Once you have completed the process of generating a list of threats and have prioritized them as shown previously, you need to address each threat. A good way to track these issues is to log a bug for each issue and set the priority of the bug to match the priority you’ve identified in your threat analysis. You don’t need to use a sophisticated bug-tracking application for tracking threats. You could log all threats to your application in a Microsoft Excel spreadsheet, for example, shared by all members involved in finding, fixing and prioritizing security issues related to these threats. For each threat you have the following choices: