Risk Assessment in Software Release Practice in Public Organization Information Management Systems

Abstract

The purpose of this paper is to document the United States Air Force’s (USAF) approach to risk assessment of software during the release phase of development and to provide material to support improvement recommendations in the USAF approach. The USAF faces the problem common to all software development projects in that its organizations must decide how much to test software before releasing it for its intended purpose. At issue is the accurate assessment of risk that supports decision making and leads to the appropriate use of resources for testing, including other quality control measures, and the appropriate acceptance of residual risk at the time of software release. Organizations that carry out risk assessments are accountable for the efficient and effective allocation of resources to risk reduction, which makes fidelity in risk assessment a worthy endeavor for accountability in public administration. The research methodology was informed by grounded theory and generative social science (Charmaz, 2008; Epstein, 2006) and included lesson drawing (Rose, 1993), and affinity diagramming (Straker, 1995). This work provides a literature review cast with a wide net to address risk assessment at the intersection of software development and a public administration environment. The result is a list of both broad and specific ways in which a USAF method of risk assessment for software can be improved, an initial version of a software defect prediction model constructed from the analysis results, and a list of high-level steps to add the practice of modeling to the tool kit of USAF software professionals. The steps can be pursued with minimum commitment, by building upon the initial model for software defect prediction and adding the modeling to risk assessment tasks, in furtherance of the objective of the research. Additionally, this research provides suggested entry points to public administration topics suitable for further research with applicability to software development in the public sector.