Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
This checklist is designed to help you threat model third-party software and services as they are deployed into the environment. It broadly follows the Microsoft Security Development Lifecycle (SDL) but applies a supply chain security focus to the recommendations. Normally, the Microsoft SDL is used to guide the organization’s security model during product development. This checklist focuses on using the SDL to threat model third-party
software cybersecurity risk.
We suggest using this checklist as a guide as security teams will have additional organization-specific steps to consider in their threat modeling evaluations.
READ: How to Build a Third-Party Risk Management Framework
READ: Top Strategies for Identifying Software Supply Chain Risks
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 26, 2023
By IANS Faculty
Access key data sets from the 2023 edition of IANS and Artico Search’s Security Budget Benchmark Report. Gain valuable insights on security budget increases and the drivers behind them.
September 21, 2023
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.