes that there's a patch or update available and that you just haven't applied it yet. SAFECode draws a clear line between patching and updating. Patching fixes existing code while…

Contents