The potential threats associated with software development are identified as the author explains how to establish an effective risk management program. The text details the six critical steps involved in applying the process and discusses various software metrics approaches which can be used to measure software quality.

Average Customer Review: ( 1 customer reviews )
Write an online review and share your thoughts with other customers.

The chapters are sequenced as follow: 1-Introduction, 2-Industrial Espionage, 3-Software Engineering, 4-Software Metrics, 5-Security, 6-Process Maturity Models, 7-Asset Valuations, 8-Security Threats, 9-Security Controls and Tests, 10-Safeguards, 11-Economic Analysis, and 12-Reiterative Processes.

Chapter 2, Industrial Espionage leaps out at you and tells you that this is not a run-of-the-mill SW risk book. If the risks are not obvious, consider the threats to intellectual property that can manifest themselves when development is contracted out or contract labor is used to augment an in-house development team. If this book goes into a second edition I hope the author also includes patent issues as well, because the book was published in 1996 and since them two significant legal cases (State Street Bank vs. Signature Finance Group, Inc. [1998] and AT&T vs. Excel Communications, Inc. [1999]have set precedents that add further to this particular category of risk, and may merit a separate chapter on patent risks.

Each of the other chapters exposes risks--some obvious, and some not-so-obvious--inherent in software engineering models and their associated processes. Bear in mind that while this book introduces quantitative methods, it is no substitute for a book on software engineering risk management if you are new to the topic. The reason is this book covers the subtleties and often overlooked aspects, but is not an introductory text on the subject.

My favorite chapters are 4 (software metrics), 67 (asset valuations) and 11 (economic analysis) because those are areas in which I am interested. I also liked chapter 6 (process maturity models) because it exposes risks that need to be considered if you are in the process of selecting or implementing one of the models (CMM, SPICE, etc.).

Overall, this is a useful and interesting book if you have a great deal of prior experience in software engineering, SQA or process implementation. My only complaint--and it's minor--is Chapter 5 (Security) should have been grouped with the related chapters (8, 9, and 10). If you fall into the audience I cited above you'll benefit greatly from this book.