Threats must be understood to build secure systems 

Every spec/design goes through threat analysis 

Model of component is created 

Threats categorized based on STRIDE 

Severity ranked based on DREAD 

Stride: 

S—Spoofing 

T—Tampering of Data 

R—Repudiation  

I—information Disclosure 

D—Denial of Service  

E—Escalation of Privileges 

Dread: 

D—Damage potential 

R—Reproducibility 

E—Exploitability 

A—Affected Users 

D—Discoverability