Fork me on GitHub

TestAndVerification -> Static depth for infrastructure: Check for malware

Risk and Opportunity

Risk: Third party might include malware. Ether due to the maintainer (e.g. typo squatting of an image name and using the wrong image) or by an attacker on behalf of the maintainer with stolen credentials.
Opportunity: Check for malware in components (e.g. container images, VM baseline images, libraries).

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

OWASP SAMM VERSION 2

ISO27001 2017