This includes threat modeling, specifying the intended operational environment, defining of use and misuse cases, adopting of secure coding techniques, and performing source-level security reviews including source code analysis. Mark Patterson