Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Title A name given to the resource Articles Article Faculty Publications -Articles Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Title A name given to the resource Automated Risk Management Based Software Security Vulnerabilities Management Subject The topic of the resource integrated security management system; machine learning; quantitative risk assessment; Quantitative threat modeling; software security Description An account of the resource An automated risk assessment approach is explored in this work. The focus is to optimize the conventional threat modeling approach to explore software system vulnerabilities. Data produced in the software development processes are better leveraged using Machine Learning approaches. A large amount of industry knowledge around security vulnerabilities can be leveraged to enhance current threat modeling approaches. Work done here is in the ecosystem of software development processes that use Agile methodology. Insurance business domain data are explored as a target for this study. The focus is to enhance the traditional threat modeling approach with a better quantitative approach and reduce the biases introduced by the people who are part of software development processes. This effort will help bridge multiple data sources prevalent across the software development ecosystem. Bringing these various data sources together will assist in understanding patterns associated with security aspects of the software systems. This perspective further helps to understand and devise better controls. Approaches explored so far have considered individual areas of software development and their influence on improving security. There is a need to build an integrated approach for a total security solution for the software systems. A wide variety of machine learning approaches and ensemble approaches will be explored. The insurance business domain is considered for the research here. CWE (Common Weaknesses Enumeration) mapping from industry knowledge are leveraged to validate the security needs from the industry perspective. This combination of industry and company data will help get a holistic picture of the software system's security. Combining the industry and company data helps lay down the path for an integrated security management system in software development. The risk management framework with the quantitative threat modeling process is the work's uniqueness. This work contributes toward making the software systems secure and robust with time. 2013 IEEE. Creator An entity primarily responsible for making the resource Althar R.R.; Samanta D.; Kaur M.; Singh D.; Lee H.-N. Source A related resource from which the described resource is derived IEEE Access, Vol-10, pp. 90597-90608. Publisher An entity responsible for making the resource available Institute of Electrical and Electronics Engineers Inc. Date A point or period of time associated with an event in the lifecycle of the resource 2022-01-01 Identifier An unambiguous reference to the resource within a given context <a href="https://doi.org/10.1109/ACCESS.2022.3185069" target="_blank" rel="noreferrer noopener">https://doi.org/10.1109/ACCESS.2022.3185069</a> <br /><br /><a href="https://www.scopus.com/inward/record.uri?eid=2-s2.0-85133705570&amp;doi=10.1109%2FACCESS.2022.3185069&amp;partnerID=40&amp;md5=34390481d0a1b2825811ff60629c9d14" target="_blank" rel="noreferrer noopener">https://www.scopus.com/inward/record.uri?eid=2-s2.0-85133705570&amp;doi=10.1109%2fACCESS.2022.3185069&amp;partnerID=40&amp;md5=34390481d0a1b2825811ff60629c9d14</a> Rights Information about rights held in and over the resource All Open Access; Gold Open Access Relation A related resource ISSN: 21693536 Format The file format, physical medium, or dimensions of the resource Online Language A language of the resource English Type The nature or genre of the resource Article Coverage The spatial or temporal topic of the resource, the spatial applicability of the resource, or the jurisdiction under which the resource is relevant Althar R.R., Christ University, Data Science Department, Karnataka, Bangalore, 560029, India, First American India Private Ltd., Qms, Karnataka, Bangalore, 560038, India; Samanta D., Christ University, Department of Computer Science, Karnataka, Bangalore, 560029, India; Kaur M., First American India Private Ltd., Qms, Karnataka, Bangalore, 560038, India; Singh D., First American India Private Ltd., Qms, Karnataka, Bangalore, 560038, India; Lee H.-N., First American India Private Ltd., Qms, Karnataka, Bangalore, 560038, India