CISSP Domain 8 — Software Development Security

8.2 Apply Security Controls in Development Ecosystems

Securing the development ecosystem involves protecting the tools, libraries, and pipelines used to build software. From the IDE to the CI/CD pipeline, every component must be hardened to prevent supply chain attacks and ensure code integrity.

• » Programming languages
• » Libraries
• » Tool sets
• » Integrated Development Environment (IDE)
• » Runtime
• » Continuous Integration and Continuous Delivery (CI/CD)
• » Software configuration management (CM)
• » Code repositories
• » Application security testing (SAST, DAST, SCA, IAST)