{"id":4887,"date":"2020-04-15T22:11:17","date_gmt":"2020-04-15T14:11:17","guid":{"rendered":"https:\/\/ixyzero.com\/blog\/?p=4887"},"modified":"2020-04-17T19:04:14","modified_gmt":"2020-04-17T11:04:14","slug":"read%e6%9e%84%e5%bb%ba%e5%ae%89%e5%85%a8%e5%8f%af%e9%9d%a0%e7%9a%84%e7%b3%bb%e7%bb%9fbuilding-secure-reliable-systems-outline","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/4887.html","title":{"rendered":"[read]\u6784\u5efa\u5b89\u5168\u53ef\u9760\u7684\u7cfb\u7edf(Building Secure & Reliable Systems)-outline"},"content":{"rendered":"\n

=Start=<\/p>\n\n\n\n

\u7f18\u7531\uff1a<\/h4>\n\n\n\n

\u524d\u51e0\u5929\u5728\u670b\u53cb\u5708\u4e2d\u770b\u5230\u6587\u7ae0\u300eGoogle\u65b0\u4e66\uff1a\u300a\u6784\u5efa\u5b89\u5168\u53ef\u9760\u7684\u7cfb\u7edf\u300b<\/a>\u300f\u4e86\u89e3\u5230Google\u53c8\u53d1\u798f\u5229\u4e86\u2014\u2014Google\u7684SRE\u5206\u4eab\u4e86\u8bbe\u8ba1\u3001\u5b9e\u73b0\u548c\u7ef4\u62a4\u4e00\u4e2a\u5b89\u5168\u7684\u7cfb\u7edf\u7684\u4e00\u4e9b\u6700\u4f73\u5b9e\u8df5\uff0c\u540c\u65f6\u63d0\u4f9b\u4e86\u514d\u8d39\u7684 PDF<\/a>\u3001EPUB<\/a> \u548c MOBI <\/a>\u7248\u672c\u53ef\u4f9b\u4e0b\u8f7d\u3002<\/p>\n\n\n\n

PDF\u7248\u672c\u6709557\u9875\uff0c\u5185\u5bb9\u5f88\u591a\uff0c\u9700\u8981\u6162\u6162\u9605\u8bfb\u3001\u5b66\u4e60\u548c\u4f53\u4f1a\u3002\u8fd9\u91cc\u5148\u6839\u636e\u76ee\u5f55\u7ed3\u6784\u5927\u81f4\u6574\u7406\u51fa\u5168\u4e66\u7684\u5185\u5bb9\u7ed3\u6784\u548c\u8f6e\u5ed3\uff0c\u65b9\u4fbf\u540e\u7eed\u4e0d\u65ad\u8865\u5145\u548c\u56de\u987e\u3002<\/p>\n\n\n\n

\u6b63\u6587\uff1a<\/h4>\n\n\n\n
\u53c2\u8003\u89e3\u7b54\uff1a<\/h5>\n\n\n\n

\u6784\u5efa\u5b89\u5168\u53ef\u9760\u7684\u7cfb\u7edf    — \u8bbe\u8ba1\u3001\u5b9e\u73b0\u548c\u7ef4\u62a4\u7cfb\u7edf\u7684\u6700\u4f73\u5b9e\u8df5<\/p>\n\n\n\n

\u5168\u4e66\u4e00\u5171 5 \u4e2a\u90e8\u5206\uff0c\u5171 21 \u7ae0\u3002<\/p>\n\n\n\n

\u7b2c\u4e00\u90e8\u5206 \u5165\u95e8\u6750\u6599 (2\u7ae0)<\/strong><\/p>\n\n\n\n

  1. The Intersection of Security and Reliability (\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\u7684\u4ea4\u53c9\u70b9)<\/strong><\/li>
  2. Understanding Adversaries (\u4e86\u89e3\u5bf9\u624b)<\/strong><\/li><\/ol>\n\n\n\n

    \u7b2c\u4e8c\u90e8\u5206 \u8bbe\u8ba1\u7cfb\u7edf (8\u7ae0)<\/strong><\/p>\n\n\n\n

    1. Case Study: Safe Proxies (\u6848\u4f8b\u7814\u7a76\uff1a\u5b89\u5168\u4ee3\u7406)<\/li>
    2. Design Tradeoffs (\u8bbe\u8ba1\u6743\u8861)<\/strong><\/li>
    3. Design for Least Privilege (\u6700\u5c0f\u6743\u9650\u8bbe\u8ba1)<\/strong><\/li>
    4. Design for Understandability (\u53ef\u7406\u89e3\u6027\u8bbe\u8ba1)<\/strong><\/li>
    5. Design for a Changing Landscape (\u4e0d\u65ad\u53d8\u5316\u7684\u5168\u666f\u8bbe\u8ba1)<\/strong><\/li>
    6. Design for Resilience (\u5f39\u6027\u8bbe\u8ba1)<\/strong><\/li>
    7. Design for Recovery (\u6062\u590d\u8bbe\u8ba1)<\/strong><\/li>
    8. Mitigating Denial-of-Service Attacks (\u7f13\u89e3DoS\u653b\u51fb)<\/li><\/ol>\n\n\n\n

      \u7b2c\u4e09\u90e8\u5206 \u5b9e\u65bd\u7cfb\u7edf (5\u7ae0)<\/strong><\/p>\n\n\n\n

      1. Case Study: Designing, Implementing, and Maintaining a Publicly Trusted CA (\u6848\u4f8b\u7814\u7a76\uff1a\u8bbe\u8ba1\u3001\u5b9e\u65bd\u548c\u7ef4\u62a4\u4e00\u4e2a\u516c\u5f00\u53ef\u4fe1\u7684CA)<\/li>
      2. Writing Code (\u7f16\u5199\u4ee3\u7801)<\/li>
      3. Testing Code (\u6d4b\u8bd5\u4ee3\u7801)<\/li>
      4. Deploying Code (\u90e8\u7f72\u4ee3\u7801)<\/li>
      5. Investigating Systems (\u8c03\u67e5\u7cfb\u7edf)<\/li><\/ol>\n\n\n\n

        \u7b2c\u56db\u90e8\u5206 \u7ef4\u62a4\u7cfb\u7edf (3\u7ae0)<\/strong><\/p>\n\n\n\n

        1. Disaster Planning (\u707e\u96be\u8ba1\u5212)<\/strong><\/li>
        2. Crisis Management (\u5371\u673a\u7ba1\u7406)<\/strong><\/li>
        3. Recovery and Aftermath (\u6062\u590d\u548c\u540e\u679c)<\/strong><\/li><\/ol>\n\n\n\n

          \u7b2c\u4e94\u90e8\u5206 \u7ec4\u7ec7\u548c\u6587\u5316 (3\u7ae0)<\/strong><\/p>\n\n\n\n

