DREAD Scoring
DREAD is a process for calculating the risk of a vulnerability. While DREAD Scoring measures quantitative risk, FAIR Scoring measures qualitative risk.
It is an acronym for:
- Damage: how much damage can attacker cause?
- Reproducability: how easy is the vulnerability to reproduce?
- Exploitability: how easy is it to conduct a successful attack?
- Affected users: what percentage of users does this affect?
- Discoverability: how easy is this to discover?
References:
- Tarandach, I., & Coles, M. J. (2020). Threat Modeling: A Practical Guide for Development Teams (1st ed.). O’Reilly Media.
Notes mentioning this note
Threat evaluation
Vulnerability Scoring
[[CVSS Scoring]]
[[Kubernetes Vulnerability Scoring]]
[[DREAD Scoring]]
[[FAIR Scoring]]