Abstract

Software Risk Evaluation (SRE) is a process for identifying, analyzing, and developing mitigation strategies for risks in a software intensive system while it is in development. Risk assessment incorporates risk analysis and risk management, i.e. it combines systematic processes for risk identification and determination of their consequences, and how to deal with these risks? Many risk assessment methodologies exist, focusing on different types of risk or different areas of concern. Risk evaluation means to determine level of risk, prioritize the risk and categorize the risk. In this paper we have proposed a Software Risk Assessment and Evaluation Process (SRAEP) using model based approach. We have used model based approach because it requires correct description of the target system, its context and all security features. In SRAEP, we have used the software fault tree (SFT) to identify the risk. Finally we have compared the weaknesses of existing Software Risk Assessment and Estimation Model (SRAEM) with the proposed SRAEP in order to show the importance of software fault tree.