Current challenges of the financial services sector aside, risk management has a long and venerable tradition of practical success in the world of insurance premiums and credit card interest rates. In the world of IT, however, the successful application of risk management techniques has been more elusive.
This problem has been no more apparent than in IT application and software development. Despite industry statistics that enterprises lose billions of dollars annually through application availability downtime or other security breaches, effective risk management techniques have yet to take hold.
This paper examines some of the major challenges of software security risk management and introduces the concept of Software Security Total Risk Management (SSTRM), an innovative programmatic approach by which enterprises can apply software security development and assessment best practices in order to meet the twin goals of enhancing business revenues and protecting against business losses.