August 2018
Beginner
594 pages
22h 33m
English
Content preview from Software Architect's Handbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
DREAD risk assessment model
DREAD is a risk assessment model that can be used to prioritize security threats. Like the STRIDE model, it was created by Microsoft. DREAD is an acronym that represents the following risk factors:
- Damage potential
- Reproducibility
- Exploitability
- Affected users
- Discoverability
Each risk factor for a given threat can be given a score (for example, 1 to 10). The sum of all the factors divided by the number of factors represents the overall level of risk for the threat. A higher score signifies a higher level of risk and would typically be given a higher priority when determining which threats should be focused on first.