From the course: CSSLP Cert Prep: 4 Secure Software Implementation
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Third-party code and libraries
From the course: CSSLP Cert Prep: 4 Secure Software Implementation
Third-party code and libraries
- [Instructor] Developers can save time and improve app functionality by using third party libraries, but that convenience comes with its own set of risks. When you can securely reuse components though, the benefits can far outweigh those risks. One technique you should become familiar with is software composition analysis, or SCA. This technique involves identifying all of the open source and third party components that your developers have built into their software so you can identify and manage the risks associated with those components. The U.S. National Institute of Standards and Technology recognizes that the software that organizations rely on is rarely, if ever, written by a single programmer from beginning to end. Instead, that software is more likely to be the product of a global supply chain ecosystem. That's why NIST developed the Cyber Supply Chain Risk Management framework. This framework provides guidance to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.