          1. Case Study: Chrome Security Team (\u6848\u4f8b\u7814\u7a76\uff1aChrome\u5b89\u5168\u56e2\u961f)<\/li>
          2. Understanding Roles and Responsibilities (\u7406\u89e3\u89d2\u8272\u548c\u8d23\u4efb)<\/strong><\/li>
          3. Building a Culture of Security and Reliability (\u5efa\u7acb\u5b89\u5168\u548c\u53ef\u9760\u6027\u6587\u5316)<\/strong><\/li><\/ol>\n\n\n\n
            \n\n\n\n
            Part I. Introductory Material (\u5165\u95e8\u6750\u6599)\n\n1. The Intersection of Security and Reliability (\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\u7684\u4ea4\u53c9\u70b9)\n    On Passwords and Power Drills (\u5173\u4e8e\u5bc6\u7801\u548c\u7535\u94bb)\n    Reliability Versus Security: Design Considerations (\u53ef\u9760\u6027\u4e0e\u5b89\u5168\u6027\uff1a\u8bbe\u8ba1\u6ce8\u610f\u4e8b\u9879)\n    Confidentiality, Integrity, Availability (\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027)\n        Confidentiality (\u673a\u5bc6\u6027)\n        Integrity (\u5b8c\u6574\u6027)\n        Availability (\u53ef\u7528\u6027)\n    Reliability and Security: Commonalities (\u53ef\u9760\u6027\u4e0e\u5b89\u5168\u6027\uff1a\u5171\u6027)\n        Invisibility (\u4e0d\u53ef\u89c1\u6027)\n        Assessment (\u8bc4\u4f30)\n        Simplicity (\u7b80\u5355)\n        Evolution (\u6f14\u5316)\n        Resilience (\u5f39\u6027)\n        From Design to Production (\u4ece\u8bbe\u8ba1\u5230\u751f\u4ea7)\n        Investigating Systems and Logging (\u8c03\u67e5\u7cfb\u7edf\u548c\u8bb0\u5f55)\n        Crisis Response (\u5371\u673a\u5e94\u5bf9)\n        Recovery (\u6062\u590d)\n    Conclusion (\u7ed3\u8bba)\n\n2. Understanding Adversaries (\u4e86\u89e3\u5bf9\u624b)\n    Attacker Motivations (\u653b\u51fb\u8005\u7684\u52a8\u673a)\n    Attacker Profiles (\u653b\u51fb\u8005\u7684\u753b\u50cf)\n        Hobbyists (\u4e1a\u4f59\u7231\u597d\u8005)\n        Vulnerability Researchers (\u6f0f\u6d1e\u7814\u7a76\u5458)\n        Governments and Law Enforcement (\u653f\u5e9c\u548c\u6267\u6cd5\u8005)\n        Activists (\u6d3b\u52a8\u5bb6)\n        Criminal Actors (\u72af\u7f6a\u6f14\u5458)\n        Automation and Artificial Intelligence (\u81ea\u52a8\u5316\u548c\u4eba\u5de5\u667a\u80fd)\n        Insiders (\u5185\u9b3c)\n    Attacker Methods (\u653b\u51fb\u624b\u6cd5)\n        Threat Intelligence (\u5a01\u80c1\u60c5\u62a5)\n        Cyber Kill Chains (\u7f51\u7edc\u6740\u4f24\u94fe)\n        Tactics, Techniques, and Procedures (TTP, \u6218\u672f\u6280\u672f\u548c\u8fc7\u7a0b)\n    Risk Assessment Considerations (\u98ce\u9669\u8bc4\u4f30\u6ce8\u4e8b\u4e8b\u9879)\n    Conclusion (\u7ed3\u8bba)\n\nPart II. Designing Systems (\u8bbe\u8ba1\u7cfb\u7edf)\n\n3. Case Study: Safe Proxies (\u6848\u4f8b\u7814\u7a76\uff1a\u5b89\u5168\u4ee3\u7406)\n    Safe Proxies in Production Environments (\u751f\u4ea7\u73af\u5883\u4e2d\u7684\u5b89\u5168\u4ee3\u7406)\n    Google Tool Proxy (Google\u5de5\u5177\u4ee3\u7406)\n    Conclusion (\u7ed3\u8bba)\n\n4. Design Tradeoffs (\u8bbe\u8ba1\u6743\u8861)\n    Design Objectives and Requirements (\u8bbe\u8ba1\u76ee\u6807\u548c\u8981\u6c42)\n        Feature Requirements (\u529f\u80fd\u8981\u6c42)\n        Nonfunctional Requirements (\u975e\u529f\u80fd\u6027\u8981\u6c42)\n        Features Versus Emergent Properties (\u529f\u80fd\u548c\u7a81\u53d1\u4e8b\u9879)\n        Example: Google Design Document (\u793a\u4f8b\uff1aGoogle\u8bbe\u8ba1\u6587\u6863)\n    Balancing Requirements (\u5e73\u8861\u8981\u6c42)\n        Example: Payment Processing (\u793a\u4f8b\uff1a\u4ed8\u6b3e\u5904\u7406)\n    Managing Tensions and Aligning Goals (\u5904\u7406\u7d27\u5f20\u5c40\u52bf\u548c\u8c03\u6574\u76ee\u6807)\n        Example: Microservices and the Google Web Application Framework (\u793a\u4f8b\uff1a\u5fae\u670d\u52a1\u548cGoogle\u7684Web\u5e94\u7528\u6846\u67b6)\n        Aligning Emergent-Property Requirements (\u5bf9\u9f50\u7a81\u53d1\u4e8b\u9879\u7684\u9700\u6c42)\n    Initial Velocity Versus Sustained Velocity (\u521d\u59cb\u901f\u5ea6\u548c\u6301\u7eed\u901f\u5ea6)\n    Conclusion (\u7ed3\u8bba)\n\n5. Design for Least Privilege (\u6700\u5c0f\u6743\u9650\u8bbe\u8ba1)\n    Concepts and Terminology (\u6982\u5ff5\u548c\u672f\u8bed)\n        Least Privilege (\u6700\u5c0f\u6743\u9650)\n        Zero Trust Networking (\u96f6\u4fe1\u4efb\u7f51\u7edc)\n        Zero Touch (\u96f6\u63a5\u89e6)\n    Classifying Access Based on Risk (\u6839\u636e\u98ce\u9669\u5bf9\u8bbf\u95ee\u8fdb\u884c\u5206\u7c7b)\n    Best Practices (\u6700\u4f73\u5b9e\u8df5)\n        Small Functional APIs (\u5c0f\u578b\u529f\u80fd\u6027API)\n        Breakglass (\u8d70\u7279\u6279\u6d41\u7a0b)\n        