New installment in “A Guide to Threat Modelling for Developers”
Software teams are incentivised to deliver, and rarely have unlimited
bandwidth to go away and address every threat identified. And some of the
threats may pose an insignificant risk. You need to filter down and
prioritise a few most important actions which you can take away and
execute on effectively.