Abstract: Example implementations relate to privacy risk assessments. Some implementations may include a privacy risk identification engine to automatically identify privacy risks in an application based on an analysis of application code. Additionally, some implementations may include a privacy risk identification engine to obtain privacy risk information related to each of the privacy risks. Moreover, some implementations may include a privacy risk assessment engine to assess a severity of each of the privacy risks based on an analysis of the privacy risk information. In some examples, the analysis may include a determination of, for each of the privacy risks, a risk impact and a risk likelihood.

Abstract: Example implementations are described that include displaying a graphical element related to privacy risk information for an application. A processor of a computing device may determine, for the application, a privacy attention score based on first privacy risk information. The processor may determine, for the application, an aggregated privacy assessment score from a plurality of privacy risk scores that are based on second privacy risk information. The processor may cause a graphical element representing a combination of the privacy attention score and the aggregated privacy assessment score to be displayed via a display device.

Abstract: Example implementations are described that include displaying a graphical element related to privacy risk information for an application. A processor of a computing device may determine, for the application, a privacy attention score based on first privacy risk information. The processor may determine, for the application, an aggregated privacy assessment score from a plurality of privacy risk scores that are based on second privacy risk information. The processor may cause a graphical element representing a combination of the privacy attention score and the aggregated privacy assessment score to be displayed via a display device.

Abstract: In one implementation, a system calculating a product risk profile includes a criticality score engine to calculate a criticality score via an aggregation of values assigned to a plurality of descriptions of a component of a product criticality. In addition, the system includes a vulnerability score engine to calculate a vulnerability score via an aggregation of a quantity of security risks found during a security assessment for the product. In addition, the system includes a product risk profile engine to calculate a product risk profile for the product via a multiplication of the criticality score and the vulnerability score.

Abstract: In one implementation, a system for risk scoring a software application includes a component score engine to calculate an impact component score and a likelihood component score for a security vulnerability during development of the software application based on a plurality of scored descriptions of security risk elements for the software application. In addition, the system includes a total risk score engine to calculate a total security risk score for the software product application on the impact component score and the likelihood component score for the security vulnerability of the software application. In addition, the system includes a risk characterization engine to assign a risk characterization to the software product based on where the total risk score falls within a predetermined scale.

Abstract: Example implementations relate to privacy risk assessments. Some implementations may include a privacy risk identification engine to automatically identify privacy risks in an application based on an analysis of application code. Additionally, some implementations may include a privacy risk identification engine to obtain privacy risk information related to each of the privacy risks. Moreover, some implementations may include a privacy risk assessment engine to assess a severity of each of the privacy risks based on an analysis of the privacy risk information. In some examples, the analysis may include a determination of, for each of the privacy risks, a risk impact and a risk likelihood.

Abstract: In one implementation, a system for risk scoring a software application includes a component score engine to calculate an impact component score and a likelihood component score for a security vulnerability during development of the software application based on a plurality of scored descriptions of security risk elements for the software application. In addition, the system includes a total risk score engine to calculate a total security risk score for the software product application on the impact component score and the likelihood component score for the security vulnerability of the software application. In addition, the system includes a risk characterization engine to assign a risk characterization to the software product based on where the total risk score falls within a predetermined scale.

Abstract: In one implementation, a system calculating a product risk profile includes a criticality score engine to calculate a criticality score via an aggregation of values assigned to a plurality of descriptions of a component of a product criticality. In addition, the system includes a vulnerability score engine to calculate a vulnerability score via an aggregation of a quantity of security risks found during a security assessment for the product. In addition, the system includes a product risk profile engine to calculate a product risk profile for the product via a multiplication of the criticality score and the vulnerability score.