The DREAD Risk Assessment Model
DREAD is part of a system for risk-assessing computer security threats previously used at Microsoft and although currently used by OpenStack and other corporations, it was abandoned by its creators.It provides a mnemonic for risk rating security threats using five categories.
The categories are:
Damage: How bad would an attack be?
Reproducibility: How easy is it to reproduce the attack?
Exploitability: How much work is it to launch the attack?
Affected users: How many people will be impacted?
Discoverability: How easy is it to discover the threat?
When a given threat is assessed using DREAD, each category is given a rating from 1 to 10. The sum of all ratings for a given issue can be used to prioritize among different issues.
Subscribe for the latest 6clicks content
Receive weekly updates on the latest additions to the 6clicks Content Library.