Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2003-TR-023DOI (Digital Object Identifier)
10.1184/R1/6574157.v1Subjects
Abstract
The expansion in use of commercial off-the-shelf (COTS) products has been accompanied by an increase in program failures. Many of these failures have been due to a lack of familiarity with the changed approach that COTS products demand. This report describes the development of an approach to reduce the number of program failures attributable to COTS software: the COTS Usage Risk Evaluation (CURE). The origin of CURE and an overview of the method, along with detail on the materials and mechanisms used in CURE, are provided. The CURE process is outlined and the results of the evaluations that have been conducted are summarized. Finally, possible future directions for CURE are explored.
CURE Components
The CURE Components link below provides the following artifacts:
- The overview describes the overall process for the COTS Usage Risk Evaluation (CURE) as seen from the viewpoint of a member of a program to which CURE is applied.
- Initial questionnaire: a document sent to the program in order that the evaluation team can understand the goals of the program and shape the face-to-face interview.
- Discussion document: a complete list of topics that might be discussed during the interview.
- Evaluation record: a variant of the discussion document that is used by the evaluation team to record the information heard during the interview.
- CURE database: a rudimentary Microsoft Access database (and accompanying image) that supports the evaluation team in the analysis of the data gained from the interview.
- Analysis process: an outline of the steps of the analysis process.
Cite This Technical Report
Carney, D., Morris, E., & Place, P. (2003, September 1). Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation. (Technical Report CMU/SEI-2003-TR-023). Retrieved April 19, 2024, from https://doi.org/10.1184/R1/6574157.v1.
@techreport{carney_2003,
author={Carney, David and Morris, Edwin and Place, Patrick},
title={Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation},
month={Sep},
year={2003},
number={CMU/SEI-2003-TR-023},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6574157.v1},
note={Accessed: 2024-Apr-19}
}
Carney, David, Edwin Morris, and Patrick Place. "Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation." (CMU/SEI-2003-TR-023). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 1, 2003. https://doi.org/10.1184/R1/6574157.v1.
D. Carney, E. Morris, and P. Place, "Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2003-TR-023, 1-Sep-2003 [Online]. Available: https://doi.org/10.1184/R1/6574157.v1. [Accessed: 19-Apr-2024].
Carney, David, Edwin Morris, and Patrick Place. "Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation." (Technical Report CMU/SEI-2003-TR-023). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Sep. 2003. https://doi.org/10.1184/R1/6574157.v1. Accessed 19 Apr. 2024.
Carney, David; Morris, Edwin; & Place, Patrick. Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation. CMU/SEI-2003-TR-023. Software Engineering Institute. 2003. https://doi.org/10.1184/R1/6574157.v1