方法证据记录
STRIDE/DREAD Threat Modeling
STRIDE/DREAD Threat Modeling is a Microsoft-developed methodology for systematically identifying and prioritizing security threats in software systems. STRIDE enumerates threat categories (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), and DREAD scores threats by Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.
源记录
引文逐字复制自方法源记录。这些引文不代表任何层级的验证。
STRIDE and DREAD Threat Modeling Methodology
分类方法记录 · ml-model / numerical-methods
- Shostack, A. (2008). Threat Modeling: Designing for Security. Microsoft Press. · ISBN 0735619913
- Howard, M., & Lipner, S. (2006). The Security Development Lifecycle. Microsoft Press. · ISBN 0735622140
- Schoenfield, B. (2015). Securing the Internet of Things. Apress. · ISBN 1430268271
精选声明
声明已持久化到证据分类账中,每个声明都有自己的评估。
尚无精选声明
当分类账中没有声明时,此视图不会自行创建声明评估。
相关方法
从方法图中生成,显示为机器建议的关系 — 不推断任何证据声明。
尚无相关方法
生成的关联图对此方法没有传出的关联。