This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact firstname.lastname@example.org if you have any questions about the US-CERT website archive.
Provides a framework for identifying, tracking, and managing software risks. Best practices associated with software risk management are presented, along with content that discusses understanding software risks in a business context, identifying business and technical risks, prioritizing business and technical risks, and defining risk mitigation strategies.