DREAD is about evaluating each existing vulnerability using a mathematical formula to retrieve the vulnerability’s corresponding risk. The DREAD formula is divided into 5 main categories:
· Damage – how bad would an attack be?
· Reproducibility – how easy it is to reproduce the attack?
· Exploitability – how much work is it to launch the attack?
· Affected users – how many people will be impacted?
· Discoverability – how easy it is to discover the threat?
DREAD formula is:
Risk Value = (Damage + Affected users) x (Reproducibility + Exploitability + Discoverability).
Then the risk level is determined using defined thresholds below.