In today’s cybersecurity landscape, security by design is becoming a standard in software development. In this context, threat modeling plays a critical role in identifying, assessing, and mitigating potential security vulnerabilities in software systems as they are built. This report finds the majority of organizations that perform threat modeling do so from the design stage of the software development life cycle, ‘shifting left’ to address security issues early. They are becoming executive priorities and Boards of Directors are requiring regular updates on their progress. Despite its integration and perceived importance, threat modeling faces significant challenges such as scalability and resource allocation, which impede its broader application.