Auditing (\u5ba1\u8ba1)\n        Testing and Least Privilege (\u6d4b\u8bd5\u548c\u6700\u5c0f\u6743\u9650)\n        Diagnosing Access Denials (\u8bca\u65ad\u8bbf\u95ee\u62d2\u7edd)\n        Graceful Failure and Breakglass Mechanisms (\u4f18\u96c5\u7684\u5931\u8d25\u548cbreakglass\u673a\u5236)\n    Worked Example: Configuration Distribution (\u5de5\u4f5c\u793a\u4f8b\uff1a\u914d\u7f6e\u5206\u53d1)\n        POSIX API via OpenSSH (\u57fa\u4e8eOpenSSH\u7684POSIX\u7684API)\n        Software Update API (\u8f6f\u4ef6\u66f4\u65b0API)\n        Custom OpenSSH ForceCommand (\u81ea\u5b9a\u4e49OpenSSH\u7684ForceCommand)\n        Custom HTTP Receiver (Sidecar) (\u81ea\u5b9a\u4e49HTTP\u63a5\u6536\u5668\uff0c\u8fb9\u8f66\u6a21\u5f0f)\n        Custom HTTP Receiver (In-Process) (\u81ea\u5b9a\u4e49HTTP\u63a5\u6536\u5668\uff0c\u76f4\u901a\u6a21\u5f0f)\n        Tradeoffs (\u6743\u8861)\n    A Policy Framework for Authentication and Authorization Decisions (\u8ba4\u8bc1\u548c\u6388\u6743\u51b3\u7b56\u7684\u7b56\u7565\u6846\u67b6)\n        Using Advanced Authorization Controls (\u4f7f\u7528\u9ad8\u7ea7\u8ba4\u8bc1\u63a7\u5236)\n        Investing in a Widely Used Authorization Framework (\u9009\u62e9\u5e7f\u6cdb\u4f7f\u7528\u7684\u6388\u6743\u6846\u67b6)\n        Avoiding Potential Pitfalls (\u907f\u514d\u6f5c\u5728\u7684\u9677\u9631)\n    Advanced Controls (\u9ad8\u7ea7\u63a7\u5236)\n        Multi-Party Authorization (MPA) (\u591a\u65b9\u6388\u6743)\n        Three-Factor Authorization (3FA) (\u4e09\u56e0\u7d20\u8ba4\u8bc1)\n        Business Justifications (\u5546\u4e1a\u7406\u7531)\n        Temporary Access (\u4e34\u65f6\u8bbf\u95ee)\n        Proxies (\u4ee3\u7406)\n    Tradeoffs and Tensions (\u6743\u8861\u4e0e\u7d27\u5f20)\n        Increased Security Complexity (\u6301\u7eed\u589e\u52a0\u7684\u5b89\u5168\u590d\u6742\u6027)\n        Impact on Collaboration and Company Culture (\u5bf9\u5408\u4f5c\u548c\u516c\u53f8\u6587\u5316\u7684\u5f71\u54cd)\n        Quality Data and Systems That Impact Security (\u5f71\u54cd\u5b89\u5168\u6027\u7684\u8d28\u91cf\u6570\u636e\u548c\u7cfb\u7edf)\n        Impact on User Productivity (\u5bf9\u7528\u6237\u751f\u4ea7\u529b\u7684\u5f71\u54cd)\n        Impact on Developer Complexity (\u5bf9\u5f00\u53d1\u4eba\u5458\u590d\u6742\u5ea6\u7684\u5f71\u54cd)\n    Conclusion (\u7ed3\u8bba)\n\n6. Design for Understandability (\u53ef\u7406\u89e3\u6027\u8bbe\u8ba1)\n    Why Is Understandability Important? (\u4e3a\u4ec0\u4e48\u53ef\u7406\u89e3\u6027\u5982\u6b64\u91cd\u8981)\n        System Invariants (\u7cfb\u7edf\u4e0d\u53d8\u5f0f)\n        Analyzing Invariants (\u5206\u6790\u4e0d\u53d8\u5f0f)\n        Mental Models (\u5fc3\u667a\u6a21\u5f0f)\n    Designing Understandable Systems (\u8bbe\u8ba1\u53ef\u7406\u89e3\u7684\u7cfb\u7edf)\n        Complexity Versus Understandability (\u590d\u6742\u6027\u548c\u53ef\u7406\u89e3\u6027)\n        Breaking Down Complexity (\u6253\u7834\u590d\u6742\u6027)\n        Centralized Responsibility for Security and Reliability Requirements (\u8981\u6c42\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\u7684\u96c6\u4e2d\u8d23\u4efb)\n    System Architecture (\u7cfb\u7edf\u67b6\u6784)\n        Understandable Interface Specifications (\u53ef\u7406\u89e3\u7684\u63a5\u53e3\u89c4\u8303)\n        Understandable Identities, Authentication, and Access Control (\u53ef\u7406\u89e3\u7684\u8eab\u4efd\u3001\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236)\n        Security Boundaries (\u5b89\u5168\u8fb9\u754c)\n    Software Design (\u8f6f\u4ef6\u8bbe\u8ba1)\n        Using Application Frameworks for Service-Wide Requirements (\u4f7f\u7528\u5e94\u7528\u6846\u67b6\u6ee1\u8db3\u670d\u52a1\u9700\u6c42)\n        Understanding Complex Data Flows (\u7406\u89e3\u590d\u6742\u7684\u6570\u636e\u6d41)\n        Considering API Usability (\u8003\u8651API\u7684\u53ef\u7528\u6027)\n    Conclusion (\u7ed3\u8bba)\n\n7. Design for a Changing Landscape (\u4e0d\u65ad\u53d8\u5316\u7684\u5168\u666f\u8bbe\u8ba1)\n    Types of Security Changes (\u5b89\u5168\u53d8\u66f4\u7684\u7c7b\u578b)\n    Designing Your Change (\u8bbe\u8ba1\u53d8\u66f4)\n    Architecture Decisions to Make Changes Easier (\u7b80\u5316\u53d8\u66f4\u7684\u67b6\u6784\u51b3\u7b56)\n        Keep Dependencies Up to Date and Rebuild Frequently (\u4fdd\u6301\u4f9d\u8d56\u5173\u7cfb\u66f4\u65b0\u548c\u7ecf\u5e38\u6027\u7684\u91cd\u5efa)\n        Release Frequently Using Automated Testing (\u9891\u7e41\u4f7f\u7528\u81ea\u52a8\u5316\u6d4b\u8bd5\u53d1\u5e03)\n        Use Containers (\u4f7f\u7528\u5bb9\u5668)\n        Use Microservices (\u4f7f\u7528\u5fae\u670d\u52a1)\n    Different