Review By: Kamesh Pemmaraju
09/10/2002In one concise volume, the authors of this book describe eight fundamental and eminently practical techniques for managing the risks inherent in developing critical software systems. The eight techniques are Hazard Analysis, Testing, Design Analysis, Prediction, Review, Static Code Analysis, Configuration Management, and Change Control. The authors discuss each technique in detail, with excellent examples and statistical data from real software projects. Furthermore, the authors describe the benefits and risks of each technique and provide suggestions for when and where they can be applied effectively.

Throughout the book, the authors discuss the cost implications of the techniques and point out the tradeoffs involved. They emphasize that the decisions about costs and tradeoffs should be tempered with sound business judgment, a judgment that should consider factors related to the market, product, technology, and ultimately the consequences of failure. The authors discuss consequences of failures from three perspectives: product, process, and resources.

The authors describe tool support for the techniques along with examples of commercially available tools. The section on tools describes the interplay between marketing and engineering and how this influenced the evolution of tools in the history of the software tools industry. Once again, the authors note the importance of business value of the tools for widespread adoption of tools within organizations

The authors caution the reader that none of the techniques are foolproof. They especially point out if the original problem is ill defined or not well understood, or if the solution is incorrect, inappropriate, or incomplete, all the techniques in the world will not put the software right.

None of the techniques described in the book are new. These techniques have been well researched in the academic world and many books have been written about them. Furthermore, the techniques have been empirically shown to be very effective at what they do and consequently enjoy widespread support in the software engineering community.

Unfortunately, the state-of-the-practice remains woefully behind the state-of-the-art. This book attempts to bridge that gap. The book is relentlessly practical and grounded in real-world experience and supported with excellent field data showing the effectiveness of the techniques described.

The business-oriented presentation of this book is what sets it apart from other classic engineering books. Wherever possible, the authors of the book attempted to describe the tradeoffs involved when implementing these techniques in real-world projects. They emphasize that consideration must be given to business value, cost savings, return-on-investment, and other business-related metrics when investing in these techniques.

One area worth highlighting is the authors’ recommendation to use Economic Value for supporting investment decisions. They recommend a metric net present value (NPV) to meld business and technology decisions and to explicitly bring out the value of software to demonstrate just how important software is to a company’s economic viability.

The writing style is informal, easy to read, and the techniques are described in simple, lay terms. The sidebars carry relevant case studies and real-world examples infusing a sense of dynamism and variety to the book.

The book is definitely worth adding to any software practitioner’s bookshelf and I recommend it to everyone embarking on a critical software development project.