This document describes Netflix's Sage framework for modeling application risk at scale. Sage enables risk measurement across risk scenarios to help Netflix prioritize security work more efficiently. It involves surveying security experts to forecast loss event frequencies and magnitudes for applications based on risk factors and controls. These predictions are stored in an asset inventory and used to calculate annualized losses. Dashboards then visualize risks to help guide strategic and operational security decisions. The document discusses challenges like data reliability and limitations like risk scenarios occurring infrequently.