Article

Assessing COTS integration risk using cost estimation inputs

Authors:

Ye Yang,

Barry Boehm,

Betsy ClarkAuthors Info & Claims

ICSE '06: Proceedings of the 28th international conference on Software engineering

Pages 431 - 438

https://doi.org/10.1145/1134285.1134345

Published: 28 May 2006 Publication History

Get Access

Abstract

Most risk analysis tools and techniques require the user to enter a good deal of information before they can provide useful diagnoses. In this paper, we describe an approach to enable the user to obtain a COTS glue code integration risk analysis with no inputs other than the set of glue code cost drivers the user submits to get a glue code integration effort estimate with the COnstructive COTS integration cost estimation (COCOTS) tool. The risk assessment approach is built on a knowledge base with 24 risk identification rules and a 3-level risk probability weighting scheme obtained from an expert Delphi analysis. Each risk rule is defined as one critical combination of two COCOTS cost drivers that may cause certain undesired outcome if they are both rated at their worst case ratings. The 3-level nonlinear risk weighting scheme represents the relative probability of risk occurring with respect to the individual cost driver ratings from the input. Further, to determine the relative risk impact, we use the productivity range of each cost driver in the risky combination to reflect the cost consequence of risk occurring. We also develop a prototype called COCOTS Risk Analyzer to automate our risk assessment method. The evaluation of our approach shows that it has done an effective job of estimating the relative risk levels of both small USC e-services and large industry COTS-based applications.

References

[1]

B. Boehm, C. Abts, A.W. Brown, S. Chulani, B. K. Clark, E. Horowitz, R. Madachy, D. Reifer and B. Steece. Software Cost Estimation with COCOMO II. Prentice Hall PTR, July 2000.

Digital Library

Google Scholar

[2]

C. Abts, "Extending the COCOMO II Software Cost Model to Estimate Effort and Schedule for Software Systems Using Commercial-Off-The-Shelf (COTS) Software Components: the COCOTS Model," Ph.D. Dissertation, Oct. 2001.

Digital Library

Google Scholar

[3]

R.J. Madachy, Heuristic Risk Assessment Using Cost Factors. IEEE Software, May/June 1997.

Digital Library

Google Scholar

[4]

K. Kansala. "Integrating Risk Assessment with Cost Estimation," IEEE Software, vol. 14, no. 3, pp. 61--67, May/June 1997.

Digital Library

Google Scholar

[5]

A. Rashid, and G. Kotonya (2001) Risk Management in Component-Based Development: A Separation of Concerns Perspective. ECOOP Workshop on Advanced Separation of Concerns (ECOOP Workshop Reader). Springer-Verlag Lecture Notes in Computer Science.

Google Scholar

[6]

D. Carney, E. Morris, and P. Place,: Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation. September 2003. TECHNICAL REPORT. CMU/SEI-2003-TR-023.

Crossref

Google Scholar

[7]

A. Minkiewicz, The Real Costs of Developing COTS Software. http://www.pricesystems.com/downloads/pdf/COTSwhitepaper3-31-04.pdf.

Google Scholar

[8]

D. Port, and Z.H. Chen,: "Assessing COTS Assessment: How Much Is Enough?", Proceedings, ICCBSS 2004, Feb. 2004, pp. 183-198.

Crossref

Google Scholar

[9]

B. Boehm, D. Port, Y. Yang, and J. Buhta, "Not All CBS Are Created Equally: COTS-Intensive Project Types," Proceedings, ICCBSS'03, Ottawa, Canada, Feb. 2003, pp. 36--50.

Digital Library

Google Scholar

[10]

D. Port, and Y. Yang, "Empirical Analysis of COTS Activity Effort Sequences," Proceedings, ICCBSS'04, Los Angeles, California, USA, Feb. 20

Google Scholar

Cited By

View all

Ali SRen JZhang KWu JLiu C(2023)Heterogeneous Ensemble Model to Optimize Software Effort Estimation AccuracyIEEE Access10.1109/ACCESS.2023.325653311(27759-27792)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3256533
Alelyani TMichel RYang YWade JVerma DTörngren M(2019)A literature review on obsolescence management in COTS-centric cyber physical systemsProcedia Computer Science10.1016/j.procs.2019.05.064153(135-145)Online publication date: 2019
https://doi.org/10.1016/j.procs.2019.05.064
Yang YMichel RWade JVerma DTörngren MAlelyani T(2019)Towards a taxonomy of technical debt for COTS-intensive cyber physical systemsProcedia Computer Science10.1016/j.procs.2019.05.061153(108-117)Online publication date: 2019
https://doi.org/10.1016/j.procs.2019.05.061
Show More Cited By

