The principles of science go along well with data collection and creating a hypothesis based on the data that was initially collected. The scientific method would be used with white hats testing vulnerabilities on a server by simulating attacks and giving the data they were able to take back to the company. Threat analysis is something I’m a little more experienced with and this pretty much watches over process’s that were used by white hats and gather ideas on how much information could be stolen from their attacks. After they gather this information details relating back to the hypothesis would be able to determine if their test results were successful or if additional things need to be changed to make their program/server more secure.