From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Respond to those risks
From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Respond to those risks
- [Instructor] With the prioritized list of risks in hand, now you're ready to take action. The third step in securing your software supply chain is responding to those risks. In our previous discussions around risk management, we covered four traditional responses to an identified risk. You can remediate it. You can mitigate it. You can transfer it. Or you can accept it. However, that SAFECode white paper I mentioned in the previous video provides you with a bit more granularity in how you choose to treat your software supply chain risks with a clear bend toward technical risks. Since we're talking about software here, the first option you'll want to consider is whether or not you can patch or update the vulnerable code. This option assumes that there's a patch or update available and that you just haven't applied it yet. SAFECode draws a clear line between patching and updating. Patching fixes existing code while…