While computer scientists have developed and provided several powerful computer languages and techniques in the last decades, facilitating the development of modular, maintainable and e±cient code, software development itself has changed fundamentally. Software development today treats often with large-scale projects, immense development costs, and complex sys- tems which typically deploy multiple technologies and require multiple participants for their development. As with any large development exercise, the development of a complex system must be systematic and structured in order to manage this complexity, and in order to make possible the future maintenance and evolution of the system. Thus, while systematic and structured approaches are necessary for the development of such systems, software engineers have attempted to provide the structured methodologies and formalisms so often lacking in large software development projects. However, software development projects are still related with many di®erent high risks. These risks cause software engineering projects to exceed bud- gets, miss deadlines, or deliver less than satisfactory products. As an example, U.S. companies alone spent an estimated $59 billion in cost overruns on IT projects and another $81 billion on cancelled software projects in 1995 (Johnson 1995). One reason for these high costs is that managers are not using adequate measures and executing e±cient risk management assess and mitigate the risks involved in these projects.
Although risk taking is essential to progress, and failure is often a key part of learning, the inevitability of risks does not imply the inability to recognize and manage risks to minimize potential negative consequences while retaining the opportunities for creating new and better software. Obviously, this risk management process is particularly di±cult for large-scale soft- ware projects and be handled in the same way as for small project, or just by providing more resources for all development factors.
Table of Contents
1 Introduction
1.1 Motivation and Background
1.2 Purpose and Structure of this Study
2 Risk in Software Engineering
2.1 Risk and Uncertainty
2.2 Delimitation of Software Engineering Risks
2.3 Software Development Risks and Their Sources
3 Heuristic Software Risk Analysis and Management Methodologies
3.1 Risk Management Objectives and General Strategies
3.2 Risk Management Planning
3.2.1 Planning and Implementation of the Risk Management Process
3.2.2 Management Responsibilities
3.2.3 Team Management and Communication
3.3 Risk Identification
3.4 Risk Analysis and Evaluation
3.5 Planning and Implementation of Risk Handling and Controlling
3.6 Risk Tracking and Monitoring
4 Software Engineering Process Modeling
4.1 Meta-Models and Meso-Models for Software Development Processes
4.1.1 Waterfall Process Models
4.1.2 Rapid and Evolutionary Prototyping and the Incremental Model
4.1.3 The Spiral Model
4.1.4 Unified Development Process and Rational Unified Process
4.1.5 Extreme Programming and ’Agile’ Development
4.1.6 Open Source Software Development Processes
4.1.7 Comparison and Evaluation
4.2 System Dynamics Models
4.3 Process Modeling Languages (PMLs)
4.3.1 Case Study Introduction: The Appache HTTP Server Project
4.3.2 Object-Oriented Process Modeling With the UML
4.3.3 Step-Based Process Modeling with JIL/Little-JIL
4.3.4 Petri Net Based Process Modeling With FUNSOFT
4.3.5 Case Study Evaluation
5 Verification, Validation and Testing
5.1 Static Analysis Techniques for Validating Software
5.2 Dynamic Analysis Techniques for Validating Software
6 Risk Measurement and Quantification
6.1 Product Quality Measurement and Metrics
6.2 Process Measurement and Metrics
6.2.1 Capability Maturity Model (CMM)
6.2.2 ISO 9000 and Other Process Certification Models
6.3 Macro-Models for Cost and Schedule Estimation
6.3.1 The COCOMO I
6.3.2 From COCOMO I to COCOMO II
6.3.3 Applicability and Evaluation of COCOMO I/II
6.4 A Quantitative Model on the Economies of Development Process Architectures
6.4.1 Model Introduction
6.4.2 The Optimization Model: Deterministic Part
6.4.3 The Optimization Model: Stochastic Part and Simulation
6.4.4 Model Conclusion, Limitations and Possible Extensions
7 Conclusion and Further Research
Objectives & Core Themes
The primary objective of this work is to provide a strategic and operational overview of effective management for large-scale software projects to minimize risks and unexpected outcomes. The study examines various software engineering methods, notations, and heuristics, developing a multiple-perspective approach to risk identification, evaluation, and mitigation, complemented by a new quantitative model for analyzing the economies of development process architectures.
- Heuristic and qualitative software risk analysis methodologies.
- Software development process modeling (meta-models and meso-models).
- Verification, validation, and testing techniques.
- Macro-models for cost and schedule estimation, including COCOMO I and II.
- Quantitative modeling of the economies of development process architectures.
