Threat modeling information, links, and a free tool
Unless you know what you are protecting, from whom, and why you are going to have a very tough time protecting it. Just as I was researching threat modeling for a chapter of my book, this thread happened on the web application security mailing list. A lot of useful information and insightful opinions were exchanged over the course of few days. Then Microsoft released a free threat modeling tool announced several months ago. If I've interested you in the subject, here is a list of links to some public papers on threat modeling. Update: A video interview Frank Swiderski (the author of the free tool and the Thread Modeling book) is available at channel9 .