After about a year of work, the SAFECode Threat Modeling paper has been released today. SAFECode also released a paper on assessing 3rd party code.

I hope that you find these guides useful?

cheers,

/brook