Errata

Text: “Third-party commercial-off-the-shelf including robotic process automation (RPS)”
Concern: The abbreviation appears to be a typo. Commonly, “robotic process automation” is abbreviated as RPA, not RPS.

Note from the Author or Editor:
Correct, the abbreviation is wrong and the sentence is missing a comma.

The sentence should be, "Third-party commercial-off-the-shelf, including robotic process automation (RPA)"

Text:
response = requests.get('//api.github.com / user, ',

Concern: There are extra spaces around “/” and an unnecessary “, ” after user.
Suggested correction:

response = requests.get('//api.github.com/user',

Note from the Author or Editor:
Correct, there should be no spaces around the "/" and no "," after user.

Corrected syntax is:

response = requests.get('https://api.github.com/user',
auth = HTTPBasicAuth('user', 'pass'))

Text:
“For example, in a SaaS model, the CSP secures the infrastructure … You and your organization are responsible for securing the guest operating systems, your applications, and your data …”

Concern: In a SaaS model, the guest operating system and application software are typically managed by the provider, not the tenant. The text seems to better fit the IaaS model, where tenants are responsible for OS and application security. Should this be revised from SaaS to IaaS?

Note from the Author or Editor:
This is correct. The text should be updated to: "For example, in an IaaS model, the CSP secures the infrastructure that runs all its services, including its hardware, virtualization, and physical facilities. You and your organization are responsible for securing the guest operating systems, your applications, and your data, and for ensuring cloud services are configured correctly."

Text: Short URL oreil.ly/OJUJb

Concern: When expanded, this points to the 2025 report, while the 2024 report has been archived here:

cpl.thalesgroup.com/resources/cloud-security/2024/cloud-security-research

Question: Should the URL be updated to reference the archived 2024 report?

Note from the Author or Editor:
Correct, the link should be updated to point to the archived 2024 report.

Text:
“OWASP has selection criteria and a list of popular open source and SAST commercial tools (oreil.ly/dMlQk).”

Concern: The wording “open source and SAST commercial tools” seems like a typo.

Suggested correction:
“OWASP has selection criteria and a list of popular open source and commercial SAST tools (oreil.ly/dMlQk).”

Note from the Author or Editor:
Correct, this sentence should be reworded as suggested.

Text: Short URL “oreil.ly/6nvyS”

Concern: The expanded link points to AWS IAM
(aws.amazon.com/tw/iam/identity-center/). Based on the context, it seems the correct destination should be:

cloud.google.com/identity

Question: Should this short URL be corrected?

Note from the Author or Editor:
This is correct, the link should point to https://cloud.google.com/identity.

For clarification, this error is in section 6 > Comparing IAM Services > Access > GCP.

Text: Short URL “oreil.ly/Rqx2n”

Concern: When expanded, it points to:

kubernetes.io/docs/concepts/security/pod-security-standards

To link directly to the intended section, the more accurate URL would be:

kubernetes.io/docs/concepts/security/pod-security-standards/#what-about-sandboxed-pods

Suggestion: Consider updating the short URL to reference the correct anchor.

Note from the Author or Editor:
This suggestion is good. The link should be updated to the suggested URL.