Adam Shostack here. I’m working on a paper about “Experiences Threat Modeling at Microsoft” for an academic workshop on security modeling. I have some content that I think is pretty good, but I realize that I don’t know all the questions that readers might have.
So, what questions should I try to answer in such a paper? What would you like to know about? No promises that I’ll have anything intelligent to say, but I’d love to know the questions you’re asking. So please. Ask away!