This community seems like an appropriate place to share approaches to threat modelling, so I thought I’d share an open source tool called threatware that I created to help validate and manage threat models. I wrote a longer blog post discussing the origin of it, but this community might find some of the design decisions I made when I created the (suggested) process and tool - see An Opinionated Approach - as relevant discussion topics for challenges we all face when operating a threat modelling program of work.
Hope you find it interesting, maybe even useful. Happy to discuss.
Amazing job @Dave! You have created a great tool and I really like your approach!
Threat modeling can be an overwhelming task so to have the correct approach can make the difference between creating something relevant, that really helps your company reducing the exposure or quitting in the process. Creating small threat models and prioritizing the information is part of the key to succeed.
I also like the idea of using templates. It can help other people in the company or even in other companies to start threat modeling, which is the main idea, to spread the use of threat modeling and to make the systems more secure.