A model for software security designed and owned by [[Microsoft]]. The model is an acronym: - spoofing identities - tampering with data/violating data [[integrity]] - repudiation: the ability to deny responsibility - information disclosure, violating [[confidentiality]] - denial of service, violating [[availability]] - elevation/escalation of privilege