Share this:

Software Risk Management

By David Gelperin, CTO, ClearSpecs Enterprises


40-60% of larger projects fail. Fewer smaller projects fail. Therefore, do smaller projects.


It’s safer to do projects you have done successfully before, e.g., build another ecommerce website. Therefore, repeat successful projects.


If you must do something larger and unfamiliar, identify its hazards and how you plan to mitigate them.


Functions are the goals that customers care about and focus on. Developers are told to focus on customer value. Qualities like security, privacy, reliability, and robustness are goals that customers rarely think about. 


Functions are easy. Qualities are hard. When system failures make the news, e.g., security breaches, it is rarely because of a functional failure. Qualities are commonly missing from software estimates and inadequately supported in operational software. 


Quality may be free, but qualities need investment. Providing a quality is nothing like providing a function. Qualities are dangerous because they are unfamiliar and out of focus.


Current Agile development ignores qualities or treats them like functions. Qualities are incompatible with iterative development. Therefore, current Agile development is dangerous when used on larger and unfamiliar projects.


There is a hybrid Agile process that retains the power of Agile, but mitigates its quality risk.

One thought on “Software Risk Management

  1. Hi,

    I am trying to understand CISQ rules to use it in my project. I have few clarifications on below rule.

    Pattern definition of ASCMM-MNT-14: Callable and Method Control
    Element Excessive Number of Control Elements involving Data
    Element from Data Manager or File Resource.

    Measure Element
    [key ASCMM-MNT-14-measure-element]
    Number of instances where a named callable control element or method control element has a number of operations
    involving a data manager or a file resource that exceeds a threshold value. Default threshold value for the number of data
    operations is 7.

    what are the data managers and file resources object this rule checks for a java project. Will it consider only file resources in java io package?.OR it checks for third party File resource objects like ( Loggers)? If yes which all third party api the rule validates?

    Waiting for your prompt response. Thanks in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *



Comment validation by @