Abstract
Software components, both Commercial-Off-The-Shelf and Open Source, are being increasingly used in software development. Previous studies have identified typical risks and related risk management strategies for what we will call OTS-based (Off-the-Shelf) development. However, there are few effective and well-proven guidelines to help project managers to identify and manage these risks. We are performing an international state-of-the-practice survey in three countries – Norway, Italy, and Germany – to investigate the relative frequency of typical risks, and the effect of the corresponding risk management methods. Preliminary results show that risks concerning changing requirements and effort estimation are the most frequent risks. Risks concerning traditional quality attributes such as reliability and security of OTS component seem less frequent. Incremental testing and strict quality evaluation have been used to manage the possible negative impact of poor component quality. Realistic effort estimation on OTS quality evaluation helped to mitigate the possible effort estimation biases in OTS component selection and integration.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Rose, L.C.: Risk management of COTS based systems development. In: Cechich, A., Piattini, M., Vallecillo, A. (eds.) Component-Based Software Quality. LNCS, vol. 2693, pp. 352–373. Springer, Heidelberg (2003)
Abts, C., Boehm, B.W., Clark, E.B.: COCOTS: A COTS Software Integration Lifecycle Cost Model - Model Overview and Preliminary Data Collection Findings. Technical report USC-CSE-2000-501, USC Center for Software Engineering, March 8 (2000), Available at: http://sunset.usc.edu/publications/TECHRPTS/2000/usccse2000-501/usccse2000-501.pdf
Boehm, B.W., Port, D., Yang, Y., Bhuta, J.: Not all CBS are created equally COTS-intensive project types. In: Erdogmus, H., Weng, T. (eds.) ICCBSS 2003. LNCS, vol. 2580, pp. 36–50. Springer, Heidelberg (2003)
Voas, J.: COTS Software – the Economical Choice? IEEE Software 15(2), 16–19 (1998)
Voas, J.: The challenges of Using COTS Software in Component-Based Development. IEEE Computer 31(6), 44–45 (1998)
Kotonya, G., Rashid, A.: A Strategy for Managing Risk in Component-based Software Development. In: Proceedings of the 27th EUROMICRO Conference 2001, Warsaw, Poland, pp. 12–21 (September 2001)
COTS risk factor, Available at: http://www.faa.gov/aua/resources/cots/Guide/CRMG.htm
Moynihan, T.: How Experienced Project Managers Assess Risk. IEEE Software 14(3), 35–41 (1997)
Ropponen, J., Lyytinen, K.: Components of Software Development Risk: How to Address Them? A Project Manager Survey. IEEE Transactions on Software Engineering 26(2), 98–112 (2000)
Fitzgerald, B.: A Critical Look at Open Source. IEEE Computer 37(7), 92–94 (2004)
Lawton, G.: Open Source Security: Opportunity or Oxymoron? IEEE Computer 35(3), 18–21 (2002)
Vitharana, P.: Risks and Challenges of Component-Based Software Development. Communications of the ACM 46(8), 67–72 (2003)
Ruffin, M., Ebert, C.: Using Open Source Software in Product Development: A Primer. IEEE Software 21(1), 82–86 (2004)
Li, J., Bjørnson, F.O., Conradi, R., Kampenes, V.B.: An Empirical Study of Variations in COTS-based Software Development Processes in Norwegian IT Industry. In: Proceedings of the 10th IEEE International Metrics Symposium (Metrics 2004), Chicago, USA, September 14-16, pp. 72–83 (2004)
INCO project description (2000), http://www.ifi.uio.no/~isu/INCO
Longstaff, T.A., Chittister, C., Pethia, R., Haimes, Y.Y.: Are we forgetting the risks of information technology? IEEE Computer 33(12), 43–51 (2000)
Norwegian Census Bureau: http://www.ssb.no
Torchiano, M., Morisio, M.: Overlooked Facts on COTS-based Development. IEEE Software 21(2), 88–93 (2004)
Simula SESE tool: http://sese.simula.no
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, J., Conradi, R., Slyngstad, O.P.N., Torchiano, M., Morisio, M., Bunse, C. (2005). Preliminary Results from a State-of-the-Practice Survey on Risk Management in Off-the-Shelf Component-Based Development. In: Franch, X., Port, D. (eds) COTS-Based Software Systems. ICCBSS 2005. Lecture Notes in Computer Science, vol 3412. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30587-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-540-30587-3_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24548-3
Online ISBN: 978-3-540-30587-3
eBook Packages: Computer ScienceComputer Science (R0)