Software Supply Chain Security Securing the End-to-End Supply Chain for Software, Firmware, and Hardware 1st Edition By Cassie Crossley

Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware by Cassie Crossley is a practical guide published by O'Reilly Media that provides a comprehensive look at security risks and identifies controls for the entire software supply chain. 

Content & ReviewsThe book addresses cybersecurity risks across the entire supply chain, emphasizing the need for participation from various roles including IT, development, operations, manufacturing, and procurement. 

• Practical Guidance: Reviewers praise the book as a "practical guide" and "actionable supply chain advice" that is useful for both beginners and experienced professionals in the field.
• Key Topics: It covers the implementation of secure development lifecycles (SDL), source code security, software build management, and software transparency practices, including the importance of a Software Bill of Materials (SBOM).
• Real-World Experience: The content is noted as being based on the author's real-world practical implementation experience, rather than just theory.
• Target Audience: According to the author and reviewers, the book is relevant for a wide range of professionals, including business and technology leaders, CISO/CPSO roles, legal, procurement, and anyone involved in the production and operation of software.