Some of my pet peeves with Threat Modeling, as its currently done by a lot of orgs out there: Threat Models are generated as tomes, rarely used by the people who need to be using it (architects, engineering teams, business owners, even security people)Consequently, Threat Modeling does not scale.