When I first read this book in 1997 I thought it was interesting, but quirky.When I recently re-read it I had the benefit of four more years of experience and more scars from grappling with many of the issues that this book addresses. The 12 chapters in this 225-page book cover a spectrum of issues and factors that most books on software engineering risk management only lightly touch upon or overlook completely. The chapters are sequenced as follow: 1-Introduction, 2-Industrial Espionage, 3-Software Engineering, 4-Software Metrics, 5-Security, 6-Process Maturity Models, 7-Asset Valuations, 8-Security Threats, 9-Security Controls and Tests, 10-Safeguards, 11-Economic Analysis, and 12-Reiterative Processes.
Chapter 2, Industrial Espionage leaps out at you and tells you that this is not a run-of-the-mill SW risk book.If the risks are not obvious, consider the threats to intellectual property that can manifest themselves when development is contracted out or contract labor is used to augment an in-house development team.If this book goes into a second edition I hope the author also includes patent issues as well, because the book was published in 1996 and since them two significant legal cases (State Street Bank vs. Signature Finance Group, Inc. [1998] and AT&T vs. Excel Communications, Inc. [1999]have set precedents that add further to this particular category of risk, and may merit a separate chapter on patent risks.
Each of the other chapters exposes risks--some obvious, and some not-so-obvious--inherent in software engineering models and their associated processes. Bear in mind that while this book introduces quantitative methods, it is no substitute for a book on software engineering risk management if you are new to the topic.The reason is this book covers the subtleties and often overlooked aspects, but is not an introductory text on the subject.
My favorite chapters are 4 (software metrics), 67 (asset valuations) and 11 (economic analysis) because those are areas in which I am interested.I also liked chapter 6 (process maturity models) because it exposes risks that need to be considered if you are in the process of selecting or implementing one of the models (CMM, SPICE, etc.).
Overall, this is a useful and interesting book if you have a great deal of prior experience in software engineering, SQA or process implementation.My only complaint--and it's minor--is Chapter 5 (Security) should have been grouped with the related chapters (8, 9, and 10). If you fall into the audience I cited above you'll benefit greatly from this book.
Product Description
The potential threats associated with software development are identified as the author explains how to establish an effective risk management program. The text details the six critical steps involved in applying the process and discusses various software metrics approaches which can be used to measure software quality.
About the Author
Judy Myerson earned her M.S.E.E. in computer and information sciences from an ivy league university. She is a computer/software engineer, a technical writer and consulting editor of computer manuals, technical reports, and textbooks. She has written numerous articles on data language and processing technologies for national trade publications.
Click Here to see more reviews about: Risk Management Processes for Software Engineering Models (Artech House Computer Science Library) (Hardcover)
No comments:
Post a Comment