ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

THREAT-MODEL-EDI

Systematic threat modelling — STRIDE first-line for EDI.

Definition

STRIDE (Microsoft, 1999): Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. Applied to EDI: DUNS spoofing, in-transit PO tampering, MDN repudiation, INVOIC price disclosure, DoS on AS2 endpoint, elevation via misconfigured API.

Origin

STRIDE created by Microsoft in 1999. Approach developed in Threat Modeling: Designing for Security (Adam Shostack, 2014).

Example in context

A STRIDE threat model for an AS2 endpoint identifies 12 threats: 3 Spoofing, 2 Tampering, 1 Repudiation, etc.

Last updated: May 14, 2026