Which framework is commonly used for threat modeling?

Threat modeling uses a structured framework to identify threats in a system design before implementation. STRIDE is commonly used for this purpose because it provides a clear taxonomy of threat types—Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege—that map directly to attacker goals and design weaknesses. This makes it easier to brainstorm, categorize, and document mitigations early in the development lifecycle. Other frameworks like PASTA focus more on risk-centric processes, OCTAVE emphasizes organizational risk management, and NIST SP 800-30 is broad risk assessment guidance rather than a focused threat-modeling taxonomy, so STRIDE best fits the goal of a threat-modeling framework.