What is DREAD in Cybersecurity?

Frameworks & StandardsDREAD

DREAD is a risk rating model that scores threats across five categories: Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. Each category is rated on a scale (typically 1 to 10), and the average produces an overall risk score. Microsoft originally used DREAD alongside STRIDE for threat modeling.

Why DREAD Matters for Your Cybersecurity Career

While Microsoft has moved away from DREAD due to its subjectivity, many organizations and training programs still use it. Security architects and engineers apply DREAD to prioritize which threats to address first. Understanding DREAD helps cybersecurity professionals communicate risk in quantifiable terms during design reviews.

Which Cybersecurity Roles Use DREAD?

Security ArchitectView career guide →Security EngineerView career guide →GRC AnalystView career guide →

Related Cybersecurity Terms

STRIDE PASTA Common Vulnerability Scoring System

Related Cybersecurity Certifications

CISSPView certification guide →CompTIA Security+View certification guide →

Frequently Asked Questions

What does DREAD mean in cybersecurity?

Why is DREAD important in cybersecurity?

Which cybersecurity roles work with DREAD?

Cybersecurity professionals who regularly work with DREAD include Security Architect, Security Engineer, GRC Analyst. These roles apply DREAD knowledge within the Frameworks & Standards domain.

Sources

OWASP: DREAD Threat Rating Model

Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.

Last verified: April 2026Report an inaccuracy

Related Resources

Related Cybersecurity Career Guides

Related Cybersecurity Certifications

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.