Our colleague Simon Kölsch on his personal blog:
Continue to external content
[…] a useful approach to building more secure software is constructing an explicit threat model and updating it on a regular basis. Instead of creating a giant threat diagram start by trying to apply one of the STRIDE frameworks threats to your system. Choosing a threat modelling card of the day may help familiarize yourself with the vocabulary.