Building in Security at Agile Speed
暫譯: 以敏捷速度構建安全性

Ransome, James, Schoenfield, Brook S. E.

Building in Security at Agile Speed
  • 出版商: Auerbach Publication
  • 出版日期: 2023-09-25
  • 售價: $2,350
  • 貴賓價: 9.5$2,233
  • 語言: 英文
  • 頁數: 326
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1032010053
  • ISBN-13: 9781032010052
  • 相關分類: Agile Software資訊安全

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Today's high-speed and rapidly changing development environments demand equally high-speed security practices. Still, achieving security remains a human endeavor, a core part of designing, generating and verifying software. Dr. James Ransome and Brook S.E. Schoenfield have built upon their previous works to explain that security starts with people; ultimately, humans generate software security. People collectively act through a particular and distinct set of methodologies, processes, and technologies that the authors have brought together into a newly designed, holistic, generic software development lifecycle facilitating software security at Agile, DevOps speed.

-Eric. S. Yuan, Founder and CEO, Zoom Video Communications, Inc.

It is essential that we embrace a mantra that ensures security is baked in throughout any development process. Ransome and Schoenfield leverage their abundance of experience and knowledge to clearly define why and how we need to build this new model around an understanding that the human element is the ultimate key to success.

-Jennifer Sunshine Steffens, CEO of IOActive

Both practical and strategic, Building in Security at Agile Speed is an invaluable resource for change leaders committed to building secure software solutions in a world characterized by increasing threats and uncertainty. Ransome and Schoenfield brilliantly demonstrate why creating robust software is a result of not only technical, but deeply human elements of agile ways of working.

-Jorgen Hesselberg, author of Unlocking Agility and Cofounder of Comparative Agility

The proliferation of open source components and distributed software services makes the principles detailed in Building in Security at Agile Speed more relevant than ever. Incorporating the principles and detailed guidance in this book into your SDLC is a must for all software developers and IT organizations. -George K Tsantes, CEO of Cyberphos, former partner at Accenture and Principal at EY

Detailing the people, processes, and technical aspects of software security, Building in Security at Agile Speed emphasizes that the people element remains critical because software is developed, managed, and exploited by humans. This book presents a step-by-step process for software security that uses today's technology, operational, business, and development methods with a focus on best practice, proven activities, processes, tools, and metrics for any size or type of organization and development practice.

商品描述(中文翻譯)

當今高速且快速變化的開發環境要求同樣高速的安全實踐。然而,實現安全仍然是一項人類的努力,是設計、生成和驗證軟體的核心部分。詹姆斯·蘭索姆博士(Dr. James Ransome)和布魯克·S·E·肖恩菲爾德(Brook S.E. Schoenfield)在他們之前的工作基礎上,解釋了安全始於人;最終,人類生成了軟體安全。人們通過一套特定且獨特的方法論、流程和技術共同行動,作者將這些整合成一個新設計的整體通用軟體開發生命週期,以促進在敏捷和DevOps速度下的軟體安全

-埃里克·S·袁(Eric. S. Yuan),Zoom Video Communications, Inc. 創辦人兼執行長

我們必須接受一個口號,確保安全在任何開發過程中都能內建。蘭索姆和肖恩菲爾德利用他們豐富的經驗和知識,清楚地定義了為什麼以及如何圍繞人類元素建立這個新模型,因為人類元素是成功的終極關鍵。

-珍妮佛·陽光·斯特芬斯(Jennifer Sunshine Steffens),IOActive 執行長

《在敏捷速度下內建安全》同時具備實用性和策略性,是對於致力於在日益增加的威脅和不確定性中構建安全軟體解決方案的變革領導者來說,無價的資源。蘭索姆和肖恩菲爾德精彩地展示了為什麼創建穩健的軟體不僅是技術的結果,更是敏捷工作方式中深具人性化的元素。

-約根·赫塞爾伯格(Jorgen Hesselberg),《解鎖敏捷性》(Unlocking Agility)一書的作者及Comparative Agility的共同創辦人

開源組件和分散式軟體服務的激增使得《在敏捷速度下內建安全》中詳細的原則比以往任何時候都更具相關性。將本書中的原則和詳細指導納入您的SDLC,對所有軟體開發者和IT組織來說都是必須的。-喬治·K·詹特斯(George K Tsantes),Cyberphos 執行長,前安永(Accenture)合夥人及安永(EY)首席顧問

詳細說明了軟體安全的人員、流程和技術方面,《在敏捷速度下內建安全》強調人員元素仍然至關重要,因為軟體是由人類開發、管理和利用的。本書提供了一個逐步的軟體安全過程,使用當今的技術、運營、商業和開發方法,專注於最佳實踐、經過驗證的活動、流程、工具和指標,適用於任何規模或類型的組織和開發實踐。

作者簡介

Dr. James Ransome is the Chief Scientist for CyberPhos, an early-stage cybersecurity startup, and continues to do ad hoc consulting. He also serves on the Board of Directors for the Bay Area CSO Council. Most recently, Dr. Ransome was the Senior Director, Security Development Lifecycle (SDL) Engineering, in the Intel Product Security and Assurance, Governance and Operations (IPAS GO) Group, where he led and developed a team of SDL engineers, architects, and product security experts that implemented and drove security practices across all of Intel. Prior to that, he was the Senior Director of Product Security and PSIRT at Intel Security and McAfee, LLC. Over a six-year period, he built, managed, and enhanced a developer-centric, self-sustaining, and scalable software security program, with an extended team of 120 software security architects embedded in each product team. All of this was a result of implementing and enhancing the model described in his most recent book, Core Software Security: Security at the Source, which has become a standard reference for many corporate security leaders who are responsible for developing their own SDLs.

Brook S. E. Schoenfield is the author of Secrets of a Cyber Security Architect, Securing Systems: Applied Security Architecture and Threat Models, and Chapter 9: Applying the SDL Framework to the Real World in Core Software Security: Security at the Source. He has been published by CRC Press, Auerbach, SANS Institute, Cisco, SAFECode, and the IEEE. Occasionally, he even posts to his security architecture blog, brookschoenfield.com.

作者簡介(中文翻譯)

詹姆斯·蘭索姆博士是CyberPhos的首席科學家,這是一家早期階段的網路安全初創公司,他仍然從事臨時顧問工作。他還擔任灣區CSO理事會的董事會成員。最近,蘭索姆博士擔任英特爾產品安全與保證、治理與運營(IPAS GO)小組的安全開發生命週期(SDL)工程的高級總監,負責領導和發展一支SDL工程師、架構師和產品安全專家的團隊,該團隊在英特爾內部實施並推動安全實踐。在此之前,他是英特爾安全和McAfee, LLC的產品安全和PSIRT的高級總監。在六年的時間裡,他建立、管理並增強了一個以開發者為中心、自我維持且可擴展的軟體安全計畫,擁有120名嵌入每個產品團隊的軟體安全架構師的擴展團隊。這一切都是他最近出版的書籍核心軟體安全:源頭的安全中所描述的模型實施和增強的結果,該書已成為許多負責開發自己SDL的企業安全領導者的標準參考。

布魯克·S·E·肖恩菲爾德是網路安全架構師的秘密系統安全:應用安全架構與威脅模型的作者,以及核心軟體安全:源頭的安全中第9章:將SDL框架應用於現實世界的作者。他的作品曾由CRC Press、Auerbach、SANS Institute、Cisco、SAFECode和IEEE出版。偶爾,他還會在他的安全架構博客brookschoenfield.com上發表文章。

類似商品