LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are STRIDE and DREAD used for in threat modeling?

STRIDE answers "what can go wrong?" (classifies threats into 6 types); DREAD answers "how bad is it?" (scores each threat 5-15 to prioritise).

A colour-coded grid mapping each STRIDE category to the security property it violates.

* STRIDE → property — Spoofing↔Authentication, Tampering↔Integrity, Repudiation↔Non-repudiation, Disclosure↔Confidentiality, DoS↔Availability, EoP↔Authorization. *

STRIDE = What can go wrong? (Threat classification) DREAD = How bad is it? (Risk rating)

Framework Purpose Output
STRIDE Classify threats into 6 categories List of threats by type
DREAD Rate severity of each threat (5-15 score) Prioritized threat list

Workflow:

  1. Use STRIDE to systematically identify all threats
  2. Use DREAD to score each threat's risk
  3. Fix high-DREAD threats first

Tip: STRIDE tells you what to look for, DREAD tells you what to fix first.

From Quiz: SPRG / SDL and Threat Modeling | Updated: Jul 14, 2026