STRIDE vs DREAD vs PASTA vs LINDDUN:Choosing the Right Framework
When teams first encounter threat modeling, the most common question isn't how to do it: it's which method to use. STRIDE, DREAD, PASTA, and LINDDUN all appear in OWASP documentation and are often presented as alternatives. They are not. They operate at different stages of the process and are designed to complement each other. If you are new to threat modeling entirely, read our foundational guide before continuing.
What Problem Does Each Framework Solve?
Understanding the distinct role of each framework eliminates most of the confusion about when to use which one.
| Framework | Primary Job | Stage in Process | Complexity |
|---|---|---|---|
| STRIDE | Discover threats: what can go wrong? | Identification | Low |
| DREAD | Score threats: which ones matter most? | Prioritization | Low |
| PASTA | Analyze attacker intent and business impact | Deep Analysis | High |
| LINDDUN | Discover privacy-specific threats | Identification (privacy) | Medium |
What Is STRIDE and When Should You Use It?
STRIDE was developed at Microsoft and remains the most widely used threat modeling framework. It works as a structured checklist: for every component in your system, you ask whether it is vulnerable to each of six threat categories. It is designed to be applied to data flow diagrams, walking through each data store, process, data flow, and external entity.
| Letter | Threat | The Question to Ask |
|---|---|---|
| S | Spoofing | Can someone impersonate a different user, service, or system? |
| T | Tampering | Can someone modify data: in transit or at rest: without detection? |
| R | Repudiation | Can someone perform an action and plausibly deny they did it? |
| I | Information Disclosure | Can sensitive data be exposed to parties who should not see it? |
| D | Denial of Service | Can someone degrade or disable the system for legitimate users? |
| E | Elevation of Privilege | Can someone gain access beyond what they are authorized for? |
Use STRIDE when you want a fast, systematic sweep of a system or feature. It is the right starting point for almost every threat modeling exercise, regardless of team size or security experience. Its limitation: STRIDE tells you what kinds of threats exist: not how dangerous they are or which to fix first.
What Is DREAD and How Does the Scoring Work?
DREAD is a risk-scoring model, not a threat discovery tool. It takes the threat list you produced with STRIDE and assigns a numerical risk score to each item. Each threat is rated from 1 to 10 across five dimensions, then averaged into a total score.
| Letter | Dimension | Score 1 (Low) | Score 10 (High) |
|---|---|---|---|
| D | Damage Potential | Minor inconvenience | Full system compromise or data breach |
| R | Reproducibility | Rarely replicable | Trivially reproducible every time |
| E | Exploitability | Requires expert attacker | Anyone can exploit it with basic tools |
| A | Affected Users | Single isolated user | All users affected simultaneously |
| D | Discoverability | Extremely difficult to find | Obvious and publicly exposed |
A DREAD score above 7 is generally treated as high priority for immediate remediation. Below 4 is typically accepted or deferred. The scoring provides engineering teams a documented, defensible rationale for prioritization: important when explaining decisions to stakeholders or auditors. Limitation: scores are subjective and vary between assessors. Calibrate against shared examples before relying on numbers for resource allocation.
What Is PASTA and When Does It Make Sense?
PASTA (Process for Attack Simulation and Threat Analysis) is a seven-stage methodology that connects threat modeling directly to business risk. Where STRIDE asks what could go wrong technically, PASTA asks what an attacker would actually do: and what that would cost the business.
- Define business objectives and compliance requirements
- Define the technical scope of the application
- Decompose the application into components and data flows
- Analyze threats relevant to the application context
- Identify and catalog existing vulnerabilities
- Model attacks: enumerate realistic attack scenarios
- Analyze risk and business impact for each scenario
Use PASTA when you are analyzing a high-value system where failures carry significant financial, legal, or reputational consequences: financial platforms, healthcare applications, systems storing payment data. It produces richer outputs than STRIDE but requires significantly more time and security expertise. Limitation: PASTA is too resource-intensive for individual features or short sprint cycles. Reserve it for architectural reviews of critical components.
What Is LINDDUN and Who Needs It?
LINDDUN applies the same structured, checklist-driven approach as STRIDE: but targets privacy threats instead of security threats. It was developed at KU Leuven and is essential for any system that collects, stores, or processes personal data.
| Letter | Privacy Threat | What It Means |
|---|---|---|
| L | Linkability | Combining data items reveals something the user did not intend to disclose |
| I | Identifiability | A person can be identified from data that was supposed to be anonymous |
| N | Non-repudiation | A user cannot deny having performed an action: a privacy violation, not just a security one |
| D | Detectability | An attacker can infer that data about a specific user exists, without seeing the data itself |
| D | Disclosure of Information | Personal data is exposed to parties who should not have access |
| U | Unawareness | Users do not know what data is collected about them or how it is used |
| N | Non-compliance | Failure to meet legal privacy obligations such as GDPR, HIPAA, or CCPA |
Use LINDDUN when your system collects or processes personal data: especially under privacy regulations. STRIDE will not surface most of these issues because it was not designed for privacy. A user analytics platform, a healthcare portal, or any consumer-facing application needs LINDDUN in addition to STRIDE.
Side-by-Side: All Four Frameworks Compared
| Criteria | STRIDE | DREAD | PASTA | LINDDUN |
|---|---|---|---|---|
| Primary purpose | Find threats | Rank threats | Analyze attacker intent & business impact | Find privacy threats |
| Can be used alone? | Yes | No: needs a threat list first | Yes (comprehensive) | Best paired with STRIDE |
| Best for | Any team size | Any team size | Mature security programs | Systems handling personal data |
| Output produced | Threat list | Prioritized, scored threat list | Risk-weighted attack scenarios | Privacy threat list |
| Time investment | Hours to days | Hours | Days to weeks | Hours to days |
| Compliance use | General | General | Audit-ready documentation | Privacy regulations (GDPR etc.) |
| Learning curve | Low | Low | High | Medium |
Can You Combine Multiple Frameworks?
Not only can you: for most real-world systems, you should. The most effective threat modeling programs use more than one framework. The most common combinations are:
- STRIDE + DREAD: The baseline for most teams. STRIDE produces the threat list; DREAD turns it into a prioritized backlog. Can be completed in a single day for a typical feature.
- STRIDE + LINDDUN: Run both on your data flow diagram. STRIDE surfaces security threats; LINDDUN surfaces privacy threats. Together they give complete coverage for any system handling user data.
- STRIDE + DREAD + PASTA: For high-value components, use STRIDE and DREAD for the initial pass, then run PASTA on the highest-risk areas to produce the business-impact analysis needed for executive reporting or external audits.
Which Framework Is Right for Your Team Right Now?
- Starting from scratch? Begin with STRIDE on your most critical component, then add DREAD scoring once you have a threat list to prioritize.
- Handling user personal data? Add LINDDUN alongside STRIDE. Don't wait for a regulatory audit to discover privacy gaps.
- Building for fintech, healthtech, or enterprise? Invest in PASTA for your core architecture. The depth of analysis is worth the time when breaches carry legal liability.
- Short on time? Even a 30-minute STRIDE pass on a whiteboard is better than skipping threat modeling entirely.
Common Mistakes When Choosing a Framework
- Treating the frameworks as mutually exclusive: they are designed to complement each other
- Using DREAD alone, without first generating a threat list through STRIDE or another identification method
- Applying PASTA to every feature: it should be reserved for high-risk components where the investment pays off
- Skipping LINDDUN because your application doesn't feel like a privacy product: if you store email addresses, you need it
- Running the analysis once and never updating it when the system changes