. . . man will occasionally stumble over the truth, but usually manages to pick himself up, walk over or around it, and carry on.
Winston S. Churchill
The second phase of the I-ADD security process is the analyze phase. During this phase you examine known attacks, vulnerabilities, and theoretical attacks in order to generate protections and mitigations. These protections and mitigations are methods or procedures used to inhibit an attacker's ability to exploit a vulnerability or perform an attack. The protections and mitigations should be identified without consideration for other factors, such as cost, limits to functionality, or time to implement. Trade-offs are evaluated and decisions are made during the next I-ADD phase, the define phase.