- DREAD: Risk assessment model
-
DREAD is part of a system for classifying computer security threats used at Microsoft. It provides a mnemonic for risk rating security threats using five categories.
The categories are:
- Damage - how bad would an attack be?
- Reproducibility - how easy it is to reproduce the attack?
- Exploitability - how much work is it to launch the attack?
- Affected users - how many people will be impacted?
- Discoverability - how easy it is to discover the threat?
The DREAD name comes from the initials of the five categories listed. It was initially proposed for threat modeling, but is now used more broadly.
When a given threat is assessed using DREAD, each category is given a rating. For example, 3 for high, 2 for medium, 1 for low and 0 for none. The sum of all ratings for a given exploit can be used to prioritize among different exploits.
External links
This computer security article is a stub. You can help Wikipedia by expanding it.
