1
Q
What is the Software Supply Chain?
A
Entire ecosystem of resources used to create a software
2
Q
Where do Most Software Supply Chain Risks Derive From?
A
Dependencies or unpatched software
3
Q
What is a Supply Chain Attack?
A
- Attacking less secure elements from the supply network instead of the target itself
- AKA “Third-party Attack”
4
Q
What are the Possible Attack Vectors in Supply Chain Attacks?
A
- Third party software providers
- Data storage solutions
- Development or testing platforms
- Website services
- Repositories
5
Q
Give Defensive Tips Against Software Supply Chain Attacks
A
- Identify supply chain
- Secure Development Environment
- Secure Development Processes
- Monitoring and Frequent Infrastructure Audits
6
Q
How to Defend Against SCAs?
A
- Have security guidelines for suppliers
- Vulnerability management system
- Good software inventory
- Enforce change control
- Restricted access rights/controls
- Well defined SDLC and secure coding practices
- Protect code and repositories
7
Q
What is an SBOM?
A
A Software Bill of Materials lists components within the manufactured product
- Provides SSC visibility
Engineering Secure Software
flashcards
Decks in class (11)
# Cards
