The final domain of the CSSLP® addresses topics the exam candidate needs to know to work with vendors in acquiring software or outsourcing software development, and the risks associated with third parties having access to data and business plans.
Your organization may outsource software development, and it almost certainly purchases software from vendors. How can you contribute to ensuring that vendor-supplied products meet regulatory and business needs and provide oversight for software development and implementation when provided by a third party? This course, CSSLP®: Supply Chain and Software Acquisition, you will first learn about the need to ensure security controls. Next you will learn about the ensuring the development process by a software vendor. Finally, you will touch on the process of updating and maintaining third-party software. By the end of this course, you'll have completed all 8 courses on the CSSLP® exam.
Kevin Henry is a passionate mentor and educator in the fields of information security and audit. Mixing experience with knowledge, Kevin delivers effective training programs for companies and individuals worldwide. A frequent speaker at prestigious conferences, Kevin is known for a clear understandable manner of imparting practical information and explaining difficult topics.
Course Overview Hi everyone. My name is Kevin Henry, a security consultant and computer analyst programmer and a holder of the CSSLP, Certified Secure Software Lifecycle Professional certification. I look forward to sharing my knowledge and experience with you during this course. Welcome. This is a course on supply chain and software acquisition. It's the eighth and final domain of the CSSLP certification. This course will help you see the role of a CSSLP with an organization is looking at purchasing software from an outside vendor. As a CSSLP, you'll play a key role in ensuring that security features are available and enabled in acquired software. The content in this domain represents 8% of the CSSLP examination. There are many benefits to acquiring software from a vendor, but the acquisition process must also ensure compliance with security regulations, policy, and audit. So this course will address the following major topics: the need to ensure security controls are available in acquired software, ensuring the secure development process by a software vendor, the process of updating and maintaining third-party software. This is the last of the eight courses that address the content of the CSSLP examination, and I hope you'll join me on this journey to learn about the important role you will fill in the areas of software acquisition in this exciting and rewarding field of software security through this course at Pluralsight.