Rapid Risk Assessment (RRA)

The Rapid Risk Assessment framework is licensed under the MPL and was originally created to rapidly formalize risk-based decision making (less than an hour ⏰).

Risk TL;DR

Risk: TL;DR

Start with the Risk TL;DR. A quick, broad introduction to risk assessments.

Read More


Podcasts & Talks

Listen, watch videos and experiences with the RRA and how it’s used!

Listen In

Standard Levels

Standard Levels

The reference levels for risk, scores, to use with your assessments.

Show Me

The RRA is based on previous frameworks, but focuses on the social aspect of the risk discussions in order to favor good outcomes, rather than perfect outcomes.

It surfaces and mitigates important risks that matter to the team, rather than checking lists of controls.

Get started!

  1. Even if you’re a seasoned risk professional, our Risk TL;DR may pique your interest.
  2. Check out the Podcasts, videos, etc. to get a feel for it!
  3. Read the Reference Documentation, especially RRA for services.
  4. Play with integrations.


The RRA concept was originally created at Mozilla under the MPL by gdestuynder@ and jvehent@ (after a walk on the beach) and improved with contributions from Mozilla’s Information Security team.

Mozilla’s Information security website can be found at https://infosec.mozilla.org.


This website, reference and tools are all hosted under the MPL on https://github.com/rapidriskassessment. Please submit issues, pull-requests, etc. as necessary. You may also consult or request to participate to the high level project board or chat on Matrix.

See also CONTRIBUTORS for a list of contributors.