3278 - 将安全性融入软件开发生命周期.pdf

《3278 - 将安全性融入软件开发生命周期.pdf》由会员分享，可在线阅读，更多相关《3278 - 将安全性融入软件开发生命周期.pdf（27页珍藏版）》请在三个皮匠报告上搜索。

1、Infusing Security into Your Software Development LifecycleMeg FoleySenior Principal Marketing Security/TSSCVeda ShankarSenior Product ManagerTSSC1Strengthening Software Supply Chain Security and Application LifecycleWhy does Security matter?Cyber threats are becoming more sophisticated and frequent

2、Security is no longer just the responsibility of a single team Proactive security builds trust and resilienceSecurityInnovationThe Challenge:Balancing Security&Productivity3Operations Teams need stability,compliance,and scalability in every environment.Development Teamswant tools that allow them to

3、innovate and build quickly without bottlenecks.Platform Engineers implement requirements from Dev,Sec and Ops via pre-approved,secure,and reusable golden paths.Platform Engineers play a key role in offering a standardized platform Providing Developers security guardrails to efficiently create resili

4、ent software at scaleAutomating security policies for compliance and regulatory Enable Developers to move fast without compromise safety5Security designed in-not bolted on Streamline workflows Reduce cognitive load Automate Sign&Verify Standardize templates with security security guardrails Embed co

5、mpliance and policy enforcement Enforce best practices for code quality,vulnerability scanning and artifact integrityRed Hat Advanced Developer SuiteAdd Security by Design Traditional Security ApproachesManual Code Reviews Human inspection of dependencies and source codeFirewalls&Perimeter Security

6、Blocking threats at network entry pointsChecksum Verification Verifying binary integrity(but rarely automated)Private Artifact Repositories Hosting internal packages to reduce exposureModern Security Options(Today)SBOMs(Software Bill of Materials)Visibility into components&dependenciesAutomated sign