What is DREAD?

DREAD is a risk-rating model used to prioritize threats after they've been identified. The acronym stands for Damage, Reproducibility, Exploitability, Affected users, and Discoverability — five factors each scored to produce an overall risk rating.

DREAD is often paired with a classification framework like STRIDE: STRIDE finds the threats, DREAD helps rank them so teams fix the most serious ones first. Because the scoring can be subjective, many teams use it as a rough prioritization aid rather than a precise metric.