STRIDE/DREAD Threat Modeling
STRIDE/DREAD Threat Modeling is a Microsoft-developed methodology for systematically identifying and prioritizing security threats in software systems. STRIDE enumerates threat categories (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), and DREAD scores threats by Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.
Source record
Citations copied verbatim from the method’s source record. No claim-level verification is inferred from them.
- Shostack, A. (2008). Threat Modeling: Designing for Security. Microsoft Press. · ISBN 0735619913
- Howard, M., & Lipner, S. (2006). The Security Development Lifecycle. Microsoft Press. · ISBN 0735622140
- Schoenfield, B. (2015). Securing the Internet of Things. Apress. · ISBN 1430268271
Curated claims
Claims persisted in the evidence ledger, each with its own assessment.
This view does not invent a claim assessment when the ledger has none.
Related methods
Generated from the method graph and shown as machine-suggested relations — no evidence claim is inferred.
The generated relation graph has no outgoing relation for this method.