Towards an approach for security risk analysis in COTS based development
SPW/ProSim'06 Proceedings of the 2006 international conference on Software Process Simulation and Modeling
| Hi-index | 0.00 |
Most risk analysis tools and techniques require the user to enter a good deal of information before they can provide useful diagnoses. The COCOTS Risk Analyzer described here enables the user to obtain a COTS glue code integration risk analysis with no inputs other than the set of glue code cost drivers the user enters to obtain a COCOTS glue code integration effort estimate. The risk assessment is based on an expert Delphi analysis of the relative risks involved in the most critical combinations of COCOTS cost driver ratings. The evaluation of our approach shows that it has done an effective job of estimating the relative risk levels of a sample of small USC e-services projects.