Experiences Threat Modeling at Microsoft
A little bit of cross-polination [link to http://blogs.msdn.com/sdl/archive/2008/10/08/experiences-threat-modeling-at-microsoft.aspx no longer works] between blogs:
Adam Shostack here. Last weekend, I was at a Security Modeling Workshop [link to http://www.comp.lancs.ac.uk/modsec/program.php no longer works], where I presented a paper on “Experiences Threat Modeling at Microsoft,” which readers of [the Microsoft Security Development Lifecycle] blog might enjoy. So please, enjoy!