Risk Register

Risk ID	Description of Risk	Source	Likelihood	Impact	Risk Score	Current Controls	Planned Mitigation / Treatment	Risk Owner	Status	Review Date
R-2025-06-03-01	Vulnerable Rack dependency (2.2.13) could enable request-handling issues; mitigated by upgrading to 2.2.17 in commit `28b6cd3`	Code commit	Medium	High	6	Staging validation; management approval; Azure Defender; MFA; log reviews	Continue monthly dependency checks (`bundle outdated`), quarterly vulnerability scans	Tim Pollard	Mitigated (2025-06-03)	2025-09-03
R-2025-04-08-01	Outdated Nokogiri (1.18.3→1.18.7) and Rack (2.2.11→2.2.13) may expose parsing/request risks; upgraded in commit `c64ce9b`	Code commit	Medium	High	6	Staging validation; management approval; Azure Defender; MFA	Maintain monthly checks; track Nokogiri/Rack advisories; quarterly vuln scans	Tim Pollard	Mitigated (2025-04-08)	2025-07-08
R-2025-03-04-01	Multiple gem security patches (cgi 0.3.6→0.3.7, date 3.4.0→3.4.1, net-imap 0.4.17→0.4.19, nokogiri 1.18.1→1.18.3, rack 2.2.10→2.2.11, timeout 0.4.1→0.4.3, uri 0.12.2→0.12.4) to reduce exploit surface; commit `f3870ae`	Code commit	Medium	High	6	Staging validation; management approval; Azure Defender; log reviews	Keep monthly dependency audits; document exceptions if deferrals needed	Tim Pollard	Mitigated (2025-03-04)	2025-06-04
R-2025-02-03-01	jquery-ui-rails outdated (6.0.1) with known issues; upgraded to 7.0.0 per issue #132; commit `97ef51a`	Code commit	Medium	Medium	4	Staging validation; management approval	Monitor upstream JS library advisories; retire legacy plugins where possible	Tim Pollard	Mitigated (2025-02-03)	2025-05-03
R-2025-01-10-01	Vulnerable rails-html-sanitizer/loofah and Nokogiri versions could enable XSS via unsafe markup; upgraded (loofah 2.23.1→2.24.0, rails-html-sanitizer 1.6.0→1.6.2, nokogiri 1.16.7→1.18.1); commit `841b5ab`	Code commit	Medium	High	6	Staging validation; management approval; secure coding standards	Continue monthly audits; add quarterly targeted XSS tests	Tim Pollard	Mitigated (2025-01-10)	2025-04-10