Product Security Hub Logo
Implementation

How Teams Adopt Product Security Hub

Implementing PSH follows a proven path. Most teams move through three phases, building security knowledge and operational capability as they go.

1

Phase 1: Architecture & Threat Modeling

Weeks 1–2

Your team starts by mapping your product architecture in Product Security Hub. This is where you define:

  • Components & Data Flow: How data moves through your system, storage points, and trust boundaries
  • External Dependencies: Third-party libraries, services, and integrations
  • Threats: Using Product Security Hub's built-in threat catalog (mapped to CWE), identify realistic threats to your architecture

Outcome: You have a living security architecture document—not a static diagram, but a continuous reference that your team actually maintains.

2

Phase 2: Requirements & Vulnerability Integration

Weeks 3–4

Now you connect regulatory and risk context to your architecture:

  • Add Requirements: Import or map compliance requirements (FDA cybersecurity guidance, Health Canada, EU MDR, etc.) to your architecture
  • Import SBOMs & Vulnerabilities: Upload your SBOM and see what's vulnerable in your supply chain
  • Map Connections: See how vulnerabilities relate to your architecture threats and compliance requirements

Outcome: You now see the full picture: what threats matter, which vulnerabilities are in your code, and which compliance obligations apply—all in one place.

3

Phase 3: Continuous Risk Management

Ongoing

Product Security Hub becomes your operational backbone for security decisions:

  • Triage & Prioritize: Risk-assess vulnerabilities using CVSS v3/v4 context from your threat model
  • Track Decisions: Document why you accepted, mitigated, or fixed each risk
  • Report on Compliance: Generate audit-ready evidence of your security controls and risk management
  • Update as You Grow: New product version? Architecture change? Regulatory update? Product Security Hub scales with you

Outcome: Security is no longer a snapshot—it's a living, continuously-updated system that keeps pace with your product and regulatory environment.

Typical Implementation Timeline

Week 1–2
Architecture mapping & threat modeling (foundation)
Week 3–4
Requirements & vulnerabilities integration (connecting context)
Week 5+
Ongoing triage, compliance reporting, and continuous updates

Note: Implementation speed depends on your team size, product complexity, and existing security documentation. Most teams are operationally effective within 4 weeks.

Ready to Get Started?

See how Product Security Hub fits into your workflow and get a personalized implementation roadmap for your team.

Schedule a Demo Get a Quote