Shostack + Friends Blog

State of Threat Modeling 2024-2025

The first-ever, community-powered report on threat modeling

The 'State of Threat Modeling 2024-2025' from Threat Modeling Connect is now live!

This is the first-ever, community-powered report on the current state of threat modeling. This report would not be possible without the community. From practitioners to policymakers to industry experts, 60+ organizations provided insights about practical benchmarks and recommendations.

Looking for a sneak peek?

STRIDE is still the most common approach, with 88% of survey respondents selecting STRIDE as a part of their company strategy.
System designs are essential, with even 37% of organizations citing diagrams as a main source of information to identify threats.
Ready for a third? Read the full report here!

We want to emphasize how the 'State of Threat Modeling' was a community effort. After reading this year's issue, we urge you to take the 2025-2026 survey to help in the data collection. Your insight is valuable, and we look forward to hearing from you!

Originally published by Kris on 12 Dec 2025
Categories: security threat modeling

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.