The State of Security by Design and Threat Modeling in 2025

Security Compass commissioned a US and Canada survey of security practitioners in medium-to large-scale software organizations. Most view threat modeling as a top priority. Across the software development lifecycle, success hinges on automation, investing in specialized training, improving toolchain interoperability, and defining clear metrics to demonstrate return on investment.