Software Risk Management
What Is Software Risk Management And How Do You Implement It?
Software risk management begins with the notion that software risk is an issue that needs to be managed. Software risk at its core stems from problems within the software itself, i.e., the source code that is introduced during development. Software risk management must then address two Software types of issues:
- Software failure and non-performance
- Project and program management and delivery
Software risk management takes a proactive approach Software risk by providing an approach and methodology to look for areas where a software defect impacts the usability of the software for end users and the business. For example, a catastrophic failure as the result of a software bug that does not allow the software to run correctly or at all is a type of software risk that must be managed.
Software risk as an impact on project management, program management, or delivery is one in which software defects and complexity impact the ability to release software on-time or within budget. The impact here is in delays and costs to the business that must be absorbed. For example, a defect found late in the development process could result in re-work that takes days or weeks to correct thereby delaying a project.
Both of these issues require strong risk management practices to mitigate against the risk. But do you actually manage this risk? First, you should identify and understand the root cause.
Software Risk Management: Principles and Best Practices
What are the ways that you can address software risk management? A set of software risk management principles and best practices can serve as a guide to help ensure that the risk of critical issues is mitigated. Currently, most software risk management relies on testing. But testing is not necessarily enough to truly manage risk. And it’s important to note that the old adage, “You can’t manage what you don’t measure” very much applies to managing software risk.
- Identify the riskiest areas and components within your applications and systems
- Identify the root-cause for the majority of defects that result in system failures (i.e., the “killer defects”)
- Understand the importance of quantifying transaction and object risk in addition to risk-based testing
- Learn how to optimize your test efficiency while expanding your coverage
- Leverage structural quality analysis to supplement your risk-based testing
- Understand the complexity of the underlying system components
- Quantify the degree to which complex system components have changed
- Make sure you have a scorecard or dashboard for measuring and tracking the levels of software risk in each release of your most mission critical applications
Software Risk Management Plan
Creating a software risk management plan helps to both jump start managing software risk as well as making it on ongoing part of your software development process. A software risk management plan should typically include:
- Jump Start Your Risk Management
- Look at Integration Level Risk
- Look at System Level Risk
- Measure your level of software risk in your critical applications
These steps comprise the basis of comprehensive risk management. Of course, as you develop your software risk management plan, incorporate procedures and processes that make the most sense to your business. But recall that system-level risks are the greatest threats and it is these threats that require the most mitigation.
Risk Analysis in Software Testing
One key issue around software risk is that the issues that are the most damaging are not always the first ones that appear. Risk analysis in software testing helps determine where the most critical defects are that must be addressed.
* Li, et al. (2011). Characteristics of multiple component defects and architectural hotspots: A large system case study. Empirical Software Engineering, 16 (5), 667-702
In a study in Empirical Software Engineering, researchers found that while only 8% of defects are system level flaws, they account for 90% of system downtime. Thus, in addressing software risk, it's critical to focus on system level issues where the impact can be greatest.