Description

Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data flow diagrams and a threat enumeration technique of `STRIDE per element.' The paper covers some lessons learned which are likely applicable to
other security analysis techniques. The paper closes with some possible questions for academic research.