Quiz Entry - updated: 2026.06.20
What should you validate about dependencies in your threat model?
Treat every library and external service as part of your attack surface — your security is only as strong as the weakest dependency you trust.
Validate all dependencies in your threat model. Ask yourself:
- What other code are you using?
- What security functions are in that other code?
- Are you checking the data provided by external services?
- Are you sure?
Why this matters: Your application's security is only as strong as its weakest dependency. A vulnerability in a library you use becomes your vulnerability.
Third-party risk: Log4Shell (2021) showed how one vulnerable library can affect millions of applications.