Original post by @cbentue
It’s clear that there’s value in doing Threat Modeling a new application at design time, but what about existing applications? If the application is already deployed and ready, would you apply threat modeling for a specific security task? Thank you in advance.