Understanding risks in off-the-shelf-based custom software projects

Download files
Access & Terms of Use
open access
Copyright: Kusumo, Dana Sulistiyo
CC BY-NC-ND 3.0
Altmetric
Abstract
Different software development project stakeholders (developers and acquirers) can have different perceptions of risks and how they should be mitigated. But these differences are not well understood or managed. This general issue occurs in off-the-shelf (OTS)-based custom software projects, which use and integrate OTS software in developing specialized software for an individual customer. This research provides a better understanding of risks to developers and acquirers in OTS-based custom software projects. This research consisted of five phases: 1. A systematic mapping study to identify OTS-based software acquisition processes. 2. A further mapping study to identify and classify risks related to OTS-based custom development and acquisition. 3. A survey of developers and acquirers in Indonesia to investigate in practice the characteristics of OTS-based risks that are shared by developers and acquirers. 4. Analysis of the survey data using a risk assessment framework based on stakeholder analysis. This focused on identifying differences in risk control, impact and responsibility between both stakeholders. 5. A multi-case study (four cases) to provide a deeper and more contextual analysis of these differences. Through these investigations we were able to: 1. Identify six OTS-specific acquisition processes not previously recognized. 2. Identify and classify risks of OTS-based custom projects into seventeen categories. 3. Use the survey to investigate eleven risks of the seventeen relevant risk categories. This revealed that: (a) A greater number of risks occurred more frequently in acquisition rather than in development (b) In general the stakeholders agreed on who can best control the risks (developer). (c) There were different perceptions on who is most impacted by risks. (d) Developers were considered to bear most responsibility for risk. 2. The case study identified seventeen detailed findings related to risk control and impact for the eleven risks studied. In general most acquisition risks derive from the same concerns as development risks. However technically related risks are found less often in acquisition and project management related risks less often in development. 
Persistent link to this record
http://hdl.handle.net/1959.4/52981
DOI
https://doi.org/10.26190/unsworks/16424
Link to Publisher Version
Link to Open Access Version
Additional Link
Author(s)
Kusumo, Dana Sulistiyo
Supervisor(s)
Zhu, Liming
Staples, Mark
Jeffery, Ross
Creator(s)
Editor(s)
Translator(s)
Curator(s)
Designer(s)
Arranger(s)
Composer(s)
Recordist(s)
Conference Proceedings Editor(s)
Other Contributor(s)
Corporate/Industry Contributor(s)
Publication Year
2013
Resource Type
Thesis
Degree Type
PhD Doctorate
UNSW Faculty
Files
download whole.pdf 1.57 MB Adobe Portable Document Format
Related dataset(s)
View full record Show statistics