{"id":14647,"date":"2024-10-24T09:32:31","date_gmt":"2024-10-24T07:32:31","guid":{"rendered":"https:\/\/www.intesys.it\/journal\/?p=14647"},"modified":"2025-03-17T12:10:25","modified_gmt":"2025-03-17T11:10:25","slug":"risk-assessment-per-lo-sviluppo-sicuro-del-software","status":"publish","type":"post","link":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/","title":{"rendered":"Risk assessment per lo sviluppo sicuro del software: come lo facciamo, in dettaglio"},"content":{"rendered":"<p><div id='wpig-contents' class='wpig-contents wpig-number-list wpig-no-hierarachy wpig-sidebar-widget wpig-style-1'><span class='wpig-headline'>Indice dei contenuti<\/span><!-- Table of Contents --><div id='wpig-table-of-content' class='wpig-table-of-content' ><ol><li class='stoc-cosa-significa-risk-management-nei-progetti-software'><a href='#stoc-cosa-significa-risk-management-nei-progetti-software'>Cosa significa risk management nei progetti software?<\/a><\/li><li class='stoc-risk-assessment-lo-sviluppo-sicuro-del-software-parte-da-qui'><a href='#stoc-risk-assessment-lo-sviluppo-sicuro-del-software-parte-da-qui'>Risk assessment: lo sviluppo sicuro del software parte da qui<\/a><\/li><li class='stoc-individuazione-delle-minacce-il-metodo-stride'><a href='#stoc-individuazione-delle-minacce-il-metodo-stride'>Individuazione delle minacce: il metodo STRIDE<\/a><\/li><li class='stoc-perche-e-soprattutto-come-analizziamo-il-rischio'><a href='#stoc-perche-e-soprattutto-come-analizziamo-il-rischio'>Perch\u00e9, e soprattutto come analizziamo il rischio<\/a><\/li><li class='stoc-e-questo-e-solo-linizio-per-lo-sviluppo-sicuro-del-software'><a href='#stoc-e-questo-e-solo-linizio-per-lo-sviluppo-sicuro-del-software'>E questo \u00e8 solo l\u2019inizio per lo sviluppo sicuro del software<\/a><\/li><\/ol><\/div><!-- END OF Table of Contents --><\/div><\/p>[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]<strong>In Intesys, siamo consapevoli sia dell\u2019impatto determinante del software sul business aziendale, sia delle innumerevoli minacce che lo circondano. Non a caso, su queste pagine abbiamo affrontato pi\u00f9 volte il tema dello sviluppo sicuro del software, sottolineando quanto faccia parte del nostro DNA. Oggi, ci concentriamo e approfondiamo il tema del risk assessment.<\/strong>[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]\n<h2 id=\"stoc-cosa-significa-risk-management-nei-progetti-software\" class=\"wpig-heading\">Cosa significa risk management nei progetti software?<\/h2>\n<p>Il nostro approccio alla sicurezza delle applicazioni si basa su paradigmi innovativi come<strong> Defense in Depth<\/strong> e <strong>Security by Design<\/strong>. Quest&#8217;ultimo, in particolare, mira a integrare misure tecniche di sicurezza, ma anche metodologiche e di processo, in ogni fase del <a href=\"https:\/\/www.intesys.it\/information-technology\/metodologia-e-approccio\/ciclo-di-vita-del-software\/\" target=\"_blank\" rel=\"noopener\">ciclo di vita del software<\/a> (SDLC). In questo modo, possiamo realizzare soluzioni che soddisfano sfidanti requisiti funzionali e prestazionali, ma che sono anche <strong>resilienti rispetto a un vero e proprio ecosistema di minacce<\/strong>.<\/p>\n<p>Il terreno su cui ci muoviamo \u00e8 quello del <strong>risk management<\/strong>, un pilastro di ogni progetto software, nonch\u00e9 una delle principali responsabilit\u00e0 del project manager. Nel contesto dello <a href=\"https:\/\/www.intesys.it\/information-technology\/servizi-it\/custom-application-development\/\" target=\"_blank\" rel=\"noopener\">sviluppo applicativo<\/a>, il concetto di rischio non \u00e8 infatti limitato alla <a href=\"https:\/\/www.intesys.it\/journal\/information-technology\/condividere-la-cultura-della-sicurezza-del-software\/\">sicurezza del software<\/a>, e quindi a tutti i fattori esterni e interni che la minacciano, ma abbraccia tutti quegli elementi che possono<strong> causare deviazioni rilevanti rispetto agli obiettivi iniziali del progetto<\/strong>, siano essi legati a tempistiche, costi o qualit\u00e0 del deliverable finale. Tra i rischi rientrano quindi ritardi nelle scadenze, stime di costo imprecise, carenza di risorse e turnover di competenze chiave.