Risk analysis has many components. One component is the level of vulnerabilities in applications.

These pages show how to use publicly available information to analyze which applications are InfoSec hostile and look for alternatives that are InfoSec friendly.

The method for estimating the risk and therefore the relative efforts needed to support an application is not complex. Some effort is required, but not too much.

First we check the historical vulnerabilities for a package or application.

• Check Vulnerabilities

  Then we can see if there are current attacks being programmed.

• Check Currency of Vulnerabilities

  Finally we evaluate the degree that the attacks are successful causing users lost data, lost productivity, lost security.

• Estimate Degree of InfoSec Efforts