“…threat modelling will always fail in practice, because by definition, threat modelling stops before practice.”
via Financial Cryptography: Why Threat Modelling fails in practice.
Insightful post highlighting the difference between threat and risk.
Let us now turn that around and consider *threat modelling*. By its nature, threat modelling only deals with threats and not risks and it cannot therefore reach out to its users on a direct, harmful level. Threat modelling is by definition limited to theoretical, abstract concerns. It stops before it gets practical, real, personal.
Risks are where harm is done to users. Risk modelling therefore is the only standard of interest to users.