2024-2025
State of Threat Modeling Report

The first-ever community-powered report on the practice of threat modeling.

Download the report

About this report

Unlike similar reports led by vendors or select experts, the SOTM report by TMC is a 100% community-driven effort. Drawing on insights from over 60 organizations, the report offers practical benchmarks and real-world perspectives that help practitioners reflect on, compare, and improve their own threat modeling practices.
Business alignment
How most companies integrate threat modeling into broader security activities.
Program building blocks
Common structure and practices companies use to build a threat modeling program.
AI in threat modeling
How and where AI is being used today–and what the community sees coming next.

Here’s a sneak peek...

Download the report for the full insights, but here’s a quick look at what we learned:
STRIDE is still the most common approach
88% of survey responders selected STRIDE as an approach that has some form of alignment to how their company threat models.
System diagrams are essential

74% said that creating system diagrams was mandatory, 37% stated that it is the main source of information to generate threats.
AI is still emerging

Only 7% of companies use it regularly. 40% occasionally. There’s a huge opportunity ahead.
Download the full report and discover how your peers are practicing threat modeling today.

Upcoming sessions

Join the report authors and our community for live sessions discussing top takeaways and key insights from the report, and learn how to use them to benchmark and improve your own threat modeling practices.
Workshop
Live at ThreatModCon DC: SOTM Deep Dive + What’s Next
Join us in person at ThreatModCon for an interactive session on the SOTM findings, key takeaways, AI trends, and a first look at the next survey.
Webinar
SOTM Release: First Look at the Findings
Get a guided walkthrough of the inaugural SOTM report with its authors and explore key insights, trends, and benchmarking tips.

About the SOTM project

The SOTM project is a community-driven initiative – by practitioners, for practitioners. It regularly publishes the State of Threat Modeling (SOTM) report to capture how threat modeling evolves across the industry, using real-world data and practitioner insights. Each edition provides a valuable benchmark for teams to reflect on, compare, and improve their own practices.

Project leads

Dave Soldera
Grant Ongers

Stay in the loop

Be the first to know when the next SOTM survey opens.

Get involved

The project is currently looking for contributors! Reach out to Grant Ongers and Dave Soldera if you’re interested in contributing to the development of the next edition.

Ready to revel in threat modeling facts and stats?

If you want to find out more and get a real understanding how others are using threat modeling, then just click below.
No details needed, just one click and boom, the report is yours!