Conclusions-This paper presents a methodology and an example of risk assess
ment of functional-requirement specifications for complex real-time softwar
e systems. A heuristic risk-assessment technique based on CPN (colored Petr
i-net) models is presented. This technique is used to classify software fun
ctional-requirement specification components according to their relative im
portance in terms of such factors as severity and complexity. A dynamic com
plexity measure, based on concurrence in the functional requirements, is in
troduced. This technique is applied on the Earth Operation Commanding Cente
r (EOC_COMMANDLING), a large component of the NASA Earth Observing System (
EOS) project. Two specification models of the system are considered. Result
s of applying this technique to both models are presented.
The risk assessment methodology in this paper suggests the following conclu
sions:
Risk assessment at the functional-requirement specification phase can be us
ed to classify functional requirements in terms of their complexity & sever
ity. The methodology identifies high-risk functional specification componen
ts that require appreciable development & verification resources during des
ign, implementation, and testing.
Dynamic Complexity metrics and the concurrence metric (introduced in this p
aper) can important in assessing the risk factors based on the complexity o
f functional specifications.
The Concurrence complexity metric (introduced in this paper) is an importan
t aspect of dynamic complexity.
CPN models can be used to build an executable specification of the system,
which helps the analyst not only to acquire deep understanding of the syste
m but also to study the dynamic behavior of the system by simulating the mo
del.
Future research in early risk assessment and complexity analysis could focu
s on:
1) Software Architectures based on Object Technology: The technique in this
paper, with some modifications on complexity analysis and severity analysi
s, applies to the design methods and software architectures based on object
technology. Further research is required to establish the complexity metri
cs for object-based systems.
2) SRE (Software Reliability Engineering): One of the main tasks in SRE is
designing the operational profiles. Operational profiles are built accordin
g to the user profile and the understanding of the system analyst/designer.
These profiles can be used for estimating the system reliability at the ea
rly phases of development. Results obtained from this analysis can be incor
porated into SRE for conducting reliability analysis at the analysis/design
phases, based on dynamic simulation. More research is needed to establish
a method for incorporating the risk assessment method within the SRE proces
s.