A vulnerability prediction and risk assessment process for the Xen hypervisor that predicts the number of vulnerabilities and levels of risk a specific software version provides is presented. The hypervisor is a key component of virtualisation and is thus a target of attackers. When such critical infrastructure is compromised, then the assets of service consumers are consequently at risk. The benefit of a risk analysis process is that it provides surety for Cloud services consumers (making the Cloud Computing option more attractive) and assists Systems Administrators in decision making about software choices and version upgrades. The process has been tested on three popular open source, infrastructure level software packages. In each case, the level of predictive accuracy is excellent to good. The study combines quantitative and qualitative methods to predict vulnerabilities and determine risk levels.