IT Risk Management: Guide to Software Risk Assessments and Audits
The software industry is one of the largest manufacturing industries in the world, with $350 billion in off-the-shelf software sold each year and over $100 billion in customized code on top of that. Despite the size, there is no standardized notion of software security quality even though the repercussions include product patches, data breaches leading to massive theft and fluctuations in corporate stock prices. In most cases organizations do not have any insight into what vulnerabilities exist in these applications, resulting in an unacceptable level of unbounded risk. Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations' missions.