http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspxThe following is a (slightly modified) version of a document I wrote for the VSTO team way back in the day. You might find it useful as you plan threat modelling for your product(s). You should of course read the Threat Modelling book from Microsoft Pressen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#368960Tue, 08 Feb 2005 13:14:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:368960Sergey Simakov bloghttp://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#369146Tue, 08 Feb 2005 19:45:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:369146Dana Epp's ramblings at the SanctuaryPeter Torr has an interesting article/a&gt; about high level threat modeling. The gist of his article is that the process consists of six (possibly repeated) steps, outlined below in more detail: Preparation Brainstorming Drafting Review Verification Closure I highly recommend you go read his article to dig into the depth of each step. Good job Peter....http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#369447Tue, 08 Feb 2005 22:42:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:369447Insensitive ClodBut was your threat model DIGITALLY SIGNED?http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#369557Wed, 09 Feb 2005 01:57:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:369557Peter TorrSome of us don't have certificates, you insensitive clod!http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#369688Wed, 09 Feb 2005 09:20:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:369688Stefan KellerNot bad, but you end early. <br>- I always thought that other key benefits to do threat modelling are, that you could <br>a) show the morons that want to introduce insecurity later on in the project, what that will do to them easily and illustratively <br>b) have a readily available, nice residual risk piece for final sign-off <br> <br>Regards <br> <br>Stefan <br> <br> http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#378515Wed, 23 Feb 2005 01:54:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:378515Peter TorrMore info on building DFDs is now available at: <br> <br><a target="_new" href="http://weblogs.asp.net/ptorr/archive/2005/02/22/378510.aspx">http://weblogs.asp.net/ptorr/archive/2005/02/22/378510.aspx</a>http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#381138Sun, 27 Feb 2005 09:49:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:381138Office Development, Security, Randomness...A crash-course in developing Data Flow Diagrams in support of software threat modelshttp://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#452455Wed, 17 Aug 2005 05:32:47 GMT91d46819-8472-40ad-a661-2c78acb4018c:452455Office Development, Security, Randomness...<br> <br> <br> A recent comment on the IE Blog made it pretty apparent that not everybody is aware...http://blogs.msdn.com/ptorr/archive/2005/02/08/368881.aspx#459353Fri, 02 Sep 2005 00:05:04 GMT91d46819-8472-40ad-a661-2c78acb4018c:459353ptorrDana Epp has a great article at <a rel="nofollow" target="_new" href="http://silverstr.ufies.org/blog/archives/000851.html">http://silverstr.ufies.org/blog/archives/000851.html</a>