Page 192 -
P. 192
CHAPTER 6 RISK ANALYSIS AND MANAGEMENT 163
Capers Jones (Assessment and Control of Software Risks, Prentice-Hall, 1994) pre-
sents a detailed discussion of software risks that includes data collected from hun-
dreds of software projects. Jones defines 60 risk factors that can affect the outcome
of software projects. Boehm [BOE89] suggests excellent questionnaire and checklist
formats that can prove invaluable in identifying risk. Charette [CHA89] presents a
detailed treatment of the mechanics of risk analysis, calling on probability theory and
statistical techniques to analyze risks. In a companion volume, Charette (Application
Strategies for Risk Analysis, McGraw-Hill, 1990) discusses risk in the context of both
system and software engineering and suggests pragmatic strategies for risk man-
agement. Gilb (Principles of Software Engineering Management, Addison-Wesley, 1988)
presents a set of "principles" (which are often amusing and sometimes profound) that
can serve as a worthwhile guide for risk management.
The March 1995 issue of American Programmer, the May 1997 issue of IEEE Soft-
ware, and the June 1998 issue of the Cutter IT Journal all are dedicated to risk man-
agement.
The Software Engineering Institute has published many detailed reports and guide-
books on risk analysis and management. The Air Force Systems Command pamphlet
AFSCP 800-45 [AFC88] describes risk identification and reduction techniques. Every
issue of the ACM Software Engineering Notes has a section entitled "Risks to the Pub-
lic" (editor, P.G. Neumann). If you want the latest and best software horror stories,
this is the place to go.
A wide variety of information sources on risk analysis and management is avail-
able on the Internet. An up-to-date list of World Wide Web references that are rele-
vant to risk can be found at the SEPA Web site:
http://www.mhhe.com/engcs/compsci/pressman/resources/risk.mhtml
