Respond to the following in a minimum of 175 words: 

The SDLC (software/system development life cycle) framework, where security is often addressed only during the testing phase, is sometimes used by organizations. However, that practice has many flaws, especially the failure to identify threats and/or vulnerabilities because testing is done so late in the framework.

How can you include threat modeling within your SSDLC? At what points of the lifecycle would you include threats? Why would you do it then instead of another phase?