<\/p>\n<p>I security risk meritano per\u00f2 un\u2019attenzione particolare, e soprattutto <strong>richiedono delle competenze altamente specializzate<\/strong> per essere indirizzati in modo corretto. In progetti di una certa dimensione, riteniamo quindi pi\u00f9 che opportuna la presenza di un ruolo dedicato, il <strong>Software Security Manager (SSM)<\/strong>, che si occupa \u2013 tra l\u2019altro &#8211; di eseguire l&#8217;analisi dei rischi e di identificare i requisiti di sicurezza per i singoli progetti. In Intesys, l\u2019SSM \u00e8 una risorsa chiave per la buona riuscita delle nostre attivit\u00e0.[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]<strong>Leggi il nostro documento metodologico di Sviluppo Software Sicuro:<\/strong>[\/vc_column_text][vc_raw_html css=&#8221;&#8221;]JTNDJTIxLS1IdWJTcG90JTIwQ2FsbC10by1BY3Rpb24lMjBDb2RlJTIwLS0lM0UlM0NzcGFuJTIwY2xhc3MlM0QlMjJocy1jdGEtd3JhcHBlciUyMiUyMGlkJTNEJTIyaHMtY3RhLXdyYXBwZXItY2NiMDEyNTEtNmUwYS00MTI3LWJhMzItZWM4ZjgxNjdlNzlkJTIyJTNFJTNDc3BhbiUyMGNsYXNzJTNEJTIyaHMtY3RhLW5vZGUlMjBocy1jdGEtY2NiMDEyNTEtNmUwYS00MTI3LWJhMzItZWM4ZjgxNjdlNzlkJTIyJTIwaWQlM0QlMjJocy1jdGEtY2NiMDEyNTEtNmUwYS00MTI3LWJhMzItZWM4ZjgxNjdlNzlkJTIyJTNFJTNDJTIxLS0lNUJpZiUyMGx0ZSUyMElFJTIwOCU1RCUzRSUzQ2RpdiUyMGlkJTNEJTIyaHMtY3RhLWllLWVsZW1lbnQlMjIlM0UlM0MlMkZkaXYlM0UlM0MlMjElNUJlbmRpZiU1RC0tJTNFJTNDYSUyMGhyZWYlM0QlMjJodHRwcyUzQSUyRiUyRmN0YS1yZWRpcmVjdC5odWJzcG90LmNvbSUyRmN0YSUyRnJlZGlyZWN0JTJGNTM1MTAxNSUyRmNjYjAxMjUxLTZlMGEtNDEyNy1iYTMyLWVjOGY4MTY3ZTc5ZCUyMiUyMHRhcmdldCUzRCUyMl9ibGFuayUyMiUyMHJlbCUzRCUyMm5vb3BlbmVyJTIyJTNFJTNDaW1nJTIwY2xhc3MlM0QlMjJocy1jdGEtaW1nJTIyJTIwaWQlM0QlMjJocy1jdGEtaW1nLWNjYjAxMjUxLTZlMGEtNDEyNy1iYTMyLWVjOGY4MTY3ZTc5ZCUyMiUyMHN0eWxlJTNEJTIyYm9yZGVyLXdpZHRoJTNBMHB4JTNCJTIyJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZuby1jYWNoZS5odWJzcG90LmNvbSUyRmN0YSUyRmRlZmF1bHQlMkY1MzUxMDE1JTJGY2NiMDEyNTEtNmUwYS00MTI3LWJhMzItZWM4ZjgxNjdlNzlkLnBuZyUyMiUyMCUyMGFsdCUzRCUyMlNDQVJJQ0ElMjBJTCUyMERPQ1VNRU5UTyUyMiUyRiUzRSUzQyUyRmElM0UlM0MlMkZzcGFuJTNFJTNDc2NyaXB0JTIwY2hhcnNldCUzRCUyMnV0Zi04JTIyJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZqcy5oc2N0YS5uZXQlMkZjdGElMkZjdXJyZW50LmpzJTIyJTNFJTNDJTJGc2NyaXB0JTNFJTNDc2NyaXB0JTIwdHlwZSUzRCUyMnRleHQlMkZqYXZhc2NyaXB0JTIyJTNFJTIwaGJzcHQuY3RhLmxvYWQlMjg1MzUxMDE1JTJDJTIwJTI3Y2NiMDEyNTEtNmUwYS00MTI3LWJhMzItZWM4ZjgxNjdlNzlkJTI3JTJDJTIwJTdCJTIydXNlTmV3TG9hZGVyJTIyJTNBJTIydHJ1ZSUyMiUyQyUyMnJlZ2lvbiUyMiUzQSUyMm5hMSUyMiU3RCUyOSUzQiUyMCUzQyUyRnNjcmlwdCUzRSUzQyUyRnNwYW4lM0UlM0MlMjEtLSUyMGVuZCUyMEh1YlNwb3QlMjBDYWxsLXRvLUFjdGlvbiUyMENvZGUlMjAtLSUzRQ==[\/vc_raw_html][divider line_type=&#8221;No Line&#8221; custom_height=&#8221;10&#8243;][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]\n<h2 id=\"stoc-risk-assessment-lo-sviluppo-sicuro-del-software-parte-da-qui\" class=\"wpig-heading\">Risk assessment: lo sviluppo sicuro del software parte da qui<\/h2>\n<p>In un progetto software, la gestione del rischio, questa volta di qualsiasi natura, si suddivide in due macro-processi: il <strong>risk assessment<\/strong> e il <strong>risk control<\/strong>. A sua volta, il primo (di cui ci occupiamo in questa sede) consta di tre attivit\u00e0 chiave:<\/p>\n<ol>\n<li>L\u2019individuazione dei rischi;<\/li>\n<li>L\u2019analisi dei rischi;<\/li>\n<li>Lo scoring e definizione delle priorit\u00e0 d\u2019intervento;<\/li>\n<\/ol>\n<p>Il risk assessment \u00e8 determinante per lo sviluppo sicuro del software. Riteniamo infatti che non possa esistere un\u2019applicazione sicura in termini assoluti, <strong>ma solo ed esclusivamente in forma relativa alle minacce concretamente esistenti<\/strong>, che a loro volta dipendono dal contesto, dal tipo di applicazione e dalle tecnologie adottate, ma anche dall\u2019azienda, dai suoi obiettivi e dal settore in cui opera. Al di l\u00e0 di alcune misure base di protezione, che <strong>adottiamo in qualsiasi progetto software<\/strong>, le soluzioni pi\u00f9 evolute vanno valutate caso per caso sulla base dell\u2019ecosistema delle minacce, della probabilit\u00e0 che si concretizzino e delle conseguenze attese. \u00c8 un\u2019attivit\u00e0 molto complessa, che richiede appunto delle competenze ad hoc e una corposa fase di analisi, ma \u00e8 anche l\u2019unica strada possibile per far s\u00ec che il risultato finale bilanci perfettamente performance, funzionalit\u00e0 e sicurezza, nonch\u00e9 tempi e costi.