Offensive Threat Models Against the Supply Chain

Explore offensive threat modeling techniques for supply chain systems in this 51-minute conference talk from AppSecCali 2019. Learn how to apply adversarial perspectives to discover realistic attack patterns and improve defensive measures against cybercriminals targeting trusted vendor software. Examine a sample threat library, understand relevant threat sources, and see real-world examples applied to multinational corporations. Discover how to build attack trees for exploit development, operationalize findings into specific countermeasures, and leverage insights to enhance overall security programs, including vendor risk management and procurement processes. Gain valuable knowledge from Tony UcedaVelez, CEO of VerSprite, on creating dynamic threat models that reflect current criminal cyber trends and bolster supply chain security.