/awesome-risk-quantification

A collection of awesome projects, blog posts, books, and talks on quantifying risk

Awesome Risk Quantification

Risk quantification attempts to assign numeric values to risks, instead of qualitative labels such as "Critical" and "High".

Doing this makes it easier to prioritize the different risks we need to mitigate. Also, "you can't improve what you can't measure"!

This repository focuses primarily on cybersecurity related risks.

Open Source Projects

  • Raven - a "flexible and multi-purpose uncertainty quantification, regression analysis, probabilistic risk assessment, data analysis and model optimization framework" from the Idaho National Laboratory
  • riskquant - a library for computing risk, using different distributions, from Netflix
  • evaluator - R package for quantitative risk assessment, based upon OpenFAIR
  • collector - R package for "conducting quantitative risk assessment interviews"

Blog Posts and Papers

Books

Talks

  • Quantifying Risk by Markus De Shon (2020) - walks through the process of measuring risk, from identifying threats and assets to guessing frequency and magnitude (in terms of money)
  • Forecasting, Browsers, and “In The Wild” Exploitation by Ryan McGeehan (2019) - Ryan forecasts the probability of a Chrome zero day being exploited in the wild in a certain month

Related Subjects