Security risk scoring of an application

What is claimed is: 1 . A system, comprising: a component score engine to calculate an impact component score and a likelihood component score for a security vulnerability during development of a software application based on a plurality of scored descriptions of security risk elements for the software application; total risk score engine to calculate a total security risk score for the software product application on the impact component score and the likelihood component score for the security vulnerability of the software application; and a risk characterization engine to assign a risk characterization to the software product based on where the total risk score falls within a predetermined scale. 2 . The system of claim 1 , wherein the total risk score engine calculates a total security risk score for the software product by multiplying an impact component by a likelihood component. 3 . The system of claim 2 , wherein the impact component score is a sum of a plurality of weighted segment scores associated with the impact component. 4 . The system of claim 2 , wherein the likelihood component score is an arithmetic mean of a plurality of segment scores associated with the likelihood component. 5 . A non-transitory computer readable medium storing instructions executable by a processing resource to cause a computer to: calculate an impact component score and a likelihood component score of a security vulnerability of a software application based on a plurality of scored segments of a comprehensive security coverage framework; calculate a total security risk score for the software application based on the impact component score and the likelihood component score for the security risk of the software application; and display a risk characterization of the software application determined based on where the total security risk score lies within a predetermined scale. 6 . The non-transitory computer readable medium of claim 5 , wherein a scored segment of the plurality of scored segments is an impact potential segment, scored based on a description of a type and a sensitivity of data that could be improperly accessed by exploiting the security vulnerability. 7 . The non-transitory computer readable medium of claim 5 , wherein a scored segment of the plurality of scored segments is an impact potential segment, scored based on a description of a level of control ceded and a corresponding amount of integrity damage incurred by an exploitation of the security vulnerability. 8 . The non-transitory computer readable medium of claim 5 , wherein a scored segment of the plurality of scored segments is an impact potential segment, scored based on a description of an impact of an exploitation of the security vulnerability on availability of the software application. 9 . The non-transitory computer readable medium of claim 5 , wherein a scored segment of the plurality of scored segments is an attack vectors segment, scored based on a description of a skill level associated with an exploitation of the security vulnerability of the software product. 10 . The non-transitory computer readable medium of claim 5 , wherein a scored segment of the plurality of scored segments is an attack vectors segment, scored based on a description of a level of access to exploit the security vulnerability of the software application. 11 . The non-transitory computer readable medium of claim 5 , wherein a scored segment of the plurality of scored segments is a coverage spread segment, scored based on a description of at least one of a tenant and a user affected by an exploitation of the security vulnerability of the software application. 12 . The non-transitory computer readable medium of claim 5 , wherein a scored segment of the plurality of scored segments is an identify and exploit segment, scored based on a description. 13 . A method, comprising: calculating an impact potential segment score, a reconstructing segment score, an attack vectors segment score, a coverage spread segment score, and an identify and exploit segment score for an exploit of a security vulnerability of a software application based on corresponding scored descriptions of security risk elements; calculating a total security risk score for the software application based on the impact potential segment score, the reconstructing segment score, the attack vectors segment score, the coverage spread segment score, and the identify and exploit segment score; assigning a risk characterization to the software product based on where the total security risk score falls with a predetermined scale; and comparing the risk characterization for the software application to a historical risk characterization. 14 . The method of claim 13 , wherein scoring the impact potential segment score includes identifying as the impact potential segment score a greatest score associated with a portion of the scored descriptions describing a confidentiality impact security risk element, an integrity impact security risk element, and an availability impact security risk element. 15 . The method of claim 13 , wherein scoring the identify and exploit segment score includes calculating an arithmetic mean of scores associated with a portion of the scored descriptions describing an attack skill level risk element and an access vector risk element.