2024-2025
State of Threat Modeling Report

The first-ever community-powered report on the practice of threat modeling.

Download the report

About this report

Unlike similar reports led by vendors or select experts, the SOTM report by TMC is a 100% community-driven effort. Drawing on insights from over 60 organizations, the report offers practical benchmarks and real-world perspectives that help practitioners reflect on, compare, and improve their own threat modeling practices.
Business alignment
How most companies integrate threat modeling into broader security activities.
Program building blocks
Common structure and practices companies use to build a threat modeling program.
AI in threat modeling
How and where AI is being used today–and what the community sees coming next.

Here’s a sneak peek...

Download the report for the full insights, but here’s a quick look at what we learned:
STRIDE is still the most common approach to threat modeling. But most companies blend it with elements from 3+ other methods.
AI is still emerging– only 7% of companies use it regularly. 40% occasionally. There’s a huge opportunity ahead.
Producing 10-100 threat models a year? That puts you in line with the majority of your peers–regardless of company size, industry, or region.
Download the full report and discover how your peers are practicing threat modeling today.
Download the report

About the SOTM project

The SOTM project is a community-driven initiative – by practitioners, for practitioners. It regularly publishes the State of Threat Modeling (SOTM) report to capture how threat modeling evolves across the industry, using real-world data and practitioner insights. Each edition provides a valuable benchmark for teams to reflect on, compare, and improve their own practices.

Project leads

Dave Soldera
Grant Ongers

Stay in the loop

Be the first to know when the next SOTM survey opens.
Sign up for updates

Get involved

The project is currently looking for contributors! Reach out to Grant Ongers and Dave Soldera if you’re interested in contributing to the development of the next edition.

Ready to revel in threat modeling facts and stats?

If you want to find out more and get a real understanding how others are using threat modeling, then just click below.
No details needed, just one click and boom, the report is yours!

Download the report