A methodology for reviewing and assessing security threats in an ordered fashion avoiding security “blind spots”, usually performed as part of the design phase, but can be performed at a later stage. Threat models assist in both the discovery of unnoticed security risks and in reviewing the known issues mitigation plans. Threat modeling should be performed at an early stage of the development process, usually as part of the architecture design review phase.
Examples of threat modeling methodologies: STRIDE, attack trees, CIA.