Risk assessment of software-system specifications

This paper presents a methodology and an example of risk assessment of functional-requirement specifications for complex real-time software systems. A heuristic risk-assessment technique based on CPN (colored Petri-net) models is presented. This technique is used to classify software functional-requirement specification components according to their relative importance in terms of such factors as severity and complexity. A dynamic complexity measure, based on concurrence in the functional requirements, is introduced. This technique is applied on the Earth Operation Commanding Center (EOC COMMANDING), a large component of the NASA Earth Observing System (EOS) project. Two specification models of the system are considered. Results of applying this technique to both CPN models are presented. The risk assessment methodology in this paper suggests the following conclusions: (i) risk assessment at the functional-requirement specification phase can be used to classify functional requirements in terms of their complexity and severity; (ii) dynamic complexity metrics and the concurrence metric can be important in assessing the risk factors based on the complexity of functional specifications; (iii) the concurrence complexity metric is an important aspect of dynamic complexity; and (iv) CPN models can be used to build an executable specification of the system, which helps the analyst not only to acquire deep understanding of the system but also to study the dynamic behavior of the system by simulating the model