Quiz Entry - updated: 2026.06.20
What are the key validation checks for a threat model?
Check threats are enumerated (STRIDE per boundary-touching element), QA has reviewed it, every threat is addressed, and the mitigations are actually done right.
Validate the whole threat model:
- Are threats enumerated?
- Minimum: STRIDE per element that touches a trust boundary
- Has Test/QA reviewed the model? (Testers often find issues)
- Is each threat addressed?
- Are mitigations done right?
Do these checks BEFORE Final Security Review - shipping will be more predictable.
Why QA review matters: Testers have a different mindset - they actively try to break things and often spot threats that developers miss.