Index Terms

Assessing COTS integration risk using cost estimation inputs
1. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems
2. Software and its engineering
  1. Software creation and management

Recommendations

Risk Management and Risk Assessment at ENISA: Issues and Challenges
ARES '06: Proceedings of the First International Conference on Availability, Reliability and Security

In this talk, the main directions followed in current and future work in the area of Risk Management and Risk Assessment at ENISA will be presented. The efforts in this area range from an initial inventory of Risk Management /Risk Assessment methods and ...
Spatial Risk Assessment and Geographic Information System based Approach for Construction Projects Risk Management
Abstract
The construction of diverse civil projects is challenging owing to the numerous hazards involved. As a result, risk analysis is essential for civil project selection and construction work coordination. During the construction project planning and ...
SP 800-30. Risk Management Guide for Information Technology Systems

Comments

Information & Contributors

Information

Published In

ICSE '06: Proceedings of the 28th international conference on Software engineering

May 2006

1110 pages

ISBN:1595933751

DOI:10.1145/1134285

General Chair:
Leon J. Osterweil
University of Massachusetts, USA
,
Program Chairs:
Dieter Rombach
TU Kaiserslautern, Germany
,
Mary Lou Soffa
University of Virginia, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 May 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ICSE06

Sponsor:

ICSE06: International Conference on Software Engineering

May 20 - 28, 2006

Shanghai, China

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
1,166
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ali SRen JZhang KWu JLiu C(2023)Heterogeneous Ensemble Model to Optimize Software Effort Estimation AccuracyIEEE Access10.1109/ACCESS.2023.325653311(27759-27792)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3256533
Alelyani TMichel RYang YWade JVerma DTörngren M(2019)A literature review on obsolescence management in COTS-centric cyber physical systemsProcedia Computer Science10.1016/j.procs.2019.05.064153(135-145)Online publication date: 2019
https://doi.org/10.1016/j.procs.2019.05.064
Yang YMichel RWade JVerma DTörngren MAlelyani T(2019)Towards a taxonomy of technical debt for COTS-intensive cyber physical systemsProcedia Computer Science10.1016/j.procs.2019.05.061153(108-117)Online publication date: 2019
https://doi.org/10.1016/j.procs.2019.05.061
Pak CCannady JGantz DBaker KGarrison D(2009)Asset priority risk assessment using hidden markov modelsProceedings of the 10th ACM conference on SIG-information technology education10.1145/1631728.1631750(65-73)Online publication date: 22-Oct-2009
https://dl.acm.org/doi/10.1145/1631728.1631750
Kamdar AOrsoni A(2009)Development of Value-Based Pricing Model for Software ServicesProceedings of the UKSim 2009: 11th International Conference on Computer Modelling and Simulation10.1109/UKSIM.2009.93(299-304)Online publication date: 25-Mar-2009
https://dl.acm.org/doi/10.1109/UKSIM.2009.93
Sikdar SDas O(2009)Stakeholder Appropriate Requirement Development Approach2009 IEEE International Advance Computing Conference10.1109/IADCC.2009.4809268(1670-1674)Online publication date: Mar-2009
https://doi.org/10.1109/IADCC.2009.4809268
Moraes RDurães JMartins EMadeira H(2007)Component-based software certification based on experimental risk assessmentProceedings of the Third Latin-American conference on Dependable Computing10.5555/2396065.2396084(179-197)Online publication date: 26-Sep-2007
https://dl.acm.org/doi/10.5555/2396065.2396084
Moraes RDurães JMartins EMadeira H(2007)Component-Based Software Certification Based on Experimental Risk AssessmentDependable Computing10.1007/978-3-540-75294-3_14(179-197)Online publication date: 2007
https://doi.org/10.1007/978-3-540-75294-3_14
Yang YBoehm B(2007)Improving process decisions in COTS‐based development via risk‐based prioritizationSoftware Process: Improvement and Practice10.1002/spip.33412:5(449-460)Online publication date: 23-May-2007
https://doi.org/10.1002/spip.334
Yang YBoehm B(2006)Optimizing process decision in COTS-Based development via risk based prioritizationProceedings of the 2006 international conference on Software Process Simulation and Modeling10.1007/11754305_7(64-71)Online publication date: 20-May-2006
https://dl.acm.org/doi/10.1007/11754305_7

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Risk Management and Risk Assessment at ENISA: Issues and Challenges

Spatial Risk Assessment and Geographic Information System based Approach for Construction Projects Risk Management

SP 800-30. Risk Management Guide for Information Technology Systems

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations