Risk assessment in software requirements engineering: An event driven framework

Defective software requirements can cause serious problems within the software development process. Improvement of software requirements engineering practice is necessary in order to avoid these potential problems, or risks. Information concerning the risks that are associated with sets of software requirements can facilitate the improvement of requirements engineering and the software development process.; A literature review in the areas of risk analysis, software engineering risk management systems, and software requirements engineering established the need for a software development risk assessment method which utilizes quantitative requirements information. This research activity produced such a method: RARE (Risk Assessment in Requirements Engineering). RARE organizes quantitative information concerning various types of requirements errors, or risk events, within the Requirements Error Risk Classification Framework. This framework becomes the basis for the assessment of the risk associated with a given set of software requirements.; During the process of creating an accurate set of software requirements, software developers can use RARE to: (1) Identify instances of nine types of requirements errors. (2) Assess requirements risk. (3) Ascertain trends towards success or failure in the requirements engineering process. (4) Facilitate the planning and prioritization of future requirements engineering activities, including risk reduction strategies.; The utility of the RARE method was demonstrated using the requirements set from the FBI's IAFIS (Integrated Automated Fingerprint Identification System) project. Using George Mason University's AIRES (Automated Integrated Requirements Engineering System), requirements errors within the IAFIS requirement set were detected. RARE was used to assess the risk associated with the errors in this requirements set.; This research has contributed RARE, a method which utilizes quantitative requirements information for the assessment of requirements risk, to the field of requirements engineering. Additionally, this research has identified a set of requirements risk assessment and risk reduction metrics. This research supports the growing interest in Event Driven risk assessment systems within the field of software engineering.