Threat Modeling as a Basis for Security Requirements

We routinely hear vendors claim that their systems are "secure." However, without knowing what assumptions are made by the vendor, it is hard to justify such a claim. Prior to claiming the security of a system, it is important to identify the threats to the system in question. Enumerating the threats to a system helps system architects develop realistic and meaningful security requirements.