Interesting – Larry Osterman explains how MS do threat analysis (in lots of parts). Found on Bruce Schneier’s Blog. Worth a read – certainly it’s made me think about the stuff I’ve written.

Parts 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14