Auto-sync: 2026-04-19 16:02
This commit is contained in:
@@ -0,0 +1,48 @@
|
||||
---
|
||||
title: "CTP Topic 21 Supply Chain Security in Micro Focus"
|
||||
type: source
|
||||
tags:
|
||||
- Security
|
||||
- Supply-Chain
|
||||
- CTP
|
||||
- Cloud-Learning
|
||||
date: 2026-04-14
|
||||
---
|
||||
|
||||
## Source File
|
||||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/ctp-topic-21-supply-chain-security-in-micro-focus.md]]
|
||||
|
||||
## Summary
|
||||
- 核心主题:Micro Focus 软件供应链安全的新方法
|
||||
- 问题域:云转型背景下的供应链安全挑战
|
||||
- 方法/机制:从 99% 研发安全转向全生命周期安全防护,将供应链安全作为 SDL 第五大支柱
|
||||
- 结论/价值:必须同时确保 CI(构建环境、自动化服务器)和 CD(交付系统)的完整性
|
||||
|
||||
## Key Claims
|
||||
- Micro Focus 内部存在 17 种不同的源码管理工具(SCM),为统一安全基准带来挑战
|
||||
-SolarWinds 攻击事件是供应链安全的重要警示,黑客通过渗透构建过程注入恶意代码
|
||||
- 供应链安全应作为软件开发生命周期(SDL)的第五大支柱
|
||||
|
||||
## Key Quotes
|
||||
> "供应链不仅包含纯粹的代码开发,还涵盖了从源码管理(SCM)、构建组件(CI)、制品库到最终交付系统(CD)的所有环节"
|
||||
|
||||
## Key Concepts
|
||||
- [[Supply Chain Security]]:软件供应链安全,保护从开发到交付的全流程
|
||||
- [[SDL (Security Development Lifecycle)]]:软件安全开发生命周期
|
||||
- [[CI/CD Security]]:持续集成与持续交付的安全
|
||||
- [[SolarWinds Hack]]:著名的供应链攻击事件
|
||||
|
||||
## Key Entities
|
||||
- [[Micro Focus]]:企业软件公司,正在进行云转型
|
||||
- [[Shlomi Ben-Hur]]:Micro Focus 产品安全小组,主讲人
|
||||
|
||||
## Connections
|
||||
- [[CTP Overview]] ← context_of ← [[Supply Chain Security]]
|
||||
- [[Security Development Lifecycle]] ← includes ← [[Supply Chain Security]]
|
||||
|
||||
## Contradictions
|
||||
- 无
|
||||
|
||||
## Notes
|
||||
- 视频来源:NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 21_ Supply Chain Security in Micro Focus.mp4`
|
||||
- 状态:已完成 Gemini 摘要
|
||||
Reference in New Issue
Block a user