Subjective attack trees (SATs) extend traditional attack trees by taking into account the uncertainty about the probability values of security events. Assigning precise values is often difficult due to lack of knowledge, or insufficient historical data, making the evaluation of risk in existing approaches unreliable, and therefore unreliable security decisions. With SATs, the author seeks to better reflect the reality underpinning the model and offer a better approach to decision-making via the modeling of uncertainty about the probability distributions in the form of subjective opinions, resulting in a model taking second-order uncertainty into account. The author further discusses how to conduct security analysis, such as risk measuring and security investments analysis, under the proposed model. Security investments analysis requires first to incorporate the model with countermeasures and then study how these countermeasures reduce risk in the presence of uncertainty about probability values. The importance and advantage of the SAT model are demonstrated through extended examples.