Which process helps developers understand security threats, determine risks, and establish mitigations?

Threat modeling is the process by which developers systematically identify security threats, assess risks, and design mitigations early in the software development lifecycle. It starts by clarifying what needs protection (assets), how data flows through the system, and where trust boundaries exist. Threats are then identified and categorized to understand potential attack vectors, often using a structured approach like STRIDE. Each threat is analyzed for likelihood and impact to determine risk, guiding the selection of mitigations—design changes, secure coding practices, and appropriate controls—so security is built in from the start and validated throughout development and deployment. This collaborative, iterative activity ensures that defenses align with actual threats and evolve as the system changes. Shadow IT describes unsanctioned technology use, Baseline refers to standard configuration settings, and a gateway device is a hardware component; none of these describe the process of understanding threats and establishing mitigations.