LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What should you validate about dependencies in your threat model?

Treat every library and external service as part of your attack surface — your security is only as strong as the weakest dependency you trust.

Validate all dependencies in your threat model. Ask yourself:

  • What other code are you using?
  • What security functions are in that other code?
  • Are you checking the data provided by external services?
  • Are you sure?

Why this matters: Your application's security is only as strong as its weakest dependency. A vulnerability in a library you use becomes your vulnerability.

Third-party risk: Log4Shell (2021) showed how one vulnerable library can affect millions of applications.

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jun 20, 2026