DREAD
Damage, Reproducibility, Exploitability, Affected Users, Discoverability
DREAD is a risk rating model that scores threats on five dimensions to produce a quantitative risk value. Each dimension receives a score from 1 to 10, and the average determines overall threat severity.
Como é usado em cibersegurança
Security architects and penetration testers use DREAD scores to prioritize which vulnerabilities to fix first after threat modeling sessions. The model pairs well with STRIDE since STRIDE identifies threats and DREAD ranks their severity. Some organizations have replaced DREAD with CVSS, but it remains popular for its simplicity in threat modeling workshops.
Termo relacionado no glossário: dread
As definições são explicações originais escritas para fins de desenvolvimento profissional. Para definições técnicas autoritativas, consulte NIST, ISO ou o órgão de normalização correspondente.