[1] B.W. Boehm. Tutorial: Software Risk Management, IEEE Computer Society Press, 1989.
[2] E.M. Hall. Managing Risk: Methods for Software Systems Development, Addison-Wesley Pub Co., 1998.
[3] R.N. Charette. Software Engineering Risk Analysis and Management, New York: McGraw-Hill, 1989.
[4] M.J. Carr, S.L. Konda, I.A. Monarch, F.C. Ulrich, and C.F. Walker. Taxonomy-Based Risk Identification, SEI Technical Report SEI-93-TR-006, Pittsburgh, PA: Software Engineering Institute, 1993.
[5] D.W. Karolak. Software Engineering Risk Management, Washington, DC: IEEE, 1996.
[6] J.D. Edgar. Controlling Murphy: How to Budget for Program Risk (originally presented in Concepts, summer 1982, pages 60-73). In: Tutorial: Software Risk Management, ed. B.W. Boehm. Washington, D.C.: IEEE Computer Society Press, 1989. pp. 282-291.
[7] J. Ropponen, Risk Management in Information System Development TR-3, 1993. Computer Science Reports. University of Jyväskylä, Department of Computer Science and Information Systems. Jyväskylä.
[8] The American Heritage Dictionary of the English Language, U.S.A.: Microsoft Bookshelf/Houghton Mifflin Company, 1992.
[9] Merriam-Webster's Collegiate Dictionary, Springfield, MA: Merriam-Webster, 1995.
[10] W.D. Rowe. An Anatomy of Risk, New York: John Wiley & Sons, 1977.
[11] J. Kontio, Software Engineering Risk Management: A Technology Review Report PI_4.1, 1994. A proprietary Nokia Research Center project deliverable. Nokia Research Center. Helsinki, Finland.
[12] Rational, UML Notation Guide, version 1.1 1997. Rational Inc.
[13] J. Von Neumann and O. Morgenstern. Theory of Games and Economic Behavior, Princeton: Princeton University Press, 1944.
[14] S. French. Readings in Decision Analysis, London: Chapman and Hall, 1989.
[15] M. Friedman and L.J. Savage, The Utility Analysis of Choices Involving Risk Journal of Political Economy, vol. 56, pp. 279-304, 1948.
[16] B.W. Boehm. Software Engineering Economics, Englewood Cliffs, N.J.: Prentice Hall, 1981.
[17] H. Englund, A Case Study to Explore Risk Management Methods 1997. Kunglika Tekniska Högskolan, Stockholm, Sweden. Masters thesis.
[18] J. Kontio and V.R. Basili, Risk Knowledge Capture in the Riskit Method 1996. Proceedings of the 21st Software Engineering Workshop. NASA. Greenbelt, Maryland. file name: SEW-21FN.DOC.
[19] J. Kontio, H. Englund, and V.R. Basili, Experiences from an Exploratory Case Study with a Software Risk Management Method CS-TR-3705, 1996. Computer Science Technical Reports. University of Maryland. College Park, Maryland.
[20] J. Kontio, The Riskit Method for Software Risk Management, version 1.00 CS-TR-3782 / UMIACS-TR-97-38, 1997. Computer Science Technical Reports. University of Maryland. College Park, MD.
[21] J. Kontio and V.R. Basili, Empirical Evaluation of a Risk Management Method 1997. Proceedings of the SEI Conference on Risk Management. Software Engineering Institute. Pittsburgh, PA.
1 In practice it is possible that some risk factors are probabilistic, i.e., it is not known whether they are true for the environment or not. For instance, if new people are recruited for a project, it may be possible that a factor called "inexperienced personnel" becomes true. Such a situation is modeled by defining a risk event that influences a risk factor, i.e., risk event would be called "recruiting results in inexperienced personnel" and it would have a relationship to a factor called "inexperienced personnel".
2 Note that this is different from "a change in requirements", which would be a risk event. When defined as a factor, "unstable requirements" refers to the characteristics of the situation.
3 Note that we use the term "reaction" to action that is taken after the risk event occurs, as opposed to "risk controlling actions" that are taken before risk events occur.
4 The utility theory states that people make relative comparisons between alternatives based on the utility (or utility loss) that they cause. The utility is the level of satisfaction, pleasure or joy that a person feels or expects.
5 The multiplicity symbols are interpreted as follows:
1 - Exactly one association leaves or enters the class.
* - Any number of associations leave or enter the class
1..* - At least one association leaves or enters the class.
