When internationally known security expert Bruce Schneier recommends a series of blogs on threat modeling (and he did) you know it has to be good. Larry Osterman has written a 13 part series on threat modeling using the PlaySound API as an example. It is complicated and is probably not for everyone. Serious students of security be they professionals, college/university students or even the really interested high school student will want to take a look.
BTW did you ever think that something like an API that plays sound would have to go through a serious treat modeling process as part of its development? A lot of things most of us just assume are safe and harmless are potential openings for people who would do bad things to our computers. That is something to think about in itself!
The index to the series may be found here. You may even want to print it out and make notes. That's what I'm doing.