Effective software development risk management integrates project and organizational efforts

Software engineering organizations now are in an environment that is more uncertain—due in large part to the increasingly distributed nature of software development.

How well those organizations navigate through this environment will determine their success or failure, and effective navigation requires a new view of risk analysis and management. The SEI tackles risk analysis and management in distributed development at both the project and organization levels, throughout the software development life cycle.

Protecting against risk introduced by complex software supply chains

Software development organizations are concerned about direct attacks on a software supply chain to insert malicious code. However, it is more likely that defects or vulnerabilities will be inadvertently inserted during development. And, unfortunately, today's complex supply chains tend to increase the risk of that occurring. The SEI offers approaches to identify and mitigate risks due to complex software supply chains.

Avoiding system integration risk

The integration phase is a major source of cost and risk in software-reliant systems. Studies show that half of all defects in software development are found in this phase, at the time when they are more costly and time-consuming to address. While half of software defects are found during integration, however, more than two-thirds are introduced in the earliest development phases—that is, requirements and design. The SEI offers approaches to find and address defects earlier in the development life cycle.

Overcoming risks in software sustainment

Successful software sustainment consists of more than modifying and updating source code to correct errors or add new system features. The SEI offers methods, models, and guidance to manage all of the aspects required to support, maintain, and operate the software aspects of a system.

Want more information?

Contact us to find out how the SEI can help.