I recently was in a bit of a conversation about Threat Modeling, it's future, and how it relates to Risk Management. The ensuing thoughts and gyrations in my head produced a bit of a post on how Threat Modeling, is actually 1/2 of a Threat Management process. Which in itself is a subset of a well rounded Risk Management process. I posted the mini-essay on our ACE Threat Modeling blog. Check it out here.