OWASP Rapid Developer-driven Threat Modeling

To provide a practical, developer-friendly methodology and supporting materials (documentation, threat templates, examples, and possibly automation tools) that make threat modeling accessible, scalable, and seamlessly integrated into modern software development.

Road Map

Phase 1 (0–6 months):

• Involve additional project members possibly representing organizations with different sizes and regulatory obligations.
• Publish the RaD-TM methodology as an OWASP guide
• Release initial Threat Templates and example models (we aim to have a collection of at least 10 Threat Templates aimed at different roles in the SDLC)
• Set up GitHub repository and community channels

Phase 2 (6–12 months):

• Expand Threat Template library (e.g., for additional standards/environments reaching at least 20 Threat Templates)
• Host community sessions or webinars

Phase 3 (12+ months):

• Develop basic automation tools or integrations
• Collaborate with other OWASP projects (e.g. Threat Dragon) for support of RaD-TM into threat modeling tools.