What is threat modeling used for in the design phase?

Threat modeling in the design phase focuses on identifying potential threats, evaluating the risks they pose, and designing mitigations into the architecture before any code is written. By analyzing data flows, trust boundaries, and attacker goals early, you can bake in security controls—such as proper authentication and authorization, input validation, encryption, secure defaults, and defense in depth—so the system’s design itself reduces the attack surface and prevents flaws from taking root. This proactive approach saves cost and effort by addressing security where decisions about structure and data handling are made, rather than after implementation. It’s not about marketing, performance benchmarking, or scheduling vacations—those activities aren’t related to building secure software.