[\/vc_column_text][vc_row_inner column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; left_padding_desktop=&#8221;60&#8243; text_align=&#8221;left&#8221; row_position=&#8221;default&#8221; row_position_tablet=&#8221;inherit&#8221; row_position_phone=&#8221;inherit&#8221; overflow=&#8221;visible&#8221; pointer_events=&#8221;all&#8221;][vc_column_inner column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; overflow=&#8221;visible&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]<strong>Consulta il documento di Assessment per lo Sviluppo Software Sicuro:<\/strong>[\/vc_column_text][vc_raw_html css=&#8221;&#8221;]JTNDJTIxLS1IdWJTcG90JTIwQ2FsbC10by1BY3Rpb24lMjBDb2RlJTIwLS0lM0UlM0NzcGFuJTIwY2xhc3MlM0QlMjJocy1jdGEtd3JhcHBlciUyMiUyMGlkJTNEJTIyaHMtY3RhLXdyYXBwZXItOGFiNmQyZjMtMDc0MS00YTU5LTk5NzktMjFkNzk2Mjk2ZTk2JTIyJTNFJTNDc3BhbiUyMGNsYXNzJTNEJTIyaHMtY3RhLW5vZGUlMjBocy1jdGEtOGFiNmQyZjMtMDc0MS00YTU5LTk5NzktMjFkNzk2Mjk2ZTk2JTIyJTIwaWQlM0QlMjJocy1jdGEtOGFiNmQyZjMtMDc0MS00YTU5LTk5NzktMjFkNzk2Mjk2ZTk2JTIyJTNFJTNDJTIxLS0lNUJpZiUyMGx0ZSUyMElFJTIwOCU1RCUzRSUzQ2RpdiUyMGlkJTNEJTIyaHMtY3RhLWllLWVsZW1lbnQlMjIlM0UlM0MlMkZkaXYlM0UlM0MlMjElNUJlbmRpZiU1RC0tJTNFJTNDYSUyMGhyZWYlM0QlMjJodHRwcyUzQSUyRiUyRmN0YS1yZWRpcmVjdC5odWJzcG90LmNvbSUyRmN0YSUyRnJlZGlyZWN0JTJGNTM1MTAxNSUyRjhhYjZkMmYzLTA3NDEtNGE1OS05OTc5LTIxZDc5NjI5NmU5NiUyMiUyMHRhcmdldCUzRCUyMl9ibGFuayUyMiUyMHJlbCUzRCUyMm5vb3BlbmVyJTIyJTNFJTNDaW1nJTIwY2xhc3MlM0QlMjJocy1jdGEtaW1nJTIyJTIwaWQlM0QlMjJocy1jdGEtaW1nLThhYjZkMmYzLTA3NDEtNGE1OS05OTc5LTIxZDc5NjI5NmU5NiUyMiUyMHN0eWxlJTNEJTIyYm9yZGVyLXdpZHRoJTNBMHB4JTNCJTIyJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZuby1jYWNoZS5odWJzcG90LmNvbSUyRmN0YSUyRmRlZmF1bHQlMkY1MzUxMDE1JTJGOGFiNmQyZjMtMDc0MS00YTU5LTk5NzktMjFkNzk2Mjk2ZTk2LnBuZyUyMiUyMCUyMGFsdCUzRCUyMlNDQVJJQ0ElMjBJTCUyMERPQ1VNRU5UTyUyMiUyRiUzRSUzQyUyRmElM0UlM0MlMkZzcGFuJTNFJTNDc2NyaXB0JTIwY2hhcnNldCUzRCUyMnV0Zi04JTIyJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZqcy5oc2N0YS5uZXQlMkZjdGElMkZjdXJyZW50LmpzJTIyJTNFJTNDJTJGc2NyaXB0JTNFJTNDc2NyaXB0JTIwdHlwZSUzRCUyMnRleHQlMkZqYXZhc2NyaXB0JTIyJTNFJTIwaGJzcHQuY3RhLmxvYWQlMjg1MzUxMDE1JTJDJTIwJTI3OGFiNmQyZjMtMDc0MS00YTU5LTk5NzktMjFkNzk2Mjk2ZTk2JTI3JTJDJTIwJTdCJTIydXNlTmV3TG9hZGVyJTIyJTNBJTIydHJ1ZSUyMiUyQyUyMnJlZ2lvbiUyMiUzQSUyMm5hMSUyMiU3RCUyOSUzQiUyMCUzQyUyRnNjcmlwdCUzRSUzQyUyRnNwYW4lM0UlM0MlMjEtLSUyMGVuZCUyMEh1YlNwb3QlMjBDYWxsLXRvLUFjdGlvbiUyMENvZGUlMjAtLSUzRQ==[\/vc_raw_html][divider line_type=&#8221;No Line&#8221;][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]\n<h2 id=\"stoc-individuazione-delle-minacce-il-metodo-stride\" class=\"wpig-heading\">Individuazione delle minacce: il metodo STRIDE<\/h2>\n<p>La prima fase di un risk assessment finalizzato allo <a href=\"https:\/\/www.intesys.it\/information-technology\/metodologia-e-approccio\/sviluppo-codice-sicuro\/\" target=\"_blank\" rel=\"noopener\">sviluppo di codice sicuro<\/a> \u00e8 l\u2019individuazione e la modellazione delle minacce (threat modeling). Data la vastit\u00e0 del tema e la sua evoluzione pressoch\u00e9 quotidiana, bisogna affidarsi a un framework, o meglio a un modello di riconosciuta efficacia. Nel nostro caso, adottiamo il modello STRIDE, di cui abbiamo gi\u00e0 parlato in un precedente articolo sul tema <a href=\"https:\/\/www.intesys.it\/journal\/information-technology\/esiste-davvero-un-sistema-informatico-sicuro\/\">sistema informatico sicuro<\/a> e che suddivide le minacce in sei dimensioni o categorie:[\/vc_column_text][divider line_type=&#8221;No Line&#8221; custom_height=&#8221;10&#8243;][nectar_icon_list animate=&#8221;true&#8221; color=&#8221;Extra-Color-3&#8243; direction=&#8221;vertical&#8221; icon_size=&#8221;small&#8221; icon_style=&#8221;no-border&#8221;][nectar_icon_list_item icon_type=&#8221;icon&#8221; text_full_html=&#8221;html&#8221; title=&#8221;List Item&#8221; id=&#8221;1741003448340-5&#8243; tab_id=&#8221;1741003448341-10&#8243; header=&#8221;1. Spoofing&#8221;]<span class=\"NormalTextRun SCXW200552844 BCX0\">A<\/span><span class=\"NormalTextRun SCXW200552844 BCX0\">ccesso ad un sistema informatico senza <\/span><span class=\"NormalTextRun SCXW200552844 BCX0\">diritto.