Why hasn't the industry embraced threat modeling development inspite of many frameworks available? While DevOps (and DevSecOps) has gained traction? Even within companies that claim to practice DevSecOps, threat modeling is often ignored.What is HN's opinion on this?
This CMU post lists 12 different Threat Modeling approaches:
https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/