Software Security Total Risk Management: Security Innovation's Blueprint for Effective Program Development
Source: Security Innovation
Current challenges of the financial services sector aside, risk management has a long and venerable tradition of practical success in the world of insurance premiums and credit card interest rates. In the world of IT, however, the successful application of risk management techniques has been more elusive. This paper examines some of the major challenges of software security risk management and introduces the concept of Software Security Total Risk Management (SSTRM), an innovative programmatic approach by which enterprises can apply software security development and assessment best practices in order to meet the twin goals of enhancing business revenues and protecting against business losses.