Summary
In this chapter, we’ve discussed the threat landscape, threat actors, and why your security is important to you, your customers, and governments around the world. We’ve shown how one company’s security incident became a threat to national security and how the government responded by punishing both the country responsible for the hack and the hacked company for its allegedly inadequate and deceptive response.
Jeff Bezos is famously credited with the following quote: “Good intentions don’t work, mechanisms do.”12 Alternatively “mechanisms > intentions” (mechanisms are greater than intentions) is used within Amazon’s culture.
12 https://www.cnbc.com/2022/10/06/how-this-popular-jeff-bezos-quote-drives-amazons-climate-goals.html
This is intended to mean that even the best intentions will not guarantee the best results. Corners get cut and steps get skipped by the best of us, not maliciously, but out of forgetfulness, distraction, or logic that seemed sound at the time. By creating mechanisms as a forcing function to keep those corners un-cut and those steps un-skipped, those intentions get realized more fully and more often.
As this book progresses and the different points at which the software supply chain is attacked are examined, you will explore strategies for implementing training, tools, and mechanisms across the SDLC to fortify your organization’s defenses and develop secure applications.
