I would say this is the most enigmatic of the 4 questions in the 4 question threat modelling framework.
After you’ve clearly defined what you are going to threat model, after you’ve analyzed the system for threats, after you’ve created a set of additional controls to mitigate those threats - did you do a good job? How do you know? What does “good” even mean? Would you really ever finish a threat model and then call it ugly?
It’d be fascinating to hear how people tackle this thorny question?