What is STRIDE?

STRIDE is a threat modeling framework, originally developed at Microsoft, that helps teams systematically identify threats by classifying them into six categories. The acronym stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Each category maps to a security property it violates: spoofing breaks authentication, tampering breaks integrity, repudiation breaks non-repudiation, information disclosure breaks confidentiality, denial of service breaks availability, and elevation of privilege breaks authorization.

STRIDE is typically applied to the elements of a data flow diagram — processes, data stores, data flows, and external entities — to reason about what could go wrong at each point. Virantis runs STRIDE analysis automatically on every relevant change.