Software lifecycle activities regularly extend beyond the internal environment. Outsourced software development, acquisition, and procurement activities require specific attention to ensure security is integrated into the end software product or service. In this course, you'll learn about supplier risk assessment considerations, including intellectual property, code reuse, and legal compliance complexities. This course also introduces some considerations to make with supplier sourcing like contractual integrity controls, vendor technical integrity controls, and service-level agreements or SLAs. Finally, this course also introduces software delivery and maintenance best practices like publishing and dissemination controls, product deployment and sustainment controls, and supplier transitioning requirements. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional or CSSLP exam.
Learning Objectives
Supplier Risk Assessment
- start the course
- recognize characteristics of risk assessment for code reuse
- identify best practices for creating a practical reuse plan
- identify best practices for preventing intellectual property theft
- recognize characteristics of legal compliance
- identify best practices for supplier prequalification activities
Supplier Sourcing
- distinguish between different security trade-offs in supplier sourcing
- identify best practices for contractual integrity controls
- identify best practices for vendor technical integrity controls
- identify best secure control practices for managed services from a supplier
- distinguish between the two rules service-level agreements or SLAs should provide
Software Development and Testing
- identify technical controls for software development and testing
- identify code testing and verification options for software development and testing
- list the eight steps to create a formal set of security testing controls
- identify software requirements verification and validation
Software Delivery, Operations, and Maintenance
- identify chain of custody best practices
- distinguish between licenses, encryption, and authentication as publishing and dissemination controls
- identify characteristics of system-of-systems integration
- identify software authenticity and integrity best practices during software delivery, operations, and maintenance
- recognize best practices when integrating product deployment and sustainment controls
- identify monitoring and incident management best practices
- identify best practices for vulnerability management, tracking, and resolution activities
Supplier Transitioning
- identify the purpose of Code Escrow during supplier transitioning
- identify contracts best practices during supplier transitioning
Practice: Supply Chain and Software Acquisition
- identify best practices for assessing supplier risk, implementing supplier sourcing controls, and delivering software