STRIDE (security)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

STRIDE is a model of threats developed by Microsoft[1] for identifying computer security threats.[2] It provides a mnemonic for security threats in six categories.[3]

The threat categories are:

The STRIDE was initially created as part of the process of threat modelling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows and trust boundaries.[4]

Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"

See also[edit]


  1. ^ Shostack, Adam. ""The Threats To Our Products"". Microsoft SDL Blog. Microsoft. Retrieved 18 August 2018. 
  2. ^ Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. Retrieved 18 August 2018. 
  3. ^ "The STRIDE Threat Model". Microsoft. Microsoft. 
  4. ^ Shostack (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990. 

External links[edit]