nBrainstorm the known threats to the system
nTwo or three hours for the initial brainstorm meeting with group up to 10 people
nHave one person lead the meeting – the most security savvy of the team
nAt least one member from each development discipline: design, coding, testing, documentation
nThe design and code changes are made after the meeting
nHave a overall system architecture on the whiteboard