Quiz Entry - updated: 2026.07.14
How is security risk calculated, and what's the goal of secure programming?
Risk = Impact x Threat Level x Vulnerability Level — and secure programming attacks the one factor you control: the vulnerability level.
Classic risk is Impact x Probability. In software development that probability splits into two factors — how likely an attacker is to come at you (Threat Level) and how easy your flaws make it for them (Vulnerability Level) — giving the three-factor form below.
| Factor | Meaning | Can You Control It? |
|---|---|---|
| Impact | Damage if exploited (data breach, financial loss) | Partially (containment) |
| Threat Level | Attacker capabilities, motivation, exposure | No |
| Vulnerability Level | How many flaws exist and how exploitable they are | Yes |
Secure programming goals:
- Reduce vulnerability level — Fewer bugs through defensive coding, safe functions, security testing
- Make exploitation harder — Input validation, memory protections (ASLR, stack canaries), least privilege
You can't control attacker motivation, but you can make your software a harder target.