Excerpt from the Book
2.1 Risk and Uncertainty
Human’s interest in risk exists now for several hundred years. Today, the word “risk” is used (and misused) in science as well as in many everyday situations although the exact meaning of the word remains often unclear. Common for most risk understanding is that risk concerns future happenings and risk involves potential changes of some entities or their environment. However, these future events underly always uncertainty–otherwise they do not constitute any kind of risk but certain kinds of problems opportunities.
Three types of uncertainty are described in literature (Charette 1989): (a) Descriptive or structural uncertainty is connected with the lack of information concerning the value of a set of variables that define a future state of the system under study. When totally determined, this set of variables fully describes the system. (b) Measurement uncertainty describes the absence of information relating to the assignment of a value to the variables used to describe the system and is due to the fact that observations are limited and/or validation and calibration data are not available. (c) Event outcome uncertainty occurs when it is impossible to predict and identify future outcomes and their respective probabilities. This type of uncertainty becomes important in risk analysis when forecasts and estimations about future outcomes, e.g. of a software project using a new technology, have no prior history to draw from. Whereas traditional risk theories and the early insurance science consider risk as completely random and non-influenceable in their occurrence by external factors like humans, the understanding of risk is today much wider. Risk which include a choice and which can be influenced by a person making decisions (without complete information of potential effects) are called speculative risks, whereas risks without any flexibility of choices and options in decision making for a person are treated as real risks.
Summary of Chapters
1 Introduction: Introduces the motivation for studying risk management in large-scale software development and outlines the study's scope.
2 Risk in Software Engineering: Defines fundamental risk concepts, distinguishes between uncertainty and risk, and categorizes software development risks.
3 Heuristic Software Risk Analysis and Management Methodologies: Provides a comprehensive framework for heuristic risk management, including planning, identification, analysis, prioritization, handling, and monitoring.
4 Software Engineering Process Modeling: Explores various process meta-models (e.g., Waterfall, Spiral, RUP, XP, Open Source) and evaluates modeling languages for process representation.
5 Verification, Validation and Testing: Examines static analysis and dynamic testing methods as essential activities for quality assurance and risk reduction.
6 Risk Measurement and Quantification: Details product and process metrics, maturity models like CMM, and empirical cost estimation models, including the development of a new quantitative optimization model.
7 Conclusion and Further Research: Summarizes key insights and highlights future research directions in the field of software engineering risk management.
Keywords
Software Engineering, Risk Management, Software Development Process, Risk Analysis, Heuristic Methodologies, COCOMO, Process Modeling, System Dynamics, Software Metrics, Risk Exposure, Cost Estimation, Quality Assurance, Verification, Validation, Incremental Development.
Frequently Asked Questions
What is the core focus of this study?
The study focuses on establishing a strategic and operational overview of managing large-scale software projects to avoid risks and ensure successful project outcomes through structured engineering approaches.
What are the primary thematic fields covered?
The work covers risk management strategies, process modeling (meta- and meso-models), software verification and testing, quantitative cost/schedule estimation, and economic optimization of development process architectures.
What is the primary research goal?
The goal is to provide a multi-perspective, systemic approach to addressing software development risks and to develop a new quantitative model for evaluating the economies of different process architectures.
Which scientific methods are utilized?
The author employs a mix of literature analysis for existing heuristic frameworks, case studies (e.g., Apache HTTP Server project) for process modeling, and mathematical operations research for developing a quantitative model with deterministic and stochastic components.
What is addressed in the main body of the work?
The main body systematically progresses from the definition of risks to heuristic management frameworks, dives deep into software process models, verification/validation techniques, and concludes with sophisticated measurement and quantification models for project estimation.
Which keywords characterize the work?
Key terms include Software Engineering, Risk Management, Process Modeling, COCOMO, Risk Exposure, Quality Assurance, and development process optimization.
How does the author propose managing software development risks effectively?
The author argues for a continuous, proactive risk management cycle (planning, identification, analysis, prioritization, handling, and monitoring) embedded throughout the entire software life-cycle, supplemented by quantitative estimation and process modeling.
Why is the quantitative model on economies of development process architectures considered significant?
It is significant because it provides a non-linear predictive model that accounts for interdependencies between activity duration, costs, development productivity, and quality, enabling organizations to determine the optimal balance of iterations and modularization for their specific needs.
- Quote paper
- Malte Sunderkötter (Author), 2004, Software Engineering Risk Management, Munich, GRIN Verlag, https://www.grin.com/document/29630
