From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Verifying pedigree and provenance
From the course: CSSLP Cert Prep: 8 Supply Chain and Software Acquisition
Verifying pedigree and provenance
- [Narrator] The trust you place in third-party software relies heavily on your ability to trust that the code you received did indeed come from your trusted third-party. As a CSSLP, you'll use both tools and techniques to verify the pedigree and provenance of that third-party software. Pedigree refers to the lineage of that software. You should have data at your disposal that helps you answer questions like where did this software come from and how has it changed over time? Provenance refers to your ability to trust or validate that lineage. Sure, you may think, you know where the software came from but how certain are you that it wasn't modified or tampered with along the way. The data that answers your provenance questions should be able to account for ownership and authorized alteration of the software from the point of origin all the way through the distribution of that software to your…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.