Few questions:

• 1) Have you actually worked with Dev teams and achieved 100% code coverage? Getting all the error conditions to actually occur is pretty hard, I'd imagine.
• 2) Do you have any practical threat models you can share. Doing threat modeling is bandied about alot, but most people don't do it, because its 'too hard'.
• 3) You recommend using: PlantUML or DOT (Graphwiz). Do you have any specific tools you recommend using that support/use these for developing good threat models?

(moved from #136)