As a result of trying to simplify security and help force multiply, I’ve been iterating on different methods of communicating security in a way that enables people, from an intern all the way to a CEO, to understand why security is important and help the process of working with security.

One of those key elements that needs to be part of the communication is security risk, and while I already mentioned how to talk about it in the past, I needed a process to support that with data. The process, however, needed to remain simple and understandable by anyone. This is where the folks at the Binary Risk Analysis came to mind. They have a straight forward and easy to understand way to calculate security risk so you can have a conversation about it.

So, I decided to build on top of their great work, simplify it a little bit, and make it more generic. The result is the Forward Point Risk Process. Why that name? Because it’s the point where you can jump forward after understanding the security risk. You can have a conversation about what can go wrong, and choose to either do something about or accept the risk. It enables more fluid security, giving security professionals a simpler way to talk about security problems. Well, at least that’s what I hope.

We will see if this work!

Please consider supporting the site with a coffee.

Terms of Use

FRWDP is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and non infringement. In no event shall the author or copyright holder be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with this process or the use or other dealings in the process.

In short, without legalese: if you chose to use this process, which, is provided “as is”, you accept the risks. I am not responsible for any loss of data, security breaches, crash of the systems, or whatever problem running this process may bring.


There is no tracking, no cookies, no visit logs.

Nothing is collected, so there is nothing to be provided to you. Please don't ask.