Example Software Supply Chain Threat Model

  • 28 November 2022
  • 0 replies

Userlevel 3

I’m reposting my friend, François Proulx’s supply chain analysis because I believe it to provide an excellent example of a thorough threat model.


Yes, indeed, do read the post if you need to understand software supply security. But this analysis also demonstrates a couple of critical threat modelling methods:

  • Cataloging the relevant attacks (often called a “threat library”)
  • Analyzing how the attacks work, who the victim is, what the likely impact will be if compromised
  • Identifying appropriate counter-measures, which may include defences, mitigations, monitoring, etc.
  • Explaining in some detail how the analysis works

A #threat model isn’t its methods. I often hear people confuse method with model. There isn’t any STRIDE analysis (though this model makes effective use of attack trees). There’s only a single visual representation that might be called a data flow diagram (DFD) - and that is very loose. it’s more of a process flow. Neither of these are required to build a model (though they might very well help). 


What is require is the sort of hard thinking I find in this analysis. I haven’t found that many articles where the author is willing to expose their thinking, how they’ve arrived at the output of the model. This article is a welcome exception.



0 replies

Be the first to reply!