Surface 08
Third-party / Supply chain
What lives here
Vendor relationships, software dependencies, SBOM contents, build artifacts from upstream.
Primary threats
- supply-chain compromise
- fourth-party risk
- dependency exploits
- vendor breach with shared blast radius
Defensive categories
- TPRM
- vendor risk ratings
- SBOM / software attestation
- ASM