Quiz Entry - updated: 2026.07.14
What are STRIDE and DREAD used for in threat modeling?
STRIDE answers "what can go wrong?" (classifies threats into 6 types); DREAD answers "how bad is it?" (scores each threat 5-15 to prioritise).
* STRIDE → property — Spoofing↔Authentication, Tampering↔Integrity, Repudiation↔Non-repudiation, Disclosure↔Confidentiality, DoS↔Availability, EoP↔Authorization. *
STRIDE = What can go wrong? (Threat classification) DREAD = How bad is it? (Risk rating)
| Framework | Purpose | Output |
|---|---|---|
| STRIDE | Classify threats into 6 categories | List of threats by type |
| DREAD | Rate severity of each threat (5-15 score) | Prioritized threat list |
Workflow:
- Use STRIDE to systematically identify all threats
- Use DREAD to score each threat's risk
- Fix high-DREAD threats first
Tip: STRIDE tells you what to look for, DREAD tells you what to fix first.