WHAT'S IN THIS CHAPTER?
How to explain security requirements
Proving that your application came from you
Packaging your application
Handling security issues in the field
A comprehensive threat model helps you identify the risks to which your customers are exposed. By designing your application with those risks in mind, you can act to mitigate them, but only once your customers have the application and are able to use it. Software must be installed, deployed, and used appropriately for the threat model to remain valid and the security countermeasures to be effective.
In creating your threat model you may have found some risks that cannot be mitigated in code — the connection to a remote service is at risk if the user sets a poor password, and the password is chosen outside your app. The risk cannot be ignored, and yet because the application cannot take care of the problem automatically, the user's attention must be drawn to it. Manuals are notorious for not being read (nor even downloaded, in these post-boxed-software days), so the user guide may not be the most appropriate place to record security requirements. Many users expect to download and launch an application, then discover how to use it while they begin working with the app. The only text they ever see might be on your product marketing page or the iTunes app store.
As always, knowing your customers could change your perception. In enterprise environments, ...