Microsoft DREAD Microsoft DREAD is a framework for assessing the risks of software vulnerabilities. DREAD is an acronym for the five factors that are evaluated: Damage potential (Potentially harmful impact) Reproducibility Exploitability (Vulnerability

Microsoft DREAD

Microsoft DREAD is a framework for assessing the risks of software vulnerabilities. DREAD is an acronym for the five factors that are evaluated:

  1. Damage potential (Potentially harmful impact)
  2. Reproducibility
  3. Exploitability (Vulnerability to exploit)
  4. Affected users (Number of affected users)
  5. Discoverability

DREAD's goal is to provide a structured and consistent way to quantify and prioritize security risks. This allows developers and security teams to focus their resources on the most critical vulnerabilities and patch them before they are exploited.

Updated on 07 Aug, 2023