Cybersecurity threats and vulnerabilities continue to grow in number and complexity, presenting an increasing challenge for organizations worldwide. Organizations use threat modelling and bug bounty programs to address these threats, which often operate independently. In this paper, we propose a Metric-Based Feedback Methodology (MBFM) that integrates bug bounty programs with threat modelling to improve the overall security posture of an organization. By analyzing and categorizing vulnerability data, the methodology enables identifying root causes and refining threat models to prioritize security efforts more effectively. The paper outlines the proposed methodology and its assumptions and provides a foundation for future research to develop the methodology into a versatile framework. Further research should focus on automating the process, integrating additional security testing approaches, and leveraging machine learning algorithms for vulnerability prediction and team-specific recommendations.