Reference – Security Bug Assessment Model – DREAD
Before the current focus on security at Microsoft, all security bugs at Microsoft were rated using the DREAD model. DREAD is an acronym stands for:
- Damage Potential
- Affected Users
When a bug was filed, the bug would be rated from 1-10 in each of these areas.