ASSESSING RISK INTRODUCED THROUGH A CODE CHANGE

Techniques are presented herein that shift the risk assessment focus during a software development process, away from the traditional end-of-process review (when a new feature is delivered, or an application is deployed) to earlier in the process when developers are actively at work. Such an approach allows a developer to assess the risk that a candidate software change is about to introduce prior to the developer committing that change, providing the developer with time (during the early portion of the process) to revisit the software and eliminate the identified risk. Aspects of the presented techniques leverage elements of a continuous integration (CI) and continuous deployment (CD) facility, the results that are available from existing unit and end-to-end tests, and the collection and analysis of OpenTelemetry (OTEL)-based metrics, events, logs, and traces (MELT) data to deliver security insights

IDENTIFYING ENTERPRISE RISK BASED ON BUSINESS CONTEXT WITH THREAT INTELLIGENCE

Presented herein are techniques that facilitate prioritizing risk mitigation efforts for business-critical services and transactions through the incorporation of a business context into threat intelligence scoring. Under aspects of the presented techniques, traditional threat intelligence tools may be employed to evaluate the risk that is associated with an enterprise asset; the results of such an evaluation may then be augmented with an enterprise-assigned business value for the asset to derive the asset’s business risk; and such a business risk may be leveraged to prioritize risk mitigation efforts, may be combined with other business risks, etc. The above-described process may be referred to herein as Business Risk Management (BRM)