Identification of commercial items risk factors

Abstract

Since the end of the Cold War, reduced budgets have limited technology growth in the defense industry making the use of Commercial Off-The-Shelf (COTS) software the accepted way to build systems. Twenty years ago, almost all DOD software-intensive systems were built by awarding large multimillion-dollar contracts to defense contractors to build systems from scratch. Consequently, with dwindling budgets, the military has recognized that they can no longer build an infrastructure independent of commercial industry. The use of commercial items does not reduce or eliminate the risks associated with the traditional development of software systems. Numerous programs have stumbled for the lack of careful consideration and identification of the unique risk factors imposed by commercial items. Even though the types of programs are diverse, there are common risk factors that can be identified from the past experiences of these programs. This thesis focuses on the critical risk factors and lessons learned associated with integrating commercial items into DOD software programs. It summarize lessons learn from programs that have made extensive use of commercial items, provides a risk checklist/questionnaire to assist PMs and developers in understanding the risks associated with their developments of a system using commercial items, and suggests mitigation strategies, which can be used as guidelines for the risk factors, to consider when adopting commercial components. Providing the starting point for a systematic structure approach to the risk management of commercial items.