Reference – Security Bug Assessment Model – DREAD
Before the current focus on security at Microsoft, all security bugs at Microsoft were rated using the DREAD model. DREAD is an acronym stands for:
- Damage Potential
- Reproducibility
- Exploitability
- Affected Users
- Discoverability
When a bug was filed, the bug would be rated from 1-10 in each of these areas.