No matter how careful your testing, no matter how complete your review, there is a non-zero probability that releasing your new code will expose a problem. The last phase of risk management is handling a risk that actually manifests. At the end of the last post, I mentioned the importance of post-release testing and an… Read More »
You’ve carefully assessed the risks in your new system. You’ve considered the implementation and eliminated bad implementation decisions and removed unnecessary features that involved extra risk. Considering the result, you note that there is still risk. So, what do you do? You try to mitigate the remaining risk. Risk mitigation does not remove the risk… Read More »
Many people doing risk management assert that you cannot eliminate risk. Those people are partly right. If you are willing to modify the functionality of a program or system, you can eliminate some kinds of risk, Obviously, this is much easier early in the design or implementation of a system. Trade-offs to Eliminate Risk Part… Read More »
Any project or software includes potential risks. Will it do the job or fail? Will it leak user information? Will it serve as a springboard for attacking other systems? When you realize the need to learn how risky your software is, there are a number of approaches to assessing that risk. If a piece of… Read More »