Certified Secure Software Lifecycle Professional (CSSLP) 2019: Supply Chain & Software Acquisition

CSSLP 2019    |    Intermediate
  • 20 videos | 53m 54s
  • Includes Assessment
  • Earns a Badge
Likes 10 Likes 10
This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.


  • discover the key concepts covered in this course
    analyze security for third party software
    recognize how to verify secure transfers
    describe how to securely interconnect and share systems
    describe code repository security
    recognize how to secure the build environment
    recognize cryptographically hashed or digitally signed components
    recognize how to audit security policy compliance
    recognize how to perform vulnerability/incident response and reporting
    distinguish between different security trade-offs in supplier sourcing
  • identify best practices for contractual integrity controls
    identify best practices for vendor technical integrity controls
    identify best secure control practices for managed services from a supplier
    distinguish between the two rules SLAs should provide
    recognize maintenance and support structures such as community vs. commercial
    recognize how to assess software engineering and SDLC approaches
    recognize how to assess information systems security policy compliance
    assess a security track record
    recognize product deployment and sustainment controls such as upgrades, secure configuration, custom code extensions, operational readiness, and GPL requirements
    summarize the key concepts covered in this course



Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.