From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,500 courses taught by industry experts.

Security in the acquisition process

Security in the acquisition process

- [Instructor] During the software acquisition process, you'll rely on documentation provided by your supplier that helps you better understand their security posture. There are a few key documents and procedures that you'll want to request from your supplier. Your organization is likely to have multiple security policies around application development, especially after you take all the knowledge you've learned while studying for your CSSLP and start writing it down. The same holds true for any third parties who are developing software or software components that you intend to acquire. You may not have the same visibility into your supplier's organizations as you do your own, but you'll still want to validate that they're following their own internal policies. What I'm talking about here is different from a web application vulnerability scan report. Your interested in whether or not they follow secure software development practices and whether those practices are based on documented…

Contents