It's good to see the authors use STRIDE to model threats. I have some questions. First, I wonder why STRIDE was used among the many threat modeling methods. Second, need to manage risk through the relevant threat modeling, and I am curious about how you proceeded with that part. Third, assuming that risk management was performed, I am curious about how you managed the risk for each risk factor. Fourth, the author did threat modeling for webcam, and I want to know the actual case of the threat to webcam, and I wonder at least one example of how the results are mapped from S, T, R, I, D, and E, respectively. Fifth, I understand that modeling was conducted based on open-source, and I wonder what layer to focus on when creating DFD, how the focused layer distinguishes it from the non-concentrated layer at the low level of DFD and I wonder why the unfocused layer was judged that way.