<\/span>[\/nectar_icon_list_item][nectar_icon_list_item icon_type=&#8221;icon&#8221; text_full_html=&#8221;html&#8221; title=&#8221;List Item&#8221; id=&#8221;1741003448358-8&#8243; tab_id=&#8221;1741003448359-2&#8243; header=&#8221;2. Tampering&#8221;]<span class=\"TextRun SCXW23804360 BCX0\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW23804360 BCX0\">Deliberata manomissione di dati.<\/span><\/span>[\/nectar_icon_list_item][nectar_icon_list_item icon_type=&#8221;icon&#8221; text_full_html=&#8221;html&#8221; title=&#8221;List Item&#8221; id=&#8221;1741003448379-7&#8243; tab_id=&#8221;1741003448380-1&#8243; header=&#8221;3. Repudiation&#8221;]<span class=\"NormalTextRun SCXW141249932 BCX0\">L<\/span><span class=\"NormalTextRun SCXW141249932 BCX0\">\u2019<\/span><span class=\"NormalTextRun SCXW141249932 BCX0\">utente nega di aver eseguito un&#8217;azione <\/span><span class=\"NormalTextRun SCXW141249932 BCX0\">e l\u2019azienda non ha i mezzi per contestare tale affermazione.<\/span>[\/nectar_icon_list_item][nectar_icon_list_item icon_type=&#8221;icon&#8221; text_full_html=&#8221;html&#8221; title=&#8221;List Item&#8221; id=&#8221;1741003448390-6&#8243; tab_id=&#8221;1741003448391-9&#8243; header=&#8221;3. Information disclosure&#8221;]<span class=\"NormalTextRun SCXW181243269 BCX0\">Condivi<\/span><span class=\"NormalTextRun SCXW181243269 BCX0\">sione di i<\/span><span class=\"NormalTextRun SCXW181243269 BCX0\">nformazioni al di fuori <\/span><span class=\"NormalTextRun SCXW181243269 BCX0\">della cerchia <\/span><span class=\"NormalTextRun SCXW181243269 BCX0\">degli aventi diritto.<\/span>[\/nectar_icon_list_item][nectar_icon_list_item icon_type=&#8221;icon&#8221; text_full_html=&#8221;html&#8221; title=&#8221;List Item&#8221; id=&#8221;1741003448410-3&#8243; tab_id=&#8221;1741003448411-1&#8243; header=&#8221;3. Denial of service&#8221;]<span class=\"TextRun SCXW193717620 BCX0\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW193717620 BCX0\">Blocco o riduzione considerevole delle performance del servizio.<\/span><\/span>[\/nectar_icon_list_item][nectar_icon_list_item icon_type=&#8221;icon&#8221; text_full_html=&#8221;html&#8221; title=&#8221;List Item&#8221; id=&#8221;1741003448432-8&#8243; tab_id=&#8221;1741003448433-4&#8243; header=&#8221;3. Elevation of privilege&#8221;]<span class=\"NormalTextRun SCXW25212603 BCX0\">L\u2019<\/span><span class=\"NormalTextRun SCXW25212603 BCX0\">utente ottiene accessi superiori a quelli autorizzati.<\/span>[\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]\n<h2 id=\"stoc-perche-e-soprattutto-come-analizziamo-il-rischio\" class=\"wpig-heading\">Perch\u00e9, e soprattutto come analizziamo il rischio<\/h2>\n<p>Al di l\u00e0 di STRIDE, un aspetto su cui vogliamo soffermarci \u00e8 la <strong>metodologia che adottiamo per analizzare il rischio<\/strong> e per costruire la matrice impatto-probabilit\u00e0.<br \/>\nQuesta fase, che di fatto corrisponde al secondo e al terzo punto del processo di risk assessment descritto precedentemente, \u00e8 essenziale perch\u00e9 ci permette di comprendere quali siano le misure di sicurezza (livelli medio e alto) cui attingere dalle nostre <strong>Linee Guida per lo Sviluppo di Software Sicuro<\/strong> (LGSSS) e applicare poi in concreto.[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]<strong>Consulta le nostre Linee Guida per lo Sviluppo di Software Sicuro (LGSSS)<\/strong>[\/vc_column_text][vc_raw_html css=&#8221;&#8221;]JTNDJTIxLS1IdWJTcG90JTIwQ2FsbC10by1BY3Rpb24lMjBDb2RlJTIwLS0lM0UlM0NzcGFuJTIwY2xhc3MlM0QlMjJocy1jdGEtd3JhcHBlciUyMiUyMGlkJTNEJTIyaHMtY3RhLXdyYXBwZXItNGY5MmYzOGUtODlhZC00YzI1LTliMjUtMzQwMjYxOGE3ZmUxJTIyJTNFJTNDc3BhbiUyMGNsYXNzJTNEJTIyaHMtY3RhLW5vZGUlMjBocy1jdGEtNGY5MmYzOGUtODlhZC00YzI1LTliMjUtMzQwMjYxOGE3ZmUxJTIyJTIwaWQlM0QlMjJocy1jdGEtNGY5MmYzOGUtODlhZC00YzI1LTliMjUtMzQwMjYxOGE3ZmUxJTIyJTNFJTNDJTIxLS0lNUJpZiUyMGx0ZSUyMElFJTIwOCU1RCUzRSUzQ2RpdiUyMGlkJTNEJTIyaHMtY3RhLWllLWVsZW1lbnQlMjIlM0UlM0MlMkZkaXYlM0UlM0MlMjElNUJlbmRpZiU1RC0tJTNFJTNDYSUyMGhyZWYlM0QlMjJodHRwcyUzQSUyRiUyRmN0YS1yZWRpcmVjdC5odWJzcG90LmNvbSUyRmN0YSUyRnJlZGlyZWN0JTJGNTM1MTAxNSUyRjRmOTJmMzhlLTg5YWQtNGMyNS05YjI1LTM0MDI2MThhN2ZlMSUyMiUyMHRhcmdldCUzRCUyMl9ibGFuayUyMiUyMHJlbCUzRCUyMm5vb3BlbmVyJTIyJTNFJTNDaW1nJTIwY2xhc3MlM0QlMjJocy1jdGEtaW1nJTIyJTIwaWQlM0QlMjJocy1jdGEtaW1nLTRmOTJmMzhlLTg5YWQtNGMyNS05YjI1LTM0MDI2MThhN2ZlMSUyMiUyMHN0eWxlJTNEJTIyYm9yZGVyLXdpZHRoJTNBMHB4JTNCJTIyJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZuby1jYWNoZS5odWJzcG90LmNvbSUyRmN0YSUyRmRlZmF1bHQlMkY1MzUxMDE1JTJGNGY5MmYzOGUtODlhZC00YzI1LTliMjUtMzQwMjYxOGE3ZmUxLnBuZyUyMiUyMCUyMGFsdCUzRCUyMkxFR0dJJTIwTEUlMjBOT1NUUkUlMjBMSU5FRSUyMEdVSURBJTIyJTJGJTNFJTNDJTJGYSUzRSUzQyUyRnNwYW4lM0UlM0NzY3JpcHQlMjBjaGFyc2V0JTNEJTIydXRmLTglMjIlMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRmpzLmhzY3RhLm5ldCUyRmN0YSUyRmN1cnJlbnQuanMlMjIlM0UlM0MlMkZzY3JpcHQlM0UlM0NzY3JpcHQlMjB0eXBlJTNEJTIydGV4dCUyRmphdmFzY3JpcHQlMjIlM0UlMjBoYnNwdC5jdGEubG9hZCUyODUzNTEwMTUlMkMlMjAlMjc0ZjkyZjM4ZS04OWFkLTRjMjUtOWIyNS0zNDAyNjE4YTdmZTElMjclMkMlMjAlN0IlMjJ1c2VOZXdMb2FkZXIlMjIlM0ElMjJ0cnVlJTIyJTJDJTIycmVnaW9uJTIyJTNBJTIybmExJTIyJTdEJTI5JTNCJTIwJTNDJTJGc2NyaXB0JTNFJTNDJTJGc3BhbiUzRSUzQyUyMS0tJTIwZW5kJTIwSHViU3BvdCUyMENhbGwtdG8tQWN0aW9uJTIwQ29kZSUyMC0tJTNF[\/vc_raw_html][divider line_type=&#8221;No Line&#8221;][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]<strong>Come calcoliamo, dunque, la probabilit\u00e0 che un rischio si concretizzi<\/strong>, ovvero che si verifichi l\u2019evento dannoso? Come giungiamo alla conclusione che esso abbia un indice basso, medio o alto di verificarsi? La competenza e l\u2019esperienza su diversi progetti hanno un ruolo molto importante in tal senso, ma anche qui c\u2019\u00e8 bisogno di un framework di valore a cui riferirsi, come la <a href=\"https:\/\/owasp.org\/www-community\/OWASP_Risk_Rating_Methodology\" target=\"_blank\" rel=\"noopener\">OWASP Risk Rating Methodology<\/a>.[\/vc_column_text][image_with_animation image_url=&#8221;12712&#8243; image_size=&#8221;full&#8221; animation_type=&#8221;entrance&#8221; animation=&#8221;None&#8221; animation_movement_type=&#8221;transform_y&#8221; hover_animation=&#8221;none&#8221; alignment=&#8221;&#8221; border_radius=&#8221;none&#8221; box_shadow=&#8221;none&#8221; image_loading=&#8221;default&#8221; max_width=&#8221;100%&#8221; max_width_mobile=&#8221;default&#8221;][divider line_type=&#8221;No Line&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]Secondo questa metodologia, la probabilit\u00e0 che si verifichi l\u2019evento si calcola in due fasi: prima, identificando chi potrebbe avere interesse e capacit\u00e0 a concretizzarla, ovvero il Gruppo dei <strong>Threat Agent<\/strong>, e poi assegnando dei punteggi (da 1 a 3) a diversi TAF, ovvero a dei <strong>Threat Agent Factor<\/strong>. In particolare, a:<\/p>\n<ul>\n<li>Il livello di competenza tecnica necessaria per concretizzare la minaccia;<\/li>\n<li>La motivazione che spinge il Gruppo a procedere;<\/li>\n<li>Le opportunit\u00e0 disponibili;<\/li>\n<li>La dimensione del Gruppo di Threat Agent.<\/li>\n<\/ul>\n<p>Una semplice somma dei valori numerici attribuiti nell\u2019analisi determina l\u2019effettiva probabilit\u00e0 (bassa, media o alta) che l\u2019evento, e quindi la minaccia, si verifichino.<\/p>\n<p>L\u2019altra dimensione fondamentale della matrice di<strong> risk assessment<\/strong> \u00e8 l\u2019impatto della minaccia. Lo calcoliamo in modo analogo al precedente, ovvero assegnando un valore (da 1 a 3) alle possibili conseguenze dell\u2019attacco su 4 dimensioni specifiche, sommando poi i valori e distribuendo il risultato su <strong>tre livelli di rischio<\/strong> (basso, medio, alto). Le quattro dimensioni sono:<\/p>\n<ul>\n<li>Perdita di profitto;<\/li>\n<li>Danno reputazionale;<\/li>\n<li>Sanzioni e spese legali;<\/li>\n<li>Costi di ripristino.<\/li>\n<\/ul>\n<p>Alla fine, \u00e8 sufficiente riportare l\u2019esito nella matrice per ottenere il livello generale di rischio per ogni <strong>minaccia STRIDE<\/strong>, da cui deriviamo non solo le misure tecniche da adottare, ma anche la <strong>priorit\u00e0 di intervento<\/strong>.[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; top_margin=&#8221;30&#8243; bottom_margin=&#8221;30&#8243; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; advanced_gradient_angle=&#8221;0&#8243; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; enable_animation=&#8221;true&#8221; animation=&#8221;fade-in&#8221; animation_easing=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221; gradient_type=&#8221;default&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]<em>Ilario Gavioli, General Manager di Intesys, parla di Sicurezza del Software a ESICONF2025. <\/em><em>Guarda il video completo e scopri come creiamo applicazioni sicure sin dalla fase di progettazione, garantendo al contempo qualit\u00e0 e sostenibilit\u00e0 dei costi.