Changes: Different Speeds, Different Timelines (\u4e0d\u540c\u7684\u53d8\u5316\uff1a\u4e0d\u540c\u7684\u901f\u5ea6\uff0c\u4e0d\u540c\u7684\u65f6\u95f4\u7ebf)\n        Short-Term Change: Zero-Day Vulnerability (\u77ed\u671f\u6539\u53d8\uff1a0day\u6f0f\u6d1e)\n        Medium-Term Change: Improvement to Security Posture (\u4e2d\u671f\u6539\u53d8\uff1a\u5b89\u5168\u6001\u52bf\u7684\u6539\u5584)\n        Long-Term Change: External Demand (\u957f\u671f\u6539\u53d8\uff1a\u5916\u90e8\u9700\u6c42)\n    Complications: When Plans Change (\u5e76\u53d1\u75c7\uff1a\u5f53\u8ba1\u5212\u53d1\u751f\u6539\u53d8)\n    Example: Growing Scope\u2014Heartbleed (\u793a\u4f8b\uff1a\u4e0d\u65ad\u6269\u5927\u7684\u8303\u56f4\u4ee5\u81f4\u9677\u5165\u56f0\u5883)\n    Conclusion (\u7ed3\u8bba)\n\n8. Design for Resilience (\u5f39\u6027\u8bbe\u8ba1)\n    Design Principles for Resilience (\u5f39\u6027\u8bbe\u8ba1\u7684\u539f\u5219)\n    Defense in Depth (\u6df1\u5ea6\u9632\u5fa1)\n        The Trojan Horse (\u7279\u6d1b\u4f0a\u6728\u9a6c)\n        Google App Engine Analysis (Google App engine\u5206\u6790)\n    Controlling Degradation (\u63a7\u5236\u964d\u7ea7)\n        Differentiate Costs of Failures (\u5dee\u5f02\u5316\u7684\u5931\u8d25\u6210\u672c)\n        Deploy Response Mechanisms (\u90e8\u7f72\u54cd\u5e94\u673a\u5236)\n    Automate Responsibly (\u8d1f\u8d23\u4efb\u7684\u81ea\u52a8\u5316)\n    Controlling the Blast Radius (\u63a7\u5236\u7206\u70b8\u534a\u5f84)\n        Role Separation (\u89d2\u8272\u5206\u79bb)\n        Location Separation (\u4f4d\u7f6e\u5206\u79bb)\n        Time Separation (\u65f6\u95f4\u5206\u79bb)\n    Failure Domains and Redundancies (\u5931\u8d25\u57df\u548c\u5197\u4f59)\n        Failure Domains (\u5931\u8d25\u57df)\n        Component Types (\u7ec4\u4ef6\u7c7b\u578b)\n        Controlling Redundancies (\u63a7\u5236\u5197\u4f59)\n    Continuous Validation (\u6301\u7eed\u9a8c\u8bc1)\n        Validation Focus Areas (\u9a8c\u8bc1\u91cd\u70b9\u9886\u57df)\n        Validation in Practice (\u5b9e\u8df5\u9a8c\u8bc1)\n    Practical Advice: Where to Begin (\u5b9e\u7528\u5efa\u8bae\uff1a\u4ece\u54ea\u91cc\u5f00\u59cb)\n    Conclusion (\u7ed3\u8bba)\n\n9. Design for Recovery (\u6062\u590d\u8bbe\u8ba1)\n    What Are We Recovering From? (\u6211\u4eec\u4ece\u54ea\u5f00\u59cb\u6062\u590d)\n        Random Errors (\u968f\u673a\u9519\u8bef)\n        Accidental Errors (\u610f\u5916\u9519\u8bef)\n        Software Errors (\u8f6f\u4ef6\u9519\u8bef)\n        Malicious Actions (\u6076\u610f\u884c\u4e3a)\n    Design Principles for Recovery (\u6062\u590d\u7684\u8bbe\u8ba1\u539f\u5219)\n        Design to Go as Quickly as Possible (Guarded by Policy) (\u53d7\u653f\u7b56\u4fdd\u62a4\u7684\uff1a\u5c3d\u5feb\u6062\u590d)\n        Limit Your Dependencies on External Notions of Time (\u9650\u5236\u5bf9\u5916\u90e8\u65f6\u95f4\u89c2\u5ff5\u7684\u4f9d\u8d56)\n        Rollbacks Represent a Tradeoff Between Security and Reliability (\u56de\u6eda\u5448\u73b0\u4e86\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\u4e4b\u95f4\u7684\u6743\u8861)\n        Use an Explicit Revocation Mechanism (\u4f7f\u7528\u663e\u793a\u540a\u9500\u673a\u5236)\n        Know Your Intended State, Down to the Bytes (\u77e5\u9053\u4f60\u7684\u9884\u671f\u72b6\u6001\uff0c\u7ec6\u5230\u5b57\u8282\u7c92\u5ea6)\n        Design for Testing and Continuous Validation (\u53ef\u6d4b\u8bd5\u548c\u6301\u7eed\u6027\u9a8c\u8bc1\u7684\u8bbe\u8ba1)\n    Emergency Access (\u7d27\u6025\u901a\u9053)\n        Access Controls (\u8bbf\u95ee\u63a7\u5236)\n        Communications (\u901a\u8baf)\n        Responder Habits (\u54cd\u5e94\u8005\u7684\u4e60\u60ef)\n    Unexpected Benefits (\u610f\u5916\u7684\u597d\u5904)\n    Conclusion (\u7ed3\u8bba)\n\n10. Mitigating Denial-of-Service Attacks (\u7f13\u89e3DOS\u653b\u51fb)\n    Strategies for Attack and Defense (\u653b\u51fb\u548c\u9632\u5fa1\u7684\u7b56\u7565)\n        Attacker\u2019s Strategy (\u653b\u51fb\u8005\u7684\u7b56\u7565)\n        Defender\u2019s Strategy (\u9632\u5fa1\u8005\u7684\u7b56\u7565)\n    Designing for Defense (\u9632\u5fa1\u8bbe\u8ba1)\n        Defendable Architecture (\u53ef\u9632\u5fa1\u7684\u67b6\u6784)\n        Defendable Services (\u53ef\u9632\u5fa1\u7684\u670d\u52a1)\n    Mitigating Attacks (\u7f13\u89e3\u653b\u51fb)\n        Monitoring and Alerting (\u76d1\u63a7\u548c\u62a5\u8b66)\n        Graceful Degradation (\u4f18\u96c5\u964d\u7ea7)\n        A DoS Mitigation System (\u4e00\u4e2aDoS\u7f13\u89e3\u7cfb\u7edf)\n        Strategic Response (\u7b56\u7565\u54cd\u5e94)\n    Dealing with Self-Inflicted Attacks (\u5904\u7406\u81ea\u5df1\u9020\u6210\u7684\u653b\u51fb)\n        