Source: DREAD (Risk Assessment Model)
DREAD is part of a system for risk-assessing computer security threats previously used at Microsoft and currently used by OpenStack and many other corporations. It provides a mnemonic for risk rating security threats using five categories.
The categories are:
- Damage – how bad would an attack be?
- Reproducibility – how easy is it to reproduce the attack?
- Exploitability – how much work is it to launch the attack?
- Affected users – how many people will be impacted?
- Discoverability – how easy is it to discover the threat?