From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Security in the acquisition process

Security in the acquisition process

From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition

Start my 1-month free trial

Security in the acquisition process

- [Instructor] During the software acquisition process, you rely on documentation provided by your supplier that helps you better understand their security posture. There are a few key documents and procedures you'll want to request from your supplier. Your organization is likely to have multiple security policies around application development, especially after you take all the knowledge you've learned while studying for your CSSLP and start writing it down. The same holds true for any third-parties who are developing software or software components you intend to acquire. You may not have the same visibility into your supplier's organizations as you do your own, but you'll still want to validate that they're following their own internal policies. What I'm talking about here is different from web application vulnerability scan reports. You're interested in whether or not they follow secure software development practices,…

Contents