**5. A risk assessment library**

Schmeelk [26] contributed a new open source risk assessment library example to enable researchers, penetration testers, risk assessment managers and institutions to further expand on a consistent risk-assessment findings library with their policies, procedures, organizational controls and legal requirements. As noted in the research bug libraries, dictionaries are being maintained by large organizations but do not include risk-assessment findings, thus complicating risk-management methods. As cited, during experience with internal audits risk assessment, language made analysis next to impossible. For example, modern natural language processing methods would need to take place on penetration tests to evaluate assessment reports among different assessors, each applying different methodologies and terminologies.
