Introducing SCREATH (Supply Chain Risk Framework)

Today, I gave a talk at the SANS Threat Hunting Summit on Supply Chain Threat Hunting. I’ll publish slides later, but I wanted to post our supply chain threat hunting framework worksheet. I want to thank Brandon McCrillis (Rendition Infosec CEO) for freeing me up for the time to work on this (he also gave the green light to release this to the community).

SCREATH stands for:

Analysis, and

You can find the SCREATH score sheet v0.1 (Google Sheets) here.

The SCREATH scoresheet is free for organizations to use, though please provide attribution. We are actively requesting feedback on the framework. Are we missing questions? Do you disagree with the score weights? Let us know (screath { a t } or tag us on Twitter). We’ll certainly be posting more on this later, but I wanted to get this out now for the talk.