WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -2358,7 +2358,7 @@ Exlcuding eliminated threats, the final landscape of applicable cybersecurity th
Risk analysis builds on the output of the Threat Modeling process to determines the risk level of the product and to provide visibility into the causes and sources of risk. Risk analysis consists of the following steps:
For each reduced, transfered, or accepted threat, manufacturers shall assign a "likelyhood" value and an "impact" value. "Likelyhood" refers to a reasoned estimate for the possibility of a specific threat materializing, while "Impact" refers to the reasonably estimated degree of damage, disruption, and loss suffered if the threat were to materialize. When estimating the likelyhood and impact of a given threat, manufacturers shall identify and assign risk factor values. The OWASP Risk Rating Methodology [\[i.20\]](#_ref_i.20) defines risk factors as characteristics that influence the likelyhood and the impact of a threat, and provide a set of risk factors reported here below.
For each reduced, transferred, or accepted threat, manufacturers can assign a "likelihood" value and an "impact" value. "Likelihood" refers to a reasoned estimate for the possibility of a specific threat materializing, while "Impact" refers to the reasonably estimated degree of damage, disruption, and loss suffered if the threat were to materialize. When estimating the likelihood and impact of a given threat, manufacturers identify and assign risk factor values. The OWASP Risk Rating Methodology [\[i.20\]](#_ref_i.20) defines risk factors as characteristics that influence the likelihood and the impact of a threat, and provide a set of risk factors reported here below.
