Risk assessment of software-system specifications

Conclusions-This paper presents a methodology and an example of risk assess ment of functional-requirement specifications for complex real-time softwar e systems. A heuristic risk-assessment technique based on CPN (colored Petr i-net) models is presented. This technique is used to classify software fun ctional-requirement specification components according to their relative im portance in terms of such factors as severity and complexity. A dynamic com plexity measure, based on concurrence in the functional requirements, is in troduced. This technique is applied on the Earth Operation Commanding Cente r (EOC_COMMANDLING), a large component of the NASA Earth Observing System ( EOS) project. Two specification models of the system are considered. Result s of applying this technique to both models are presented. The risk assessment methodology in this paper suggests the following conclu sions: Risk assessment at the functional-requirement specification phase can be us ed to classify functional requirements in terms of their complexity & sever ity. The methodology identifies high-risk functional specification componen ts that require appreciable development & verification resources during des ign, implementation, and testing. Dynamic Complexity metrics and the concurrence metric (introduced in this p aper) can important in assessing the risk factors based on the complexity o f functional specifications. The Concurrence complexity metric (introduced in this paper) is an importan t aspect of dynamic complexity. CPN models can be used to build an executable specification of the system, which helps the analyst not only to acquire deep understanding of the syste m but also to study the dynamic behavior of the system by simulating the mo del. Future research in early risk assessment and complexity analysis could focu s on: 1) Software Architectures based on Object Technology: The technique in this paper, with some modifications on complexity analysis and severity analysi s, applies to the design methods and software architectures based on object technology. Further research is required to establish the complexity metri cs for object-based systems. 2) SRE (Software Reliability Engineering): One of the main tasks in SRE is designing the operational profiles. Operational profiles are built accordin g to the user profile and the understanding of the system analyst/designer. These profiles can be used for estimating the system reliability at the ea rly phases of development. Results obtained from this analysis can be incor porated into SRE for conducting reliability analysis at the analysis/design phases, based on dynamic simulation. More research is needed to establish a method for incorporating the risk assessment method within the SRE proces s.