(Author) The `riskquant` tool is really cool and the library is even cooler. I'm excited that tech folks are starting to quantify risks for their quickly changing systems.
Risk management in tech/cybersecurity is really immature compared to other domains like structural engineering (earthquakes), finance (portfolio risk position), or environmental health and safety.
riskquant and similar tools do the critical work of making proven risk analysis methods accessible in delivery pipelines and deployment platforms for inclusion in continuous risk monitoring systems and scaling periodic risk analysis activities.