DREAD is part of a system for risk-assessing computer security threats that was formerly used at Microsoft.
[1] It provides a mnemonic for risk rating security threats using five categories.
It was initially proposed for threat modeling but was abandoned when it was discovered that the ratings are not very consistent and are subject to debate.
[2] When a given threat is assessed using DREAD, each category is given a rating from 1 to 10.
Some security experts feel that including the "Discoverability" element as the last D rewards security through obscurity, so some organizations have either moved to a DREAD-D "DREAD minus D" scale (which omits Discoverability) or always assume that Discoverability is at its maximum rating.