Any software intensive system carries a great deal of potential risks to the business or mission that that software supports. The software risk can be a weakness that can cause a security breach, or one that can cause the software to fail, or to corrupt data. There are many types of software risk out there, and most organizations don’t have a great handle on such risks, as of late 2017.
A software risk scorecard is a way to gather information about software risk for all critical systems in one place. And it’s a way to monitor such risks over time. A sample of a software risk scorecard is shown below, comprising information about four mission critical systems.