Quiz Entry - updated: 2026.07.14
What does DREAD stand for and what question does each category answer?
Damage (how bad?), Reproducibility (how repeatable?), Exploitability (how much effort?), Affected users (how many?), Discoverability (how easy to find?).
* DREAD risk scoring — Damage, Reproducibility, Exploitability, Affected users, Discoverability (each 1-3, summed 5-15). *
DREAD Categories:
| Letter | Category | Question Answered |
|---|---|---|
| D | Damage | How bad would an attack be? |
| R | Reproducibility | How easy is it to reproduce the attack? |
| E | Exploitability | How much work is it to launch the attack? |
| A | Affected users | How many people will be impacted? |
| D | Discoverability | How easy is it to discover the threat? |
Purpose: Rate each threat using these five categories to prioritize which threats to address first.
Note: Some organizations use "DREAD-D" (DREAD minus Discoverability) because including discoverability rewards "security through obscurity."