Software Development Risk: Opportunity, Not Problem
Roger Van Scoy
Technical Report
CMU/SEI-92-TR-030
What is risk? What is risk management? What does risk management have to do with software? Noted software expert Tom Gilb says:
If you don't actively attack the risks, they will actively attack you.
[Gilb88, p. d72].
But what does it mean to actively attack risks? We answer these questions by examining the problems that exist in software development today and presenting the SEI Risk Program approach to turning risk into opportunity.
We begin by reviewing the fundamental concepts of risk and elaborating on how these basic concepts apply to the development of large, software-intensive systems. We then develop our strategy for seeing a systematic approach to risk management in software development be routinely practiced.
There are two key activities we are using to implement our strategy. The first is our risk management paradigm. The paradigm defines a set of continuous activities that must be undertaken to resolve technical risk in a systematic and structured way. The second is our risk assessment process for collaborating with clients to identify their technical risks.
We end with our ultimate goal: establishing an effective risk management ethic as standard practice in the software engineering industry.