Software Security

In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals.

As a public good, open-source software is supported by diverse and wide-ranging communities—which are composed of individual maintainers, non-profit software foundations, and corporate stewards. CISA must integrate into and support these communities, with a particular focus on the critical OSS components that the federal government and critical infrastructure systems rely upon.

Maintaining secrets, credentials, and machine identities in secure ways is an important, though often overlooked, aspect of secure software development. DevOps security often addresses vulnerabilities, but it neglects broader discussions like authentication, authorization, and access control, potentially leaving the door open for breaches. That's where an identity security strategy integrated in your code, infrastructure, and environments from day one can help.

This fact sheet will assist with better management of risk from OSS use in OT products and increase resilience using available resources. While several resources and recommendations within this fact sheet are best suited for execution by the vendor or the critical infrastructure owner, collaboration across parties will result in less friction for operator workflows and promote a safer, more reliable system and provision of National Critical Functions.

Learn application security from the very start with this comprehensive and approachable guide. Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures.

Amazon Web Services in Action introduces you to computing, storing, and networking in the AWS cloud. The audiobook will teach you about the most important services on AWS. You will also learn about best practices regarding security, high availability, and scalability.

Modern society relies heavily on software-based automation, implicitly trusting developers to write software that operates in the expected way and cannot be compromised for malicious purposes. While developers often perform rigorous testing to prepare the logic in software for surprising conditions, exploitable software vulnerabilities are still frequently based on memory issues. Examples include overflowing a memory buffer and leveraging issues with how software allocates and de-allocates memory.

The dramatic increase in cyber compromises over the past five years, specifically of software supply chains, prompted intense scrutiny of measures to strengthen the resilience of supply chains for software used throughout government and critical infrastructure. Several policies and working groups at multiple levels within the U.S. Government focus on this need to ensure the authenticity, integrity, and trustworthiness of software products.

Unmitigated vulnerabilities in the software supply chain continue to pose a significant risk to organizations and our nation. This paper builds on the previously released Recommended Practices Guide for a software supply chain’s development, production and distribution, and management processes, to further increase the resiliency of these processes against compromise.

Have you watched the news lately? They can't stop talking about hacking. It is portrayed in movies, shouted about in media headlines, and typically gets a lot of attention. In fact, in the run up to the 2016 US Presidential election, there were allegations made nearly every day that the Russians were influencing the election by hacking into American databases and systems. And who can forget Julian Assange and his infamous WikiLeaks that successfully hacked into hundreds of thousands of emails, and whose actions may have kept Hillary Clinton out of the White House.