---
type: "term"
title: "STRIDE"
description: "A threat modeling methodology developed by Microsoft that categorizes threats into six types: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege."
resource: "tlctc:term:stride"
tags:
  - "glossary"
---
# STRIDE

A threat modeling methodology developed by Microsoft that categorizes threats into six types: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. In TLCTC: STRIDE is considered "per se incomplete" — it conflates causes with outcomes (e.g., "Information Disclosure" is an outcome/DRE, not a cause) and lacks coverage of human and physical threat vectors. TLCTC's cause-oriented 10-cluster model provides a more logically consistent foundation, and TLCTC recommends always starting threat assessment with its clusters rather than STRIDE alone.

**Reference:** V1.9.1 §Standardizing Strategic Cybersecurity, §Operational Layer




**Related reading:** [Beyond STRIDE — TLCTC superior approach](https://www.tlctc.net/tlctc-stride.html), [Beyond STRIDE — upgrading Microsoft TM Tool](https://www.tlctc.net/tlctc-microsoft-threat-modeling-stride.html), [End of semantic diffusion — DREAD vs STRIDE vs TLCTC](https://www.tlctc.net/tlctc-semantic-diffusion-dread-stride.html)

See also: OWASP, TLCTC