In this paper we developed a set of methods of qualitative analysis and quantitative assessment of the risks of software development, which resolves the contradiction arising from the development of software, and which consists in neglecting the company-developer of software security vulnerability factors software. A method of qualitative analysis software development risks. Its distinguishing feature is the account of operational risk factors, particularly the risk of not detecting software vulnerabilities and evaluation of arbitrary finite consistent set of "quantum information". A method quantifying software development risks. Its distinguishing feature is the integrated use of the method "Analysis of fault tree" and the method of estimating the net present value of a software development project, taking into account the possible negative factors of not detecting software security vulnerabilities.
risk assessment, software development, security vulnerabilities