We are starting an OWASP threat modeling project to standardize a threat modeling approach which can be used by various companies. During the OWASP portugal summit I had a very meaningful and positive discussion on this topic and got support from a lot of people in the community. You can find out the results of the discussion at the OWASP Threat Modeling project page
If you would like to join the project, please join the mailing list at
Here are some of the topics to be taken up in the first meeting (most probably to be scheduled for next week)
- High level project roadmap with milestones.
- Call for participants
- Review existing resources within OWASP to align with threat modeling project.
- Come up with a threat modeling methodology
- Publish the first draft