About this report
Unlike similar reports led by vendors or select experts, the SOTM report by TMC is a 100% community-driven effort. Drawing on insights from over 60 organizations, the report offers practical benchmarks and real-world perspectives that help practitioners reflect on, compare, and improve their own threat modeling practices.
Business alignment
How most companies integrate threat modeling into broader security activities.
Program building blocks
Common structure and practices companies use to build a threat modeling program.

AI in threat modeling
How and where AI is being used today–and what the community sees coming next.