Motivation When performing software-centric threat-modeling on an application1, one typically:
generates at least one Data Flow Diagram (DFD) or other diagrams that model the software, enumerates threats using the diagram(s) as an aid, and then determines which mitigations should be applied. Automated tools can potentially aid the threat modeler in each of these stages.