DREAD (risk assessment model)

DREAD (Damage, Reproducibility, Exploitability, Affected users, Discoverability) is a risk assessment and threat modeling system for computer security threats. When a given threat is assessed using DREAD, each category is given a rating from 1 to 10, and the sum of all ratings is taken to assess the overall risk.^[1] It was formerly used at Microsoft before being discontinued for its inconsistency and subjectivity.^[2]^[3] It has also been criticised for promoting security through obscurity through the discoverability element. Some organizations have moved to a DREAD-D "DREAD minus D" scale, which omits Discoverability.^[4]^[5]

[1]

[2]

[3]

[4]

[5]

DREAD (risk assessment model)

See also

References

External links

Wikiwand - on