Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation
September 2003 • Technical Report
David J. Carney, Edwin J. Morris, Patrick R. Place
This 2003 report describes the development of an approach to reduce the number of program failures attributable to COTS software: the COTS Usage Risk Evaluation (CURE).
Software Engineering Institute
CMU/SEI Report Number
DOI (Digital Object Identifier):10.1184/R1/6574157.v1
The expansion in use of commercial off-the-shelf (COTS) products has been accompanied by an increase in program failures. Many of these failures have been due to a lack of familiarity with the changed approach that COTS products demand. This report describes the development of an approach to reduce the number of program failures attributable to COTS software: the COTS Usage Risk Evaluation (CURE). The origin of CURE and an overview of the method, along with detail on the materials and mechanisms used in CURE, are provided. The CURE process is outlined and the results of the evaluations that have been conducted are summarized. Finally, possible future directions for CURE are explored.
The CURE Components link below provides the following artifacts:
- The overview describes the overall process for the COTS Usage Risk Evaluation (CURE) as seen from the viewpoint of a member of a program to which CURE is applied.
- Initial questionnaire: a document sent to the program in order that the evaluation team can understand the goals of the program and shape the face-to-face interview.
- Discussion document: a complete list of topics that might be discussed during the interview.
- Evaluation record: a variant of the discussion document that is used by the evaluation team to record the information heard during the interview.
- CURE database: a rudimentary Microsoft Access database (and accompanying image) that supports the evaluation team in the analysis of the data gained from the interview.
- Analysis process: an outline of the steps of the analysis process.