User Behavior (\u7528\u6237\u884c\u4e3a)\n        Client Retry Behavior (\u5ba2\u670d\u7aef\u91cd\u8bd5\u884c\u4e3a)\n    Conclusion (\u7ed3\u8bba)\n\nPart III. Implementing Systems (\u5b9e\u65bd\u7cfb\u7edf)\n\n11. Case Study: Designing, Implementing, and Maintaining a Publicly Trusted CA (\u6848\u4f8b\u7814\u7a76\uff1a\u8bbe\u8ba1\u3001\u5b9e\u73b0\u548c\u7ef4\u62a4\u4e00\u4e2a\u516c\u5f00\u53ef\u4fe1\u7684CA)\n    Background on Publicly Trusted Certificate Authorities (\u5173\u4e8e\u516c\u5f00\u53ef\u4fe1CA\u7684\u80cc\u666f\u4ecb\u7ecd)\n    Why Did We Need a Publicly Trusted CA? (\u4e3a\u4ec0\u4e48\u6211\u4eec\u9700\u8981\u4e00\u4e2a\u516c\u5f00\u53ef\u4fe1\u7684CA)\n    The Build or Buy Decision (\u6784\u5efa\u6216\u8d2d\u4e70\u51b3\u7b56)\n    Design, Implementation, and Maintenance Considerations (\u8bbe\u8ba1\u3001\u5b9e\u73b0\u548c\u7ef4\u62a4\u7684\u6ce8\u610f\u4e8b\u9879)\n        Programming Language Choice (\u7f16\u7a0b\u8bed\u8a00\u7684\u9009\u62e9)\n        Complexity Versus Understandability (\u590d\u6742\u6027\u548c\u53ef\u7406\u89e3\u6027)\n        Securing Third-Party and Open Source Components (\u4fdd\u62a4\u7b2c\u4e09\u65b9\u548c\u5f00\u6e90\u7ec4\u4ef6)\n        Testing (\u6d4b\u8bd5)\n        Resiliency for the CA Key Material (CA\u5173\u952e\u6750\u6599\u7684\u5f39\u6027)\n        Data Validation (\u6570\u636e\u9a8c\u8bc1)\n    Conclusion (\u7ed3\u8bba)\n\n12. Writing Code (\u7f16\u5199\u4ee3\u7801)\n    Frameworks to Enforce Security and Reliability (\u589e\u5f3a\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\u7684\u6846\u67b6)\n        Benefits of Using Frameworks (\u4f7f\u7528\u6846\u67b6\u7684\u597d\u5904)\n        Example: Framework for RPC Backends (\u793a\u4f8b\uff1aRPC\u540e\u7aef\u6846\u67b6)\n    Common Security Vulnerabilities (\u5e38\u89c1\u5b89\u5168\u6f0f\u6d1e)\n        SQL Injection Vulnerabilities: TrustedSqlString (SQL\u6ce8\u5165\uff1a\u53ef\u4fe1\u4efb\u7684SQL\u5b57\u7b26\u4e32)\n        Preventing XSS: SafeHtml (\u9632\u5fa1XSS\uff1aSafeHtml)\n    Lessons for Evaluating and Building Frameworks (\u8bc4\u4f30\u548c\u6784\u5efa\u6846\u67b6\u7684\u7ecf\u9a8c\u6559\u8bad)\n        Simple, Safe, Reliable Libraries for Common Tasks (\u7528\u4e8e\u5e38\u89c1\u4efb\u52a1\u7684\u7b80\u5355\u3001\u5b89\u5168\u3001\u53ef\u9760\u7684\u5e93)\n        Rollout Strategy (\u63a8\u5e7f\u7b56\u7565)\n    Simplicity Leads to Secure and Reliable Code (\u7b80\u5355\u4ece\u800c\u4fdd\u8bc1\u5b89\u5168\u548c\u53ef\u9760\u7684\u4ee3\u7801)\n        Avoid Multilevel Nesting (\u907f\u514d\u591a\u5c42\u5d4c\u5957)\n        Eliminate YAGNI Smells (\u6d88\u9664YAGNI\u6c14\u5473)\n        Repay Technical Debt (\u507f\u8fd8\u6280\u672f\u503a)\n        Refactoring (\u91cd\u6784)\n    Security and Reliability by Default (\u9ed8\u8ba4\u5b89\u5168\u548c\u53ef\u9760)\n        Choose the Right Tools (\u9009\u62e9\u6b63\u786e\u7684\u5de5\u5177)\n        Use Strong Types (\u4f7f\u7528\u5f3a\u7c7b\u578b\u8bed\u8a00)\n        Sanitize Your Code (\u51c0\u5316\u4f60\u7684\u4ee3\u7801)\n    Conclusion (\u7ed3\u8bba)\n\n13. Testing Code (\u6d4b\u8bd5\u4ee3\u7801)\n    Unit Testing (\u5355\u5143\u6d4b\u8bd5)\n        Writing Effective Unit Tests (\u7f16\u5199\u6709\u6548\u7684\u5355\u5143\u6d4b\u8bd5)\n        When to Write Unit Tests (\u4ec0\u4e48\u65f6\u5019\u7f16\u5199\u5355\u5143\u6d4b\u8bd5)\n        How Unit Testing Affects Code (\u5355\u5143\u6d4b\u8bd5\u662f\u5982\u4f55\u5f71\u54cd\u4ee3\u7801\u7684)\n    Integration Testing (\u96c6\u6210\u6d4b\u8bd5)\n        Writing Effective Integration Tests (\u7f16\u5199\u6709\u6548\u7684\u96c6\u6210\u6d4b\u8bd5)\n    Dynamic Program Analysis (\u52a8\u6001\u4ee3\u7801\u5206\u6790)\n    Fuzz Testing (\u6a21\u7cca\u6d4b\u8bd5)\n        How Fuzz Engines Work (\u6a21\u7cca\u6d4b\u8bd5\u5f15\u64ce\u662f\u5982\u4f55\u5de5\u4f5c\u7684)\n        Writing Effective Fuzz Drivers (\u7f16\u5199\u6709\u6548\u7684\u6a21\u7cca\u6d4b\u8bd5\u9a71\u52a8\u7a0b\u5e8f)\n        An Example Fuzzer (\u4e00\u4e2a\u6a21\u7cca\u6d4b\u8bd5\u7a0b\u5e8f\u7684\u4f8b\u5b50)\n        Continuous Fuzzing (\u6301\u7eed\u6a21\u7cca\u6d4b\u8bd5)\n    Static Program Analysis (\u9759\u6001\u4ee3\u7801\u5206\u6790)\n        Automated Code Inspection Tools (\u81ea\u52a8\u5316\u4ee3\u7801\u68c0\u67e5\u5de5\u5177)\n        Integration of Static Analysis in the Developer Workflow (\u5728\u5f00\u53d1\u5de5\u4f5c\u6d41\u4e2d\u96c6\u6210\u9759\u6001\u4ee3\u7801\u5206\u6790)\n        Abstract Interpretation (\u62bd\u8c61\u7684\u89e3\u91ca)\n        Formal Methods (\u6b63\u5f0f\u7684\u65b9\u6cd5)\n    Conclusion (\u7ed3\u8bba)\n\n14. Deploying Code (\u90e8\u7f72\u4ee3\u7801)\n    Concepts and Terminology (\u6982\u5ff5\u548c\u672f\u8bed)\n    Threat Model (\u5a01\u80c1\u6a21\u578b)\n    Best Practices (\u6700\u4f73\u5b9e\u8df5)\n        Require Code Reviews (\u9700\u8981\u4ee3\u7801\u5ba1\u67e5)\n        Rely on Automation (\u4f9d\u8d56\u4e8e\u81ea\u52a8\u5316)\n        Verify Artifacts, Not Just People (\u9a8c\u8bc1artifacts\u800c\u4e0d\u4ec5\u4ec5\u662f\u4eba)\n        Treat Configuration as Code (\u5c06\u914d\u7f6e\u548c\u4ee3\u7801\u7b49\u540c\u89c6\u4e4b)\n    Securing Against the Threat Model (\u57fa\u4e8e\u5a01\u80c1\u6a21\u578b\u505a\u52a0\u56fa)\n    Advanced Mitigation Strategies (\u9ad8\u7ea7\u7f13\u89e3\u7b56\u7565)\n        Binary Provenance (\u4e8c\u8fdb\u5236\u6765\u6e90\u9a8c\u8bc1)\n        Provenance-Based Deployment Policies (Provenance-Based\u53d1\u5e03\u7b56\u7565)\n        Verifiable Builds (\u53ef\u6821\u9a8c\u7684\u6784\u5efa)\n        Deployment Choke Points (\u90e8\u7f72\u5361\u70b9)\n        Post-Deployment Verification (\u90e8\u7f72\u540e\u7684\u9a8c\u8bc1)\n    Practical Advice (\u5b9e\u7528\u7684\u5efa\u8bae)\n        Take It One Step at a Time (\u4e00\u6b65\u4e00\u6b65\u6765)\n        Provide Actionable Error Messages (\u63d0\u4f9b\u53ef\u64cd\u4f5c\u7684\u9519\u8bef\u4fe1\u606f)\n        Ensure Unambiguous Provenance (\u786e\u4fdd\u6765\u6e90\u6ca1\u6709\u95ee\u9898)\n        Create Unambiguous Policies (\u521b\u5efa\u6ca1\u6709\u6b67\u4e49\u7684\u653f\u7b56)\n        Include a Deployment Breakglass (\u5305\u62ec\u4e00\u4e2a\u90e8\u7f72\u7279\u6279\u6d41\u7a0b)\n    Securing Against the Threat Model, Revisited (\u56de\u987e\u57fa\u4e8e\u5a01\u80c1\u6a21\u578b\u505a\u7684\u52a0\u56fa)\n    Conclusion (\u7ed3\u8bba)\n\n15. Investigating Systems (\u8c03\u67e5\u7cfb\u7edf)\n    From Debugging to Investigation (\u4ece\u8c03\u8bd5\u5230\u8c03\u67e5)\n        Example: Temporary Files (\u793a\u4f8b\uff1a\u4e34\u65f6\u6587\u4ef6)\n        Debugging Techniques (\u8c03\u8bd5\u6280\u672f)\n        What to Do When You\u2019re Stuck (\u5f53\u4f60\u88ab\u56f0\u4f4f\u7684\u65f6\u5019\u8be5\u505a\u4e9b\u4ec0\u4e48)\n        Collaborative Debugging: A Way to Teach (\u534f\u4f5c\u8c03\u8bd5\uff1a\u4e00\u79cd\u6559\u5b66\u65b9\u6cd5)\n        How Security Investigations and Debugging Differ (\u5b89\u5168\u8c03\u67e5\u548c\u8c03\u8bd5\u6709\u4f55\u4e0d\u540c)\n    Collect Appropriate and Useful Logs (\u6536\u96c6\u5408\u9002\u548c\u6709\u7528\u7684\u65e5\u5fd7)\n        Design Your Logging to Be Immutable (\u5c06\u4f60\u7684\u65e5\u5fd7\u7cfb\u7edf\u8bbe\u8ba1\u4e3a\u4e0d\u53ef\u4fee\u6539\u7684)\n        Take Privacy into Consideration (\u5c06\u9690\u79c1\u7eb3\u5165\u8003\u8651\u8303\u56f4)\n        Determine Which Security Logs to Retain (\u51b3\u5b9a\u8981\u4fdd\u7559\u54ea\u4e9b\u5b89\u5168\u65e5\u5fd7)\n        Budget for Logging (\u65e5\u5fd7\u7684\u9884\u7b97)\n    Robust, Secure Debugging Access (\u5065\u58ee\u3001\u5b89\u5168\u7684\u8c03\u8bd5\u8bbf\u95ee)\n        Reliability (\u53ef\u9760\u6027)\n        Security (\u5b89\u5168\u6027)\n    Conclusion (\u7ed3\u8bba)\n\nPart IV. Maintaining Systems (\u7ef4\u62a4\u7cfb\u7edf)\n\n16. Disaster Planning (\u707e\u96be\u8ba1\u5212)\n    Defining \u201cDisaster\u201d (\u5b9a\u4e49\u707e\u96be)\n    Dynamic Disaster Response Strategies (\u52a8\u6001\u707e\u96be\u54cd\u5e94\u7b56\u7565)\n    Disaster Risk Analysis (\u707e\u96be\u98ce\u9669\u5206\u6790)\n    Setting Up an Incident Response Team (\u6210\u7acb\u4e8b\u4ef6\u54cd\u5e94\u56e2\u961f)\n        Identify Team Members and Roles (\u786e\u5b9a\u56e2\u961f\u6210\u5458\u548c\u89d2\u8272)\n        Establish a Team Charter (\u5efa\u7acb\u56e2\u961f\u7ae0\u7a0b)\n        Establish Severity and Priority Models (\u5efa\u7acb\u4e25\u91cd\u6027\u548c\u4f18\u5148\u7ea7\u6a21\u578b)\n        Define Operating Parameters for Engaging the IR Team (\u660e\u786e\u548cIR\u56e2\u961f\u5408\u4f5c\u7684\u64cd\u4f5c\u53c2\u6570)\n        Develop Response Plans (\u5236\u5b9a\u54cd\u5e94\u8ba1\u5212)\n        Create Detailed Playbooks (\u521b\u5efa\u8be6\u7ec6\u7684\u5267\u672c)\n        Ensure Access and Update Mechanisms Are in Place (\u786e\u4fdd\u8bbf\u95ee\u548c\u66f4\u65b0\u673a\u5236\u5230\u4f4d)\n    Prestaging Systems and People Before an Incident (\u5728\u4e8b\u4ef6\u53d1\u751f\u524d\u9884\u5148\u51c6\u5907\u597d\u7cfb\u7edf\u548c\u4eba\u5458)\n        Configuring Systems (\u914d\u7f6e\u7cfb\u7edf)\n        Training (\u57f9\u8bad)\n        Processes and Procedures (\u8fc7\u7a0b\u548c\u7a0b\u5e8f)\n    Testing Systems and Response Plans (\u6d4b\u8bd5\u7cfb\u7edf\u548c\u54cd\u5e94\u8ba1\u5212)\n        Auditing Automated Systems (\u5ba1\u8ba1\u81ea\u52a8\u5316\u7cfb\u7edf)\n        Conducting Nonintrusive Tabletops (\u5b9e\u65bd\u975e\u4fb5\u5165\u5f0f\u684c\u9762)\n        Testing Response in Production Environments (\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u6d4b\u8bd5\u54cd\u5e94)\n        Red Team Testing (\u7ea2\u961f\u6d4b\u8bd5)\n        Evaluating Responses (\u8bc4\u4f30\u54cd\u5e94)\n    Google Examples (Google\u7684\u4f8b\u5b50)\n        Test with Global Impact (\u5177\u6709\u5168\u7403\u5f71\u54cd\u7684\u6d4b\u8bd5)\n        DiRT Exercise Testing Emergency Access (DiRT\u6f14\u4e60\u6d4b\u8bd5\u5e94\u6025\u901a\u9053)\n        Industry-Wide Vulnerabilities (\u884c\u4e1a\u7ea7\u522b\u7684\u6f0f\u6d1e)\n    Conclusion (\u7ed3\u8bba)\n\n17. Crisis Management (\u5371\u673a\u7ba1\u7406)\n    Is It a Crisis or Not? (\u8fd9\u662f\u4e00\u573a\u5371\u673a\u5417)\n        Triaging the Incident (\u5bf9\u4e8b\u4ef6\u8fdb\u884c\u5206\u7c7b)\n        Compromises Versus Bugs (\u59a5\u534f\u4e8e\u9519\u8bef)\n    Taking Command of Your Incident (\u638c\u63a7\u4e8b\u4ef6)\n        The First Step: Don\u2019t Panic! (\u7b2c\u4e00\u6b65\uff1a\u4e0d\u8981\u60ca\u614c)\n        Beginning Your Response (\u5f00\u59cb\u56de\u5e94)\n        Establishing Your Incident Team (\u5efa\u7acb\u4e8b\u4ef6\u54cd\u5e94\u56e2\u961f)\n        Operational Security (\u8fd0\u8425\u5b89\u5168)\n        Trading Good OpSec for the Greater Good (\u4ee5\u826f\u597d\u7684\u8fd0\u8425\u5b89\u5168\u6362\u53d6\u66f4\u5927\u7684\u6210\u679c)\n        The Investigative Process (\u8c03\u67e5\u8fc7\u7a0b)\n    Keeping Control of the Incident (\u63a7\u5236\u4e8b\u4ef6)\n        Parallelizing the Incident (\u5e76\u884c\u5316\u4e8b\u4ef6)\n        Handovers (\u4ea4\u63a5)\n        Morale (\u58eb\u6c14)\n    Communications (\u6c9f\u901a)\n        Misunderstandings (\u8bef\u89e3)\n        Hedging (\u9650\u5236)\n        Meetings (\u4f1a\u8bae)\n        Keeping the Right People Informed with the Right Levels of Detail (\u8ba9\u6b63\u786e\u7684\u4eba\u4e86\u89e3\u5408\u9002\u7684\u7ec6\u8282)\n    Putting It All Together (\u653e\u5728\u4e00\u8d77)\n        Triage (\u5206\u7c7b)\n        Declaring an Incident (\u5ba3\u5e03\u4e8b\u4ef6)\n        Communications and Operational Security (\u6c9f\u901a\u548c\u64cd\u4f5c\u5b89\u5168)\n        Beginning the Incident (\u5f00\u59cb\u4e8b\u4ef6)\n        Handover (\u79fb\u4ea4)\n        Handing Back the Incident (\u5f52\u8fd8\u4e8b\u4ef6)\n        Preparing Communications and Remediation (\u51c6\u5907\u6c9f\u901a\u548c\u8865\u6551)\n        Closure (\u5173\u95ed)\n    Conclusion (\u7ed3\u8bba)\n\n18. Recovery and Aftermath (\u6062\u590d\u548c\u540e\u679c)\n    Recovery Logistics (\u6062\u590d\u903b\u8f91)\n    Recovery Timeline (\u6062\u590d\u65f6\u95f4\u7ebf)\n    Planning the Recovery (\u89c4\u5212\u6062\u590d)\n        Scoping the Recovery (\u786e\u5b9a\u8981\u6062\u590d\u7684\u8303\u56f4)\n        Recovery Considerations (\u6062\u590d\u6ce8\u610f\u4e8b\u9879)\n        Recovery Checklists (\u6062\u590d\u68c0\u67e5\u6e05\u5355)\n    Initiating the Recovery (\u542f\u52a8\u6062\u590d)\n        Isolating Assets (Quarantine) (\u9694\u79bb\u8d44\u4ea7)\n        System Rebuilds and Software Upgrades (\u7cfb\u7edf\u91cd\u5efa\u548c\u8f6f\u4ef6\u5347\u7ea7)\n        Data Sanitization (\u6570\u636e\u6d88\u6bd2)\n        Recovery Data (\u6062\u590d\u6570\u636e)\n        Credential and Secret Rotation (\u51ed\u8bc1\u548c\u79d8\u94a5\u8f6e\u6362)\n    After the Recovery (\u6062\u590d\u4e4b\u540e)\n        Postmortems (\u5c38\u68c0)\n    Examples (\u793a\u4f8b)\n        Compromised Cloud Instances (\u88ab\u653b\u9677\u7684\u4e91\u5b9e\u4f8b)\n        Large-Scale Phishing Attack (\u5927\u89c4\u6a21\u9493\u9c7c\u653b\u51fb)\n        Targeted Attack Requiring Complex Recovery (\u6709\u9488\u5bf9\u6027\u7684\u653b\u51fb\u9700\u8981\u590d\u6742\u7684\u6062\u590d)\n    Conclusion (\u7ed3\u8bba)\n\nPart V. Organization and Culture (\u7ec4\u7ec7\u548c\u6587\u5316)\n\n19. Case Study: Chrome Security Team (\u6848\u4f8b\u7814\u7a76\uff1aChrome\u5b89\u5168\u56e2\u961f)\n    Background and Team Evolution (\u80cc\u666f\u548c\u56e2\u961f\u53d1\u5c55)\n    Security Is a Team Responsibility (\u5b89\u5168\u662f\u56e2\u961f\u7684\u8d23\u4efb)\n    Help Users Safely Navigate the Web (\u5e2e\u52a9\u7528\u6237\u5b89\u5168\u7684\u6d4f\u89c8\u7f51\u9875)\n    Speed Matters (\u901f\u5ea6\u95ee\u9898)\n    Design for Defense in Depth (\u7eb5\u6df1\u9632\u5fa1\u8bbe\u8ba1)\n    Be Transparent and Engage the Community (\u900f\u660e\u5316\u5e76\u4e0e\u793e\u533a\u4e92\u52a8)\n    Conclusion (\u7ed3\u8bba)\n\n20. Understanding Roles and Responsibilities (\u7406\u89e3\u89d2\u8272\u548c\u8d23\u4efb)\n    Who Is Responsible for Security and Reliability? (\u8c01\u5e94\u8be5\u4e3a\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\u8d1f\u8d23)\n        The Roles of Specialists (\u4e13\u5bb6\u7684\u89d2\u8272)\n        Understanding Security Expertise (\u4e86\u89e3\u5b89\u5168\u4e13\u4e1a\u77e5\u8bc6)\n        Certifications and Academia (\u8ba4\u8bc1\u548c\u5b66\u672f\u754c)\n    Integrating Security into the Organization (\u5c06\u5b89\u5168\u6574\u5408\u5230\u7ec4\u7ec7\u4e2d)\n        Embedding Security Specialists and Security Teams (\u5185\u5d4c\u5b89\u5168\u4e13\u5bb6\u548c\u5b89\u5168\u56e2\u961f)\n        Example: Embedding Security at Google (\u793a\u4f8b\uff1a\u5728Google\u4e2d\u5d4c\u5165\u5b89\u5168\u6027)\n        Special Teams: Blue and Red Teams (\u7279\u6b8a\u56e2\u961f\uff1a\u84dd\u961f\u548c\u7ea2\u961f)\n        External Researchers (\u5916\u90e8\u7814\u7a76\u4eba\u5458)\n    Conclusion (\u7ed3\u8bba)\n\n21. Building a Culture of Security and Reliability (\u5efa\u7acb\u5b89\u5168\u548c\u53ef\u9760\u6027\u7684\u6587\u5316)\n    Defining a Healthy Security and Reliability Culture (\u5b9a\u4e49\u4e00\u4e2a\u5065\u5eb7\u7684\u5b89\u5168\u548c\u53ef\u9760\u6027\u6587\u5316)\n        Culture of Security and Reliability by Default (\u9ed8\u8ba4\u5b89\u5168\u548c\u53ef\u9760\u7684\u6587\u5316)\n        Culture of Review (\u53cd\u601d\u56de\u987e\u7684\u6587\u5316)\n        Culture of Awareness (\u610f\u8bc6\u6587\u5316)\n        Culture of Yes (Yes\u6587\u5316)\n        Culture of Inevitably (\u4e0d\u53ef\u907f\u514d\u7684\u6587\u5316)\n        Culture of Sustainability (\u53ef\u6301\u7eed\u53d1\u5c55\u7684\u6587\u5316)\n    Changing Culture Through Good Practice (\u901a\u8fc7\u826f\u597d\u5b9e\u8df5\u6539\u53d8\u6587\u5316)\n        Align Project Goals and Participant Incentives (\u5bf9\u9f50\u9879\u76ee\u76ee\u6807\u548c\u53c2\u4e0e\u8005\u6fc0\u52b1)\n        Reduce Fear with Risk-Reduction Mechanisms (\u901a\u8fc7\u98ce\u9669\u51cf\u8f7b\u673a\u5236\u51cf\u5c11\u6050\u60e7)\n        Make Safety Nets the Norm (\u8ba9\u5b89\u5168\u7f51\u6210\u4e3a\u89c4\u8303)\n        Increase Productivity and Usability (\u63d0\u9ad8\u751f\u4ea7\u529b\u548c\u53ef\u7528\u6027)\n        Overcommunicate and Be Transparent (\u8fc7\u5ea6\u6c9f\u901a\u5e76\u4fdd\u6301\u900f\u660e)\n        Build Empathy (\u5efa\u7acb\u540c\u7406\u5fc3)\n    Convincing Leadership (\u4ee4\u4eba\u4fe1\u670d\u7684\u9886\u5bfc)\n        Understand the Decision-Making Process (\u4e86\u89e3\u51b3\u7b56\u8fc7\u7a0b)\n        Build a Case for Change (\u8bf4\u660e\u53d8\u5316\u7684\u539f\u56e0)\n        Pick Your Battles (\u9009\u62e9\u4f60\u7684\u6218\u6597)\n        Escalations and Problem Resolution (\u5347\u7ea7\u548c\u95ee\u9898\u89e3\u51b3)\n    Conclusion (\u7ed3\u8bba)\n\nAppendix. A Disaster Risk Assessment Matrix (\u9644\u5f55\uff1a\u4e00\u4e2a\u707e\u96be\u98ce\u9669\u8bc4\u4f30\u77e9\u9635)\n<\/code><\/pre>\n\n\n\n
            \u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n\n\n\n
            https:\/\/security.googleblog.com\/2020\/04\/introducing-our-new-book-building.html<\/a><\/p>\n\n\n\n
            Google\u65b0\u4e66\uff1a\u300a\u6784\u5efa\u5b89\u5168\u53ef\u9760\u7684\u7cfb\u7edf\u300b
            https:\/\/mp.weixin.qq.com\/s\/HztqUAeAfuobvXzOfZ6CFA<\/a><\/p>\n\n\n\n
            =END=<\/p>\n","protected":false},"excerpt":{"rendered":"
            =Start= \u7f18\u7531\uff1a \u524d\u51e0\u5929\u5728\u670b\u53cb\u5708\u4e2d\u770b\u5230\u6587\u7ae0\u300eGoogle\u65b0\u4e66\uff1a\u300a\u6784\u5efa\u5b89\u5168\u53ef\u9760\u7684\u7cfb\u7edf\u300b\u300f\u4e86\u89e3\u5230Google […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,25],"tags":[333,41,320,37,1608],"class_list":["post-4887","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-security","tag-book","tag-google","tag-reading","tag-security","tag-sre"],"views":6665,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/4887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=4887"}],"version-history":[{"count":3,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/4887\/revisions"}],"predecessor-version":[{"id":4890,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/4887\/revisions\/4890"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=4887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=4887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=4887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}