International Journal of Innovative Research in Science, Engineering and Technology (IJIRSET) || e-ISSN: 2319-8753, p-ISSN: 2320-6710| www.ijirset.com | Impact Factor: 7.512| || Volume 9, Special Issue 2, October 2020 || 3 rd International Conference on Emerging Trends in Science, Technology and Mathematics [ICETSTM 20] 18 th September 2020 Organized by Department of Computer Science, Parvathy's Arts and Science College, Dindigul, Tamilnadu, India IJIRSET © 2020 | An ISO 9001:2008 Certified Journal | 58 A Review on Some Pertinent Software Security Risk Management Frameworks Syed Anas Ansar 1 , Mohd Faizan 2 , Mohd. Waris Khan 3 Research Scholar, Department of Information Technology, Babasaheb Bhimrao Ambedkar University, Lucknow, India 1 Research Scholar, Department of Information Technology, Babasaheb Bhimrao Ambedkar University, Lucknow, India 2 Assistant Professor, Department of Computer Application, Integral University, Lucknow, India 3 ABSTRACT: Nowadays, the software makes our work more ingenious as well as more organizable for peoples and organizations. It has been seen tremendous growth in software deployment. It makes our functioning circumstances more convenient, but on the other hand, it has security issues, and it becomes a primary concern for security experts to deal with it systematically. Software security risks are the weakness in the software which accidentally permits hazardous manipulations. To give prime consideration to the security mechanism, the valuable assets must be protected. Hence, prompt detection and remediation of software security risks is a crucial issue in software security. Software security experts rely primarily on risk management, and on the other hand, they do not implement convenient risk management model. In this paper, the researchers have laid stress on incorporating security mechanisms at the initial stage of SDLC (Software Development Life Cycle). KEYWORDS: Confidentiality, Integrity, Availability, Security, SDLC-Software Development Life Cycle, Risk Management. I. INTRODUCTION We are now in the age of digitalization, where software, hardware, and sensors are working together, and nearly all services are provided through computers [1]. The researchers have observed severe attacks in recent years, which exploits the vulnerabilities in IoT network devices. In addition, attackers may use vulnerability relationships to penetrate deep within the network [2]. An excessiveness of recent applications, which are launched every day in-app marketplaces to fulfil the stress of on-line booking, gaming, finance management, and different tasks that users will perform through one’s mobile devices [3]. Growing adoption and deployment of software undermines user’s security, safety, and privacy, while additionally facilitating “cybercrime at scale” and reducing the limitations to practical disbursed Denial of carrier (DDoS) attacks that threaten the integrity of the internet's infrastructure. Like other evolving socio-technical structures, causality, and effects inside the IoT are not continually trustworthy [4,5]. Nowadays, the software has emerged as the organization’s “new-perimeter.” Financial and customer assets, i.e., “information” have become an important entity, and applications must be secured sufficiently to guard them [6]. The urge to maintain security in this current scenario is a prime consideration. Risk management is a new discipline whose primary aim is to perceive, address, and remove software security risks. Risk is the possibility of an undesirable outcome or a loss. Software security risk management comprises of methods which are used to access as well as control risk. Risk identification and prioritization and its analysis are the sub-steps of risk assessment, while risk monitoring, risk management, planning, and risk resolutions are the sub-step of risk control [7]. Risk management is an approach in which project members regularly laid down what could adversely impact the projects. The development of a risk management system is a significant task of the overall issue of maintaining security [8]. It gives disciplined surroundings for strategic decision-making to continuously access what can go incorrect and recognize the risks that are important to address and enforce actions to address them [6]. There is a lack of understanding of software security in the early phase of the Software Development Life Cycle (SDLC), which should be illuminated as well as handled. Researchers, therefore, failed to create a stable program when implementing best practice software engineering. Not just integrating security requirements right from the beginning of SDLC but also ensures secure software. Therefore, it is logical that we need a software security framework to facilitate the security requirements process [1]. A number of different methods, as well as procedures so far to measure software