This tool provides a genericised template for producing risk analyses according to a combination of statistical, mathematical and computational heuristics. It is intended to be used by teams wishing to increase awareness of security issues arising from technical debt.
A threat is way of causing damage to a system. A vulnerability is a flaw in the system that makes it possible for a threat to occur. An attack on a system is the realization of a threat through the exploitation of one or more vulnerabilities. The risk of an attack is the probability of that attack to occurs multiplied by its impact.
This tool outputs Markdown-formatted text for flexibility in integration.