Risk Management During Software Development: Results of a Survey in Software Houses from Germany, Austria and Switzerland

  • Michael FeldererEmail author
  • Florian Auer
  • Johannes Bergsmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10224)


Resource constraints during development require an elaborated decision-making process supported by risk information. The goal of this paper is to investigate the state-of-practice of risk management during development in software houses. For this purpose, we conducted a survey in Germany, Austria, and Switzerland where 57 software houses participated. The survey results are triangulated by results from literature and interviews with a subset of the survey participants. Results from the survey show that less than a third of the companies performs risk management during development. Main reasons for not performing risk management are lack of resources, need and knowledge. An important application area of risk assessment results is the prioritization of test cases. Finally, technical product risks as well as project risks are commonly applied risk assessment criteria.


Risk Management Software Development Target Audience Software Quality Project Risk 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors thank Software Quality Lab GmbH for joint operation of this survey as well as all participating companies, interview partners and colleagues who helped to make this survey possible.


  1. 1.
    Haisjackl, C., Felderer, M., Breu, R.: Riscal-a risk estimation tool for software engineering purposes. In: 2013 39th Euromicro Conference on Software Engineering and Advanced Applications, pp. 292–299. IEEE (2013)Google Scholar
  2. 2.
    Karolak, D.W., Karolak, N.: Software Engineering Risk Management: A Just-in-Time Approach. IEEE Computer Society Press, Los Alamitos (1995)Google Scholar
  3. 3.
    Felderer, M., Beer, A., Ho, J., Ruhe, G.: Industrial evaluation of the impact of quality-driven release planning. In: Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, p. 62. ACM (2014)Google Scholar
  4. 4.
    Ruhe, G.: Product Release Planning: Methods Tools and Applications. Auerbach Publications, Boca Raton (2011)Google Scholar
  5. 5.
    Felderer, M., Schieferdecker, I.: A taxonomy of risk-based testing. Int. J. Softw. Tools Technol. Transf. 16(5), 559–568 (2014)CrossRefGoogle Scholar
  6. 6.
    Amland, S.: Risk-based testing: risk analysis fundamentals and metrics for software testing including a financial application case study. J. Syst. Softw. 53(3), 287–295 (2000)CrossRefGoogle Scholar
  7. 7.
    Felderer, M., Auer, F.: Software quality assurance during implementation: results of a survey in software houses from Germany, Austria and Switzerland. In: Winkler, D., Biffl, S., Bergsmann, J. (eds.) SWQD 2017. LNBIP, vol. 269, pp. 87–102. Springer, Cham (2017). doi: 10.1007/978-3-319-49421-0_7 CrossRefGoogle Scholar
  8. 8.
    ISO/IEC: ISO/IEC 16085:2006, standard for software engineering - software life cycle processes - risk management. Std ISO IEC 16085–2006, pp. 1–46, December 2006Google Scholar
  9. 9.
    Project Management Institute: A Guide to the Project Management Body of Knowledge: PMBOK(R) Guide. Project Management Institute (2013)Google Scholar
  10. 10.
    IEEE: IEEE standard for software and system test documentation. IEEE Std 829–2008, pp. 1–150, July 2008Google Scholar
  11. 11.
    ISO/IEC/IEEE: ISO/IEC/IEEE 24765:2010 - systems and software engineering - vocabulary, p. 418 (2010)Google Scholar
  12. 12.
    Sommerville, I.: Software Engineering. International Computer Science Series. Addison-Wesley, Boston (2007)zbMATHGoogle Scholar
  13. 13.
    ISO: ISO 31000 - risk management (2009)Google Scholar
  14. 14.
    Kajko-Mattsson, M., Nyfjord, J.: State of software risk management practice. Int. J. Comput. Sci. 35(4), 451–462 (2008)Google Scholar
  15. 15.
    Haberl, P., Spillner, A., Vosseberg, K., Winter, M.: Survey 2011: software test in practice (2011).
  16. 16.
    Arnuphaptrairong, T.: Software risk management practice: evidence from Thai software firms. In: Proceedings of the International Multi Conference of Engineers and Computer Scientists, vol. 2 (2014)Google Scholar
  17. 17.
    Kasunic, M.: Designing an effective survey. Technical report, DTIC Document (2005)Google Scholar
  18. 18.
    Linaker, J., Sulaman, S.M., Maiani de Mello, R., Höst, M., Runeson, P.: Guidelines for conducting surveys in software engineering v. 1.0 (2015)Google Scholar
  19. 19.
    Working Party on Indicators for the Information Society: Information economy - sector definitions based on the internet standard industry classification (isic 4). DSTI/ICCP/IIS(2006) 2/FINAL (2007)Google Scholar
  20. 20.
    Bundesamt, S.: Ikt-branche in deutschland - bericht zur wirtschaftlichen entwicklung - ausgabe 2013 (2013).
  21. 21.
    IEEE: Guide to the Software Engineering Body of Knowledge (SWEBOK): Version 3.0. IEEE Computer Society Press (2014)Google Scholar
  22. 22.
    Winter, M., Vosseberg, K., Spillner, A., Haberl, P.: Softwaretest-umfrage 2011-erkenntnisziele, durchführung und ergebnisse. In: Software Engineering, pp. 157–168 (2012)Google Scholar
  23. 23.
    Felderer, M., Ramler, R.: A multiple case study on risk-based testing in industry. Int. J. Softw. Tools Technol. Transf. 16(5), 609–625 (2014)CrossRefGoogle Scholar
  24. 24.
    Felderer, M., Ramler, R.: Risk orientation in software testing processes of small and medium enterprises: an exploratory and comparative study. Software Qual. J. 24, 1–30 (2015)Google Scholar
  25. 25.
    Ramler, R., Felderer, M.: A process for risk-based test strategy development and its industrial evaluation. In: Abrahamsson, P., Corral, L., Oivo, M., Russo, B. (eds.) PROFES 2015. LNCS, vol. 9459, pp. 355–371. Springer, Cham (2015). doi: 10.1007/978-3-319-26844-6_26 Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Michael Felderer
    • 1
    Email author
  • Florian Auer
    • 1
  • Johannes Bergsmann
    • 2
  1. 1.Institute of Computer ScienceUniversity of InnsbruckInnsbruckAustria
  2. 2.Software Quality Lab GmbHLinzAustria

Personalised recommendations