From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Security in the acquisition process
From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Security in the acquisition process
- [Instructor] During the software acquisition process, you rely on documentation provided by your supplier that helps you better understand their security posture. There are a few key documents and procedures you'll want to request from your supplier. Your organization is likely to have multiple security policies around application development, especially after you take all the knowledge you've learned while studying for your CSSLP and start writing it down. The same holds true for any third-parties who are developing software or software components you intend to acquire. You may not have the same visibility into your supplier's organizations as you do your own, but you'll still want to validate that they're following their own internal policies. What I'm talking about here is different from web application vulnerability scan reports. You're interested in whether or not they follow secure software development practices,…