A structured exercise to identify potential threats to a system early, so they can be designed out or mitigated.
Threat modeling examines a system's design to anticipate how it could be attacked. It asks what is being built, what can go wrong, what will be done about it, and whether the analysis was good enough.
Done early in development, it lets teams address weaknesses before they are coded in, which is far cheaper than fixing them later. Methods such as STRIDE provide a structured way to enumerate threats.
KaitoSec