<\/em>[\/vc_column_text][vc_video link=&#8221;https:\/\/www.youtube.com\/watch?v=qsKyoH8dfic&#8221; align=&#8221;center&#8221; css=&#8221;&#8221;][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]\n<h2 id=\"stoc-e-questo-e-solo-linizio-per-lo-sviluppo-sicuro-del-software\" class=\"wpig-heading\">E questo \u00e8 solo l\u2019inizio per lo sviluppo sicuro del software<\/h2>\n<p>L\u2019analisi dei rischi di sicurezza, come anticipato, non \u00e8 un\u2019attivit\u00e0 fine a s\u00e9 stessa, ma va integrata in un ciclo di vita che consideri la <a href=\"https:\/\/www.intesys.it\/journal\/information-technology\/condividere-la-cultura-della-sicurezza-del-software\/\">sicurezza del software<\/a> come elemento costitutivo. Questo ci ha portato a standardizzare i processi di sviluppo, ad adottare il pi\u00f9 possibile l\u2019automazione, a condurre analisi statiche del codice e, cosa tutt\u2019altro che secondaria, ad applicare le nostre Linee Guida per lo Sviluppo di <a href=\"https:\/\/www.intesys.it\/journal\/information-technology\/software-sicuro-lgsss-nostre-linee-guida\/\" rel=\"noopener\">Software Sicuro<\/a> in modo sartoriale e non standardizzato. In fondo, un risk assessment ben fatto serve esattamente a questo: a capire cosa serve davvero e ad applicarlo tempestivamente, nella certezza di non disperdere tempo e budget su attivit\u00e0 a scarso valore.[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; bg_color=&#8221;#0f33ce&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;light&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; advanced_gradient_angle=&#8221;0&#8243; overlay_strength=&#8221;0.8&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;padding-4-percent&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; constrain_group_2=&#8221;yes&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; advanced_gradient_angle=&#8221;0&#8243; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221; gradient_type=&#8221;default&#8221;][vc_row_inner column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; text_align=&#8221;left&#8221; row_position=&#8221;default&#8221; row_position_tablet=&#8221;inherit&#8221; row_position_phone=&#8221;inherit&#8221; overflow=&#8221;visible&#8221; pointer_events=&#8221;all&#8221;][vc_column_inner column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; overflow=&#8221;visible&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/6&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][image_with_animation image_url=&#8221;10304&#8243; image_size=&#8221;full&#8221; animation_type=&#8221;entrance&#8221; animation=&#8221;None&#8221; animation_movement_type=&#8221;transform_y&#8221; hover_animation=&#8221;none&#8221; alignment=&#8221;&#8221; border_radius=&#8221;none&#8221; box_shadow=&#8221;none&#8221; image_loading=&#8221;default&#8221; max_width=&#8221;custom&#8221; max_width_custom=&#8221;35%&#8221;][\/vc_column_inner][vc_column_inner column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; overflow=&#8221;visible&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;5\/6&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]\n<h5 id=\"stoc-software-sicuro\" class=\"wpig-heading\">SOFTWARE SICURO<\/h5>\n[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_custom_heading text=&#8221;Scopri come sviluppiamo<br \/>\nsoluzioni a prova di cyberischio&#8221; font_container=&#8221;tag:h3|font_size:34px|text_align:left|color:%23ffffff|line_height:42px&#8221; use_theme_fonts=&#8221;yes&#8221; css=&#8221;&#8221;][nectar_btn size=&#8221;medium&#8221; open_new_tab=&#8221;true&#8221; button_style=&#8221;see-through-2&#8243; color_override=&#8221;#ffffff&#8221; hover_color_override=&#8221;#17fdb4&#8243; hover_text_color_override=&#8221;#000000&#8243; icon_family=&#8221;none&#8221; text=&#8221;SCOPRI DI