LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What are the key validation checks for a threat model?

Check threats are enumerated (STRIDE per boundary-touching element), QA has reviewed it, every threat is addressed, and the mitigations are actually done right.

Validate the whole threat model:

  • Are threats enumerated?
  • Minimum: STRIDE per element that touches a trust boundary
  • Has Test/QA reviewed the model? (Testers often find issues)
  • Is each threat addressed?
  • Are mitigations done right?

Do these checks BEFORE Final Security Review - shipping will be more predictable.

Why QA review matters: Testers have a different mindset - they actively try to break things and often spot threats that developers miss.

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jun 20, 2026