Software Engineering Resources
	Risk Analysis and Management Risk analysis and management are a series of steps that help a software team to understand and manage uncertainty. Many problems can plague of software project. A risk is a potential problem&emdash;it might happen, it might not. But regardless of the outcome, it's a really good idea to identify it, assess its probability of occurrence, estimate its impact, and establish a contingency plan should the problem actually occur.The following topic categories are presented: Risk Management Resources Risk Management Tutorials, Articles and Papers Risk Tools Books Risk Management Resources Risk Analysis Resources A mini-report on risk analysis followed by a list of worthwhile resources (on-line and print) can be found at this site. Risk Management Resources An extensive collection of risk resources compiled by DACS. Society for Risk Analysis The Society for Risk Analysis (SRA) provides an open forum for all those who are interested in risk analysis. This discussion is NOT limited to software risks. RiskWorld An useful collection of resources and news about risk. Software Quality Management Magazine This e-zine often contains articles on risk-related subjects. Risk Management Tutorials, Articles and Papers Tutorials, Overviews and Guidebooks Risk Management Tutorial A brief but still worthwhile tutorial on IT risk management. Risk Management White Paper An extensive discussion of risk management has been prepared by Chester Simmons. Recommended. Overview of Risk Management A more detailed overview written by Karl Wiegers. Principles of Risk Management SEI's one page discussion of basic principles. SEI Continuous Risk Managment Guidebook "Describes the underlying principles, concepts, and functions of risk management and provides guidance on how to implement it as a continuous practice in your projects and organization." Recommended. Risk Management and the Software Process An indepth report that describes a number of different perspective of risk management and its place in the software process. Specialized Papers Project Mistakes that Increase Risk Steve McConnell has developed a discussion of classic project mistakes. Taxonomy-Based Risk Identification This report can be downloaded from the SEI. Risk Reduction Patterns Alistair Cockburn describes five risk reduction patterns. Reducing Project Management Risk This detailed tutorial provides many useful risk reduction guidelines. Hazards and Safety Hazard Analysis Database A voluminous database containing all entries from the ACM's Forum on Risks to the Public can be found at this site. System and Software Safety A paper by Nancy Leveson. Safety-Critical Systems An excellent list of resources on this subject. Software Safety Resources An extensive list of software safety resources developed by DACS. Risk Tools Risk Radar Developed by the Software Program Managers Network, this tool "enables you and your project team to manage risks for a single project." Also provides a downloadable book on Risk. RiskyProject and the Event Chain Methodology A useful discussion of event chain methodology (a method for project risk analysis) and a commercial description of a tool for accomplishing it can be found here. Risk Assessment Form Anon-line project risk assessment form can be completed at this site. Risk Identification Questionnaire Questions that help developers identify project and technical risks. RiskMan A risk management expert system can be downloaded here. Books The software risk management literature has expanded significantly over the past decade. Moynihan (Coping with IT/IS Risk Management, Springer-Verlag, 2002) presents pragmatic advice from project managers who deal with risk on a continuing basis. Royer (Project Risk Management, Management Concepts, 2002) and Smith and Merritt (Proactive Risk Management, Productivity Press, 2002) suggest a proactive process for risk management. Karolak(Software Engineering Risk Management, Wiley, 2002) has written a guidebook that introduces an easy-to-use risk analysis model with worthwhile checklists and questionnaires supported by a software package. Schuyler (Risk and Decision Analysis in Projects, PMI, 2001) considers risk analysis from a statistical perspective. Hall (Managing Risk: Methods for Software Systems Development, Addison-Wesley, 1998) presents one of the more thorough treatments of the subject. Myerson (Risk Management Processing for Software Engineering Models, Artech House, 1997) considers metrics, security, process models and other topics. A useful snapshot of risk assessment has been written by Grey (Practical Risk Assessment for Project Management, Wiley, 1995). His abbreviated treatment provides a good introduction to the subject. Additional books worth examining include: Chapman, C.B. and S. Ward, Project Risk Management: Processes, Techniques and Insights, Wiley, 1997. Wideman, R.M. (editor), Project & Program Risk Management: A Guide to Managing Project Risks and Opportunities, Project Management Institute Publications, 1998. Capers Jones (Assessment and Control of Software Risks, Prentice-Hall, 1994) presents a detailed discussion of software risks that includes data collected from hundreds of software projects. Jones defines 60 risk factors that can affect the outcome of software projects. Boehm (Software Risk Management, IEEE Computer Society Press, 1989) suggests excellent questionnaire and checklist formats that can prove invaluable in identifying risk. Charette (Software Engineering Risk Analysis and Management, McGraw-Hill/Intertext, 1989) presents a detailed treatment of the mechanics of risk analysis, calling on probability theory and statistical techniques to analyze risks. In a companion volume, Charette (Application Strategies for Risk Analysis, McGraw-Hill, 1990) discusses risk in the context of both system and software engineering and suggests pragmatic strategies for risk management. Gilb (Principles of Software Engineering Management, Addison-Wesley, 1988) presents a set of "principles" (which are often amusing and sometimes profound) that can serve as a worthwhile guide for risk management. Ewusi-Mensah (Software Development Failures: Anatomy of Abandoned Projects, MIT Press, 2003) and Yourdon (Death March, Prentice-Hall, 1997) discuss what happens when risks overwhelm a software project team. Bernstein (Against the Gods, Wiley, 1998) presents an entertaining history of risk that goes back to ancient times. The Software Engineering Institute has published many detailed reports and guidebooks on risk analysis and management. The Air Force Systems Command pamphlet AFSCP 800-45 (Software Risk Abatement, AFCS/AFLC Pamphlet 800-45, U.S. Air Force, 1988) describes risk identification and reduction techniques. The SEI provides a downloadable report on Taxonomy-Based Risk Identification. Every issue of the ACM Software Engineering Notes has a section entitled "Risks to the Public" (editor, P.G. Neumann). If you want the latest and best software horror stories, this is the place to go.