What Is a Threat Model?
The threat model creation process should include representatives from the design team (the team writing the product specifications), the programming team, and the test team. Each member brings different perspectives and different knowledge about the product. If the threat model creation process does not include people from these teams, then you risk losing valuable information about the product. External attackers cannot access people who develop products or write product specifications. Therefore, the use of these information resources can become a favorable condition for security testing.