An enhanced technique for risk categorization is presented. This technique, PCA-ANN, provides an improved capability to discriminate high-risk software. The approach draws on the combined strengths of pattern recognition, multivariate statistics and neural networks. Principal component analysis is utilized to provide a means of normalizing and orthogonalizing the input data, thus eliminating the ill effects of multicollinearity. A neural network is used for risk determination/classification. A significant feature of this approach is a procedure, herein termed cross-normalization. This procedure provides the technique with capability to discriminate data sets that include disproportionately large numbers of high-risk software modules.