The Microsoft SDL Threat Modeling Tool

As part of the design phase of the SDL, threat modeling allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. Therefore, it helps reduce the Total Cost of Development.

http://msdn.microsoft.com/en-us/security/dd206731.aspx