Risk Assessment
An activity to identify, analyze, and evaluate risks. It involves understanding the likelihood of a risk occurring and the impact if it does.
Impact
A formal risk assessment removes emotion from the decision-making process. It replaces "I'm worried" with "There is a 20% chance of losing $100k."
Weinto take
Risk Assessment should be Continuous. A yearly risk assessment is a snapshot of the past. We use automated security scanning and vulnerability assessments to assess the risk posture of the codebase on every commit.