LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How is security risk calculated, and what's the goal of secure programming?

Risk = Impact x Threat Level x Vulnerability Level — and secure programming attacks the one factor you control: the vulnerability level.

Classic risk is Impact x Probability. In software development that probability splits into two factors — how likely an attacker is to come at you (Threat Level) and how easy your flaws make it for them (Vulnerability Level) — giving the three-factor form below.

Factor Meaning Can You Control It?
Impact Damage if exploited (data breach, financial loss) Partially (containment)
Threat Level Attacker capabilities, motivation, exposure No
Vulnerability Level How many flaws exist and how exploitable they are Yes

Secure programming goals:

  1. Reduce vulnerability level — Fewer bugs through defensive coding, safe functions, security testing
  2. Make exploitation harder — Input validation, memory protections (ASLR, stack canaries), least privilege

You can't control attacker motivation, but you can make your software a harder target.

From Quiz: SPRG / Secure Programming Introduction | Updated: Jul 14, 2026