Back to glossary

DREAD Model

A risk assessment model used to rate and prioritize security threats based on five key criteria.

AbbreviationDREAD
Categorysecurity

Overview

DREAD is a quantitative approach to evaluating the severity of threats identified during threat modeling. Each threat is scored (typically from 1 to 10) across five categories, and the average score determines the priority.

The DREAD Criteria

  • Damage: How bad would the attack be?
  • Reproducibility: How easy is it to repeat the attack?
  • Exploitability: How much work is it to launch the attack?
  • Affected Users: How many people would be impacted?
  • Discoverability: How easy is it to find the vulnerability?

Current Status

While DREAD was popular for many years, it has been largely superseded by more objective systems like CVSS (Common Vulnerability Scoring System) due to the subjective nature of its scoring.

Related Terms

Threat ModelingSTRIDE ModelCommon Vulnerability Scoring System (CVSS)