CSSLP 2024: Secure Software Supply Chain

Skillsoft issued completion badges are earned based on viewing the percentage required or receiving a passing score when assessment is required. Software supply chain security is more important than ever, particularly due to the rise in popularity of Python. Domain 8 of the CSSLP, the Secure Software Supply Chain, equips you to deal with security controls, externally sourced components, vendors, and software acquisition. First, you’ll learn how to assess established frameworks such as Cybersecurity Supply Chain Risk Management (C-SCRM), OWASP Software Component Verification Standard (SCVS), and the Cloud Controls Matrix (CCM). Then, you’ll move on to the concepts of pedigree, which documents ownership and transfer through the software supply chain. Next, you’ll focus on software acquisition, conducting due diligence on vendors, and ensuring compliance with industry regulations. Then, you’ll contrast the sale and licensing of software, comparing different types of licenses such as proprietary and open-source. Finally, you’ll examine important contractual elements, including liability clauses, Master Agreements, and End User License Agreements (EULAs), enabling you to manage legal and contractual risks effectively. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.