Adam Shostack here. I spoke at Toorcon this past weekend on "SDL Threat Modeling: Past, Present and Future." I wanted to share my slides to help clarify a bit about where SDL threat modeling is and why, and a bit about where we're going.
(Click on the post title, and you'll see an attachment in the per-post page.)
Are you going to TechEd 2008? If so, please stop by our Security Development Lifecycle booth and chat