The software security is the one that can properly function. If the software is not secure, it will not be used in markets or any other spheres, and the company which worked on its development will experience losses. That is why, it is essential to think ahead before building software; security needs to be implemented in every phase of software development life cycle. This should be achieved through risk analysis. According to John Vecca (2009, p.137), risk in software security can be expressed by using a formula, Risk = Value of assets x Threat x Vulnerability. Software relates to the intangible asset, and it has a monetary value as well. However, security implementation involves additional expenses. The question arises, to what extent it is possible to tolerate risk in the context of software. Generally, there are two types of risks in software security: inside and outside. Inside risks are bugs that may interrupt proper functioning. Outside risk are attacks of malicious software and other hackers, which may interrupt proper functioning. Can we knowingly allow the existence of bugs, so one part of the software will work, but another part will not? Can we proactively determine vulnerability to external risks and do not take any measures? All of the above-mentioned factors relate to risk tolerance. Risk tolerance, in the context of software security, according to Craig Shumard (2013), is a decision making process to protect software against malicious attack and other hacker risks so that software can continue functioning. Is it possible to quantify risk tolerance in the context of software security through the analogy of security risk of a bank against security risk of a convenience store? Perhaps it is possible, using the concept of John Vecca’s Risk formula. Probably, a wise combination of Value of assets, Threat, and Vulnerability mentioned in Vecca’s formula may suggest risk tolerance in the context of software. However, for a proper functioning it is better to have zero risk tolerance in the context of software security.