Shostack on "Threat Modeling"
Adam Shostack is incredibly smart - and he also happens to be responsible for managing the threat modeling aspect of the SDL these days. Here's got a nice 10 page paper here on threat modeling - very much worth the read if you're into that sort of thing. https://blogs.msdn.com/sdl/archive/2008/10/08/experiences-threat-modeling-at-microsoft.aspx