DSO 205 – Securing the COTS Supply Chain

Course Overview

The usage of Commercial-off-the-shelf software (COTS) by organizations while advantageous comes with its own set of challenges and complexities. Unfortunately, it is rare for acquisition approaches to account for complex software supply chains; this course provides learners with an understanding of how to apply DevSecOps best practices to reduce software supply chain risks.

After completing this course you will be to:

• Employ acquisition strategies, contract tools, and procurement methods for the purchase of the software, COTS from suppliers
• Conduct a supplier review prior to entering into a contractual agreement to acquire the COTS
• Conduct an assessment of the COTS prior to selection, acceptance, or update
• Employ security safeguards to validate that the COTS received is genuine and has not been altered
• Establish and retains the unique identification of supply chain elements, processes, and actors for the COTS
• Establish a process to address weaknesses or deficiencies in supply chain elements identified during independent or organizational assessments of such elements