Abstract: The techniques described herein relate to methods, apparatus, and computer readable media configured to provide data-driven vendor risk assessment. In some aspects, a distributed computer system is provided that includes an interface component adapted to obtain security status information from at least two software application components, the at least two software application components being used by an organizational entity. The distributed computer system also includes a monitoring component adapted to receive the security status information from the at least two software application components and to determine a security status of the organizational entity based on the received security status information.

Abstract: The techniques described herein relate to methods, apparatus, and computer readable media configured to provide data-driven vendor risk assessment. In some aspects, a distributed computer system is provided that includes an interface component adapted to obtain security status information from at least two software application components, the at least two software application components being used by an organizational entity. The distributed computer system also includes a monitoring component adapted to receive the security status information from the at least two software application components and to determine a security status of the organizational entity based on the received security status information.