PI\u00d9&#8221; margin_top=&#8221;30&#8243; url=&#8221;https:\/\/www.intesys.it\/information-technology\/metodologia-e-approccio\/sviluppo-codice-sicuro\/&#8221;][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"<p>[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221;&#8230;<\/p>\n","protected":false},"author":6,"featured_media":14657,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[27],"tags":[206,784,233],"class_list":{"0":"post-14647","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-information-technology","8":"tag-cybersecurity","9":"tag-secure-coding","10":"tag-development"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Sviluppo sicuro del software: come facciamo il risk assessment<\/title>\n<meta name=\"description\" content=\"Risk assessment per lo sviluppo sicuro del software: scopri come lo facciamo per garantire sicurezza e non disperdere tempo e budget.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sviluppo sicuro del software: come facciamo il risk assessment\" \/>\n<meta property=\"og:description\" content=\"Risk assessment per lo sviluppo sicuro del software: scopri come lo facciamo per garantire sicurezza e non disperdere tempo e budget.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/\" \/>\n<meta property=\"og:site_name\" content=\"Intesys Journal\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-24T07:32:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-17T11:10:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2022\/02\/dem-journal-login-unico-europeo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"250\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ilario Gavioli\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2022\/02\/dem-journal-login-unico-europeo.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ilario Gavioli\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/\",\"url\":\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/\",\"name\":\"Sviluppo sicuro del software: come facciamo il risk assessment\",\"isPartOf\":{\"@id\":\"https:\/\/www.intesys.it\/journal\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2024\/10\/sviluppo_sicuro_del_software.png\",\"datePublished\":\"2024-10-24T07:32:31+00:00\",\"dateModified\":\"2025-03-17T11:10:25+00:00\",\"author\":{\"@id\":\"https:\/\/www.intesys.it\/journal\/#\/schema\/person\/7cdebffdaa1238d1c457c601ca7bd381\"},\"description\":\"Risk assessment per lo sviluppo sicuro del software: scopri come lo facciamo per garantire sicurezza e non disperdere tempo e budget.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#primaryimage\",\"url\":\"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2024\/10\/sviluppo_sicuro_del_software.png\",\"contentUrl\":\"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2024\/10\/sviluppo_sicuro_del_software.png\",\"width\":1920,\"height\":1440,\"caption\":\"sviluppo sicuro del software\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intesys.it\/journal\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Risk assessment per lo sviluppo sicuro del software: come lo facciamo, in dettaglio\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intesys.it\/journal\/#website\",\"url\":\"https:\/\/www.intesys.it\/journal\/\",\"name\":\"Intesys\",\"description\":\"Ogni settimana nuovi articoli dedicati al mondo della trasformazione digitale!\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intesys.it\/journal\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intesys.it\/journal\/#\/schema\/person\/7cdebffdaa1238d1c457c601ca7bd381\",\"name\":\"Ilario Gavioli\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.intesys.it\/journal\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f519228ca80b0d0d760754171645514142c1f3118f9336303ad5ac1069c0f0a1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f519228ca80b0d0d760754171645514142c1f3118f9336303ad5ac1069c0f0a1?s=96&d=mm&r=g\",\"caption\":\"Ilario Gavioli\"},\"description\":\"Dal 1995, Ilario predispone la strategia e identifica le tecnologie su cui focalizzare le attivit\u00e0 in funzione dei piani di business delle aziende.\",\"url\":\"https:\/\/www.intesys.it\/journal\/autore\/ilario-gavioli\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sviluppo sicuro del software: come facciamo il risk assessment","description":"Risk assessment per lo sviluppo sicuro del software: scopri come lo facciamo per garantire sicurezza e non disperdere tempo e budget.