A question that comes up frequently in discussions: the manifesto says everyone should do threat modelling, but if we are not security specialists, what would be the value? Wouldn’t we just waste time bouncing our amateur ideas off each other?
I say - bring on the bouncing! Yes, it is better to have someone with security specialisation in the room, but a team that understands “What are we working on?” is practically guaranteed to find something useful when exploring “What can go wrong?”
Why is that the case? Because collaborative threat modelling excels at finding “Unknown knowns”. Whether you use STRIDE, prompt cards, EOP game, any brainstorming method really - the team members will confess all sorts of horrors that they haven’t realised are relevant before now. Debug functionality with remote access that nobody had removed since release v0.01. Shared accounts, authorisation bypasses, that "TODO" function they wrote ten years ago and somehow it was never prioritised.