Asset-Centric Security Risk Assessment of Software Components.