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/","og_locale":"it_IT","og_type":"article","og_title":"Sviluppo sicuro del software: come facciamo il risk assessment","og_description":"Risk assessment per lo sviluppo sicuro del software: scopri come lo facciamo per garantire sicurezza e non disperdere tempo e budget.","og_url":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/","og_site_name":"Intesys Journal","article_published_time":"2024-10-24T07:32:31+00:00","article_modified_time":"2025-03-17T11:10:25+00:00","og_image":[{"width":600,"height":250,"url":"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2022\/02\/dem-journal-login-unico-europeo.jpg","type":"image\/jpeg"}],"author":"Ilario Gavioli","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2022\/02\/dem-journal-login-unico-europeo.jpg","twitter_misc":{"Scritto da":"Ilario Gavioli","Tempo di lettura stimato":"11 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/","url":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/","name":"Sviluppo sicuro del software: come facciamo il risk assessment","isPartOf":{"@id":"https:\/\/www.intesys.it\/journal\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#primaryimage"},"image":{"@id":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2024\/10\/sviluppo_sicuro_del_software.png","datePublished":"2024-10-24T07:32:31+00:00","dateModified":"2025-03-17T11:10:25+00:00","author":{"@id":"https:\/\/www.intesys.it\/journal\/#\/schema\/person\/7cdebffdaa1238d1c457c601ca7bd381"},"description":"Risk assessment per lo sviluppo sicuro del software: scopri come lo facciamo per garantire sicurezza e non disperdere tempo e budget.","breadcrumb":{"@id":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#primaryimage","url":"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2024\/10\/sviluppo_sicuro_del_software.png","contentUrl":"https:\/\/www.intesys.it\/journal\/wp-content\/uploads\/sites\/13\/2024\/10\/sviluppo_sicuro_del_software.png","width":1920,"height":1440,"caption":"sviluppo sicuro del software"},{"@type":"BreadcrumbList","@id":"https:\/\/www.intesys.it\/journal\/information-technology\/risk-assessment-per-lo-sviluppo-sicuro-del-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intesys.it\/journal\/"},{"@type":"ListItem","position":2,"name":"Risk assessment per lo sviluppo sicuro del software: come lo facciamo, in dettaglio"}]},{"@type":"WebSite","@id":"https:\/\/www.intesys.it\/journal\/#website","url":"https:\/\/www.intesys.it\/journal\/","name":"Intesys","description":"Ogni settimana nuovi articoli dedicati al mondo della trasformazione digitale!","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intesys.it\/journal\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/www.intesys.it\/journal\/#\/schema\/person\/7cdebffdaa1238d1c457c601ca7bd381","name":"Ilario Gavioli","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.intesys.it\/journal\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f519228ca80b0d0d760754171645514142c1f3118f9336303ad5ac1069c0f0a1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f519228ca80b0d0d760754171645514142c1f3118f9336303ad5ac1069c0f0a1?s=96&d=mm&r=g","caption":"Ilario Gavioli"},"description":"Dal 1995, Ilario predispone la strategia e identifica le tecnologie su cui focalizzare le attivit\u00e0 in funzione dei piani di business delle aziende.","url":"https:\/\/www.intesys.it\/journal\/autore\/ilario-gavioli\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/posts\/14647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/comments?post=14647"}],"version-history":[{"count":10,"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/posts\/14647\/revisions"}],"predecessor-version":[{"id":15090,"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/posts\/14647\/revisions\/15090"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/media\/14657"}],"wp:attachment":[{"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/media?parent=14647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/categories?post=14647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intesys.it\/journal\/wp-json\/wp\/v2\/tags?post=14647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}