Before the current focus on security at Microsoft, all security bugs at Microsoft were rated using the DREAD model. (See prior post). Now, Microsoft rates each security bug using the STRIDE model. STRIDE is an acronym that stands for:

  • Spoofing
  • Tampering
  • Repudiation
  • Information Discovery
  • Denial of Service (DoS)
  • Elevation of Privilege (EoP)