tl;dr:At its heart, threat modeling is a risk-based approach to designing secure systems by identifying threats continually and developing mitigations intentionally. We believe effective threat modeling should start simple and grow incrementally, rather than relying on exhaustive upfront analysis. To demonstrate this in practice, we begin with outlining the core insights required for threat modeling. We then dive into practical threat modeling examples using the STRIDE framework.
tl;dr:"Threat modelling is a risk-based approach to designing secure systems." This article encourages developers to start simple with 3 questions. What are you building? What can go wrong? What are you going to do?