There are many things called threat modeling. Rather than argue about which is "the one true way," a good practice is to consider your needs and what your skills, abilities, and schedules are, and then work with a method that's best for you.

In the July 2008 issue of MSDN Magazine, Adam Shostack explains how you can put the fun back in threat modeling while making it an efficient, agile-friendly activity that anyone can do.

You can also check out previous Security Briefs columns and other security topics covered in MSDN Magazine in our online archives.