DREAD is part of a system for risk-assessing computer security threats that was formerly used at Microsoft.[1] It provides a mnemonic for risk rating security threats using five categories. The categories are: Damage – how bad would an attack be? Reproducibility – how easy is it to reproduce the attack? Exploitability – how much work is it to launch the attack? Affected users – how many people wil