Managing Security Risks Inherent in the Use of Thirdparty Components b u c . 5 h t i g © 2017 SAFECode – All Rights Reserved. m o Managing Security Risks Inherent in the Use of Third-party Components Table of Contents 1 Introduction ......................................................................................................................................... 4 1.1 2 Challenges in Using Third-party Components................................................................................. 5 2.1 Example Use Case ......................................................................................................................... 5 2.2 What TPCs Are Included in a Product? .......................................................................................... 6 2.2.1 Naming of Components........................................................................................................... 7 2.2.2 Dependencies.......................................................................................................................... 7 2.3 3 Methodology and Scope ................................................................................................................. 4 2.3.1 Naming of Components........................................................................................................... 9 2.3.2 Dependencies.......................................................................................................................... 9 2.3.3 CVE Reports............................................................................................................................ 9 What TPCs Should We Use and What Are the Security Risks Associated with Them?................ 9 2.5 What Should We Do To Maintain the TPCs Within Our Product? ............................................... 10 b u Managing Third-party Components ................................................................................................ 11 3.2 h t i g Overview of the Third-party Component Management Life Cycle ............................................... 11 3.1.1 TPC Life Cycle and Software Development Life Cycle ......................................................... 12 Key Ingredients of a TPC Management Process ......................................................................... 14 3.2.1 Maintain List of TPCs (MAINTAIN)........................................................................................ 15 3.2.2 Assess Security Risk (ASSESS) ........................................................................................... 19 3.2.3 Mitigate or Accept Risk (MITIGATE) ..................................................................................... 22 3.2.4 Monitor for TPC Changes (MONITOR) ................................................................................. 23 3.3 5 c . 5 2.4 3.1 4 m o Is the Product Affected by the Vulnerable Third-party Component? .............................................. 8 Closing the Example Use Case .................................................................................................... 25 3.3.1 Selecting TPCs ...................................................................................................................... 25 3.3.2 Monitoring TPCs .................................................................................................................... 25 3.3.3 Responding to New Vulnerabilities........................................................................................ 25 3.3.4 Maintaining the TPCs in the Product ..................................................................................... 26 Future Considerations ...................................................................................................................... 27 4.1 Crowdsourcing of Naming and Name Mapping............................................................................ 27 4.2 Crowdsourcing of an End-of-life Repository ................................................................................. 27 4.3 Crowdsourcing of a Vulnerability Source Listing .......................................................................... 27 Summary ............................................................................................................................................ 28 5.1 Acknowledgements.....................................................

pdf文档 SAFECode 管理第三方组件安全风险 英文版 2017

安全文档 > 软件开发安全 > 文档预览
英文文档 32 页 50 下载 1000 浏览 0 评论 0 收藏 3.0分
温馨提示:本文档共32页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
SAFECode 管理第三方组件安全风险 英文版 2017 第 1 页 SAFECode 管理第三方组件安全风险 英文版 2017 第 2 页 SAFECode 管理第三方组件安全风险 英文版 2017 第 3 页
下载文档到电脑,方便使用
本文档由 路人甲2022-06-20 06:02:10上传分享
给文档打分
您好可以输入 255 个字符
网站域名是多少( 答案:github5.com )
评论列表
  • 暂时还没有评论,期待您的金玉良言
热门文档
站内资源均来自网友分享或网络收集整理,若无意中侵犯到您的权利,敬请联系我们微信(点击查看客服),我们将及时删除相关资源。