threat-modeling
Safeguard articles tagged "threat-modeling" — guides, analysis, and best practices for software supply chain and application security.
29 articles
MITRE ATT&CK Meets SSDF: A Mapping
ATT&CK describes how adversaries operate; SSDF describes how to build software that resists them. Here's how to map adversary techniques to secure-development tasks so your threat model drives real engineering change.
A Beginner's Guide to Threat Modeling Your Build Pipeline
Your CI system is a production system with worse access controls. A first threat model of the pipeline takes one whiteboard session and usually finds something ugly.
Security Architecture Review Process: A Practical Framework
Architecture reviews catch security issues before code is written. Most organizations skip them or do them poorly. Here is a process that works.
A Taxonomy of Open Source Supply Chain Attacks
Supply chain attacks on open source come in distinct flavors. Understanding the taxonomy helps defenders prioritize controls and recognize threats before they reach production.
Threat Modeling the Software Supply Chain
Traditional threat modeling focuses on your code. Supply chain threat modeling extends to every tool, dependency, and process that touches your software. Here is how to do it systematically.