Architectural level risk assessment

Many companies develop and maintain large-scale software systems for public and financial institutions. Should a failure occur in one of these systems, the impact would be enormous. It is therefore essential, in maintaining a system\u27s quality, to identify any defects early on in the development process in order to prevent the occurrence of failures. However, testing all modules of these systems to identify defects can be very expensive. There is therefore a need for methodologies and tools that support software engineers in identifying the defected and complex software components early on in the development process.;Risk assessment is an essential process for ensuring high quality software products. By performing risk assessment during the early software development phases we can identify complex modules, thus enables us to enhance resource allocation decisions.;To assess the risk of software systems early on in the software\u27s life cycle, we propose an architectural level risk assessment methodology. It uses UML specifications of software systems which are available early on in the software life cycle. It combines the probability of software failures and the severity associated with these failures to estimate software risk factors of software architectural elements (components/connectors), the scenarios, the use cases and systems. As a result, remedial actions to control and improve the quality of the software product can be taken.;We build a risk assessment model which will enable us to identify complex and noncomplex software components. We will be able to estimate programming and service effort, and estimate testing effort. This model will enable us also to identify components with high risk factor which would require the development of effective fault tolerant mechanisms.;To estimate the probability of software failure we introduced and developed a set of dynamic metrics which are used to measure dynamic of software architectural elements from UML static models.;To estimate severity of software failure we propose UML based severity methodology. Also we propose a validation process for both risk and severity methodologies. Finally we propose prototype tool support for the automation of the risk assessment methodology

An interpretive study of software risk management perspectives.

Thesis (M.Sc.)-University of Natal, Pietermaritzburg, 2002.This dissertation addresses risk management in the software development context. The discussion commences with the risks in software development and the necessity for a software risk management process. The emergent discourse is based on the shortfalls in current risk management practices, elaborated in the software risk management literature. This research proposes a framework for a field investigation of risk management in the context of a particular software development organization. It was experimentally tested within several companies. This framework was designed to provide an understanding of the software development risk phenomena from a project manager's perspective and to understand how this perspective affects their perception. This was done with respect to the consideration of the advantages and disadvantages of software risk management as regards its applicability or inapplicability, respectively. This study can be used as a precursor to improving research into the creation of new software risk management frameworks

Software engineering risk management : a method, improvement framework, and empirical evaluation

This dissertation presents a method for software risk management, its improvement framework, and results from its empirical evaluations. More specifically, our objectives were: Develop a comprehensive, theoretically sound, and practical method for software engineering risk management. Develop a framework and supporting software tools for the continuous improvement of software engineering risk management and for improving knowledge about risks. Evaluate the method in practice to provide information on its feasibility, effectiveness, advantages and disadvantages, and to improve it. Although risk management has been considered an important issue in software development and significant contributions to risk management have been made over the past decade, risk management is rarely actively and explicitly applied in practice. Furthermore, most risk management approaches in software engineering use simplistic approaches and fail to account for the biases common in risk perception. We have developed a method, called Riskit, that complements existing risk management approaches by supporting qualitative and structured analysis of risks through a graphical modeling formalism. The method supports multiple stakeholder views to risks by considering their potential utility losses. The Riskit method is comprehensive, i.e., it supports all aspects of risk analysis and risk management planning in a software development project. We propose that our method has a sound theoretical foundation, avoids common biases in risk evaluations, and results in a more thorough understanding of the risks than traditional approaches. Associated with the method, we have also developed a risk management improvement framework that supports continuous, systematic improvement of the risk management process. The improvement framework is based on the Quality Improvement Paradigm, and is supported by the eRiskit application. The eRiskit application supports the management of risks while simultaneously acting as a risk management repository that captures risk management data for improvement purposes. The eRiskit application also acted as a proof of concept for the correctness of the underlying concepts in the Riskit method. We have validated the feasibility and effectiveness of the Riskit method in a series of empirical studies. The empirical studies were designed to provide characterization information and feedback on the method, as well as to act as initial validation of the method. The empirical evaluations showed that the method is feasible in industrial context and it seemed to improve participants' confidence in risk management results. In addition, our research indicates that industry needs sound, systematic, yet cost effective methods for risk management, a common and customized approach to improve communications within an organization, and support and enforcement of the common approach.reviewe

Process-Based Software Risk Assessment

. Analyzing software process models to predict the behavior of software processes helps in planning and enacting software projects. Since software processmodels can capture the key information that is necessaryto assessprocessrelated risks, this paper discusses how approaches for software process analysis may be applied to software risk assessment. A characterization scheme for process analysis approaches is stated based on a set of necessary risk assessment requirements. Existing analysis approaches are evaluated with respect to the characterization scheme. Proceeding from this evaluation, an approach to software process analysis is proposed that is specifically tailored to software risk assessment. This analysis approach takes advantage of a wide range of information by integrating empirically validated models. It is also shown how this approach fits into the context of the MVP (multi-view processes) project at the University of Kaiserslautern. Keywords Software process analysis, sur..