\documentclass[11pt,twoside]{article}\makeatletter \IfFileExists{xcolor.sty}% {\RequirePackage{xcolor}}% {\RequirePackage{color}} \usepackage{colortbl} \usepackage{wrapfig} \usepackage{ifxetex} \ifxetex \usepackage{fontspec} \usepackage{xunicode} \catcode`⃥=\active \def⃥{\textbackslash} \catcode`❴=\active \def❴{\{} \catcode`❵=\active \def❵{\}} \def\textJapanese{\fontspec{Noto Sans CJK JP}} \def\textChinese{\fontspec{Noto Sans CJK SC}} \def\textKorean{\fontspec{Noto Sans CJK KR}} \setmonofont{DejaVu Sans Mono} \else \IfFileExists{utf8x.def}% {\usepackage[utf8x]{inputenc} \PrerenderUnicode{–} }% {\usepackage[utf8]{inputenc}} \usepackage[english]{babel} \usepackage[T1]{fontenc} \usepackage{float} \usepackage[]{ucs} \uc@dclc{8421}{default}{\textbackslash } \uc@dclc{10100}{default}{\{} \uc@dclc{10101}{default}{\}} \uc@dclc{8491}{default}{\AA{}} \uc@dclc{8239}{default}{\,} \uc@dclc{20154}{default}{ } \uc@dclc{10148}{default}{>} \def\textschwa{\rotatebox{-90}{e}} \def\textJapanese{} \def\textChinese{} \IfFileExists{tipa.sty}{\usepackage{tipa}}{} \fi \def\exampleFont{\ttfamily\small} \DeclareTextSymbol{\textpi}{OML}{25} \usepackage{relsize} \RequirePackage{array} \def\@testpach{\@chclass \ifnum \@lastchclass=6 \@ne \@chnum \@ne \else \ifnum \@lastchclass=7 5 \else \ifnum \@lastchclass=8 \tw@ \else \ifnum \@lastchclass=9 \thr@@ \else \z@ \ifnum \@lastchclass = 10 \else \edef\@nextchar{\expandafter\string\@nextchar}% \@chnum \if \@nextchar c\z@ \else \if \@nextchar l\@ne \else \if \@nextchar r\tw@ \else \z@ \@chclass \if\@nextchar |\@ne \else \if \@nextchar !6 \else \if \@nextchar @7 \else \if \@nextchar (8 \else \if \@nextchar )9 \else 10 \@chnum \if \@nextchar m\thr@@\else \if \@nextchar p4 \else \if \@nextchar b5 \else \z@ \@chclass \z@ \@preamerr \z@ \fi \fi \fi \fi \fi \fi \fi \fi \fi \fi \fi \fi \fi \fi \fi \fi} \gdef\arraybackslash{\let\\=\@arraycr} \def\@textsubscript#1{{\m@th\ensuremath{_{\mbox{\fontsize\sf@size\z@#1}}}}} \def\Panel#1#2#3#4{\multicolumn{#3}{){\columncolor{#2}}#4}{#1}} \def\abbr{} \def\corr{} \def\expan{} \def\gap{} \def\orig{} \def\reg{} \def\ref{} \def\sic{} \def\persName{}\def\name{} \def\placeName{} \def\orgName{} \def\textcal#1{{\fontspec{Lucida Calligraphy}#1}} \def\textgothic#1{{\fontspec{Lucida Blackletter}#1}} \def\textlarge#1{{\large #1}} \def\textoverbar#1{\ensuremath{\overline{#1}}} \def\textquoted#1{‘#1’} \def\textsmall#1{{\small #1}} \def\textsubscript#1{\@textsubscript{\selectfont#1}} \def\textxi{\ensuremath{\xi}} \def\titlem{\itshape} \newenvironment{biblfree}{}{\ifvmode\par\fi } \newenvironment{bibl}{}{} \newenvironment{byline}{\vskip6pt\itshape\fontsize{16pt}{18pt}\selectfont}{\par } \newenvironment{citbibl}{}{\ifvmode\par\fi } \newenvironment{docAuthor}{\ifvmode\vskip4pt\fontsize{16pt}{18pt}\selectfont\fi\itshape}{\ifvmode\par\fi } \newenvironment{docDate}{}{\ifvmode\par\fi } \newenvironment{docImprint}{\vskip 6pt}{\ifvmode\par\fi } \newenvironment{docTitle}{\vskip6pt\bfseries\fontsize{22pt}{25pt}\selectfont}{\par } \newenvironment{msHead}{\vskip 6pt}{\par} \newenvironment{msItem}{\vskip 6pt}{\par} \newenvironment{rubric}{}{} \newenvironment{titlePart}{}{\par } \newcolumntype{L}[1]{){\raggedright\arraybackslash}p{#1}} \newcolumntype{C}[1]{){\centering\arraybackslash}p{#1}} \newcolumntype{R}[1]{){\raggedleft\arraybackslash}p{#1}} \newcolumntype{P}[1]{){\arraybackslash}p{#1}} \newcolumntype{B}[1]{){\arraybackslash}b{#1}} \newcolumntype{M}[1]{){\arraybackslash}m{#1}} \definecolor{label}{gray}{0.75} \def\unusedattribute#1{\sout{\textcolor{label}{#1}}} \DeclareRobustCommand*{\xref}{\hyper@normalise\xref@} \def\xref@#1#2{\hyper@linkurl{#2}{#1}} \begingroup \catcode`\_=\active \gdef_#1{\ensuremath{\sb{\mathrm{#1}}}} \endgroup \mathcode`\_=\string"8000 \catcode`\_=12\relax \usepackage[a4paper,twoside,lmargin=1in,rmargin=1in,tmargin=1in,bmargin=1in,marginparwidth=0.75in]{geometry} \usepackage{framed} \definecolor{shadecolor}{gray}{0.95} \usepackage{longtable} \usepackage[normalem]{ulem} \usepackage{fancyvrb} \usepackage{fancyhdr} \usepackage{graphicx} \usepackage{marginnote} \renewcommand{\@cite}[1]{#1} \renewcommand*{\marginfont}{\itshape\footnotesize} \def\Gin@extensions{.pdf,.png,.jpg,.mps,.tif} \pagestyle{fancy} \usepackage[pdftitle={Identification of Critical Risk Phase in Commercial-off-the-Shelf Software (CBSD) using FMEA Approach}, pdfauthor={}]{hyperref} \hyperbaseurl{} \paperwidth210mm \paperheight297mm \def\@pnumwidth{1.55em} \def\@tocrmarg {2.55em} \def\@dotsep{4.5} \setcounter{tocdepth}{3} \clubpenalty=8000 \emergencystretch 3em \hbadness=4000 \hyphenpenalty=400 \pretolerance=750 \tolerance=2000 \vbadness=4000 \widowpenalty=10000 \renewcommand\section{\@startsection {section}{1}{\z@}% {-1.75ex \@plus -0.5ex \@minus -.2ex}% {0.5ex \@plus .2ex}% {\reset@font\Large\bfseries}} \renewcommand\subsection{\@startsection{subsection}{2}{\z@}% {-1.75ex\@plus -0.5ex \@minus- .2ex}% {0.5ex \@plus .2ex}% {\reset@font\Large}} \renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}% {-1.5ex\@plus -0.35ex \@minus -.2ex}% {0.5ex \@plus .2ex}% {\reset@font\large}} \renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}% {-1ex \@plus-0.35ex \@minus -0.2ex}% {0.5ex \@plus .2ex}% {\reset@font\normalsize}} \renewcommand\subparagraph{\@startsection{subparagraph}{5}{\parindent}% {1.5ex \@plus1ex \@minus .2ex}% {-1em}% {\reset@font\normalsize\bfseries}} \def\l@section#1#2{\addpenalty{\@secpenalty} \addvspace{1.0em plus 1pt} \@tempdima 1.5em \begingroup \parindent \z@ \rightskip \@pnumwidth \parfillskip -\@pnumwidth \bfseries \leavevmode #1\hfil \hbox to\@pnumwidth{\hss #2}\par \endgroup} \def\l@subsection{\@dottedtocline{2}{1.5em}{2.3em}} \def\l@subsubsection{\@dottedtocline{3}{3.8em}{3.2em}} \def\l@paragraph{\@dottedtocline{4}{7.0em}{4.1em}} \def\l@subparagraph{\@dottedtocline{5}{10em}{5em}} \@ifundefined{c@section}{\newcounter{section}}{} \@ifundefined{c@chapter}{\newcounter{chapter}}{} \newif\if@mainmatter \@mainmattertrue \def\chaptername{Chapter} \def\frontmatter{% \pagenumbering{roman} \def\thechapter{\@roman\c@chapter} \def\theHchapter{\roman{chapter}} \def\thesection{\@roman\c@section} \def\theHsection{\roman{section}} \def\@chapapp{}% } \def\mainmatter{% \cleardoublepage \def\thechapter{\@arabic\c@chapter} \setcounter{chapter}{0} \setcounter{section}{0} \pagenumbering{arabic} \setcounter{secnumdepth}{6} \def\@chapapp{\chaptername}% \def\theHchapter{\arabic{chapter}} \def\thesection{\@arabic\c@section} \def\theHsection{\arabic{section}} } \def\backmatter{% \cleardoublepage \setcounter{chapter}{0} \setcounter{section}{0} \setcounter{secnumdepth}{2} \def\@chapapp{\appendixname}% \def\thechapter{\@Alph\c@chapter} \def\theHchapter{\Alph{chapter}} \appendix } \newenvironment{bibitemlist}[1]{% \list{\@biblabel{\@arabic\c@enumiv}}% {\settowidth\labelwidth{\@biblabel{#1}}% \leftmargin\labelwidth \advance\leftmargin\labelsep \@openbib@code \usecounter{enumiv}% \let\p@enumiv\@empty \renewcommand\theenumiv{\@arabic\c@enumiv}% }% \sloppy \clubpenalty4000 \@clubpenalty \clubpenalty \widowpenalty4000% \sfcode`\.\@m}% {\def\@noitemerr {\@latex@warning{Empty `bibitemlist' environment}}% \endlist} \def\tableofcontents{\section*{\contentsname}\@starttoc{toc}} \parskip0pt \parindent1em \def\Panel#1#2#3#4{\multicolumn{#3}{){\columncolor{#2}}#4}{#1}} \newenvironment{reflist}{% \begin{raggedright}\begin{list}{} {% \setlength{\topsep}{0pt}% \setlength{\rightmargin}{0.25in}% \setlength{\itemsep}{0pt}% \setlength{\itemindent}{0pt}% \setlength{\parskip}{0pt}% \setlength{\parsep}{2pt}% \def\makelabel##1{\itshape ##1}}% } {\end{list}\end{raggedright}} \newenvironment{sansreflist}{% \begin{raggedright}\begin{list}{} {% \setlength{\topsep}{0pt}% \setlength{\rightmargin}{0.25in}% \setlength{\itemindent}{0pt}% \setlength{\parskip}{0pt}% \setlength{\itemsep}{0pt}% \setlength{\parsep}{2pt}% \def\makelabel##1{\upshape ##1}}% } {\end{list}\end{raggedright}} \newenvironment{specHead}[2]% {\vspace{20pt}\hrule\vspace{10pt}% \phantomsection\label{#1}\markright{#2}% \pdfbookmark[2]{#2}{#1}% \hspace{-0.75in}{\bfseries\fontsize{16pt}{18pt}\selectfont#2}% }{} \def\TheFullDate{2014-01-15 (revised: 15 January 2014)} \def\TheID{\makeatother } \def\TheDate{2014-01-15} \title{Identification of Critical Risk Phase in Commercial-off-the-Shelf Software (CBSD) using FMEA Approach} \author{}\makeatletter \makeatletter \newcommand*{\cleartoleftpage}{% \clearpage \if@twoside \ifodd\c@page \hbox{}\newpage \if@twocolumn \hbox{}\newpage \fi \fi \fi } \makeatother \makeatletter \thispagestyle{empty} \markright{\@title}\markboth{\@title}{\@author} \renewcommand\small{\@setfontsize\small{9pt}{11pt}\abovedisplayskip 8.5\p@ plus3\p@ minus4\p@ \belowdisplayskip \abovedisplayskip \abovedisplayshortskip \z@ plus2\p@ \belowdisplayshortskip 4\p@ plus2\p@ minus2\p@ \def\@listi{\leftmargin\leftmargini \topsep 2\p@ plus1\p@ minus1\p@ \parsep 2\p@ plus\p@ minus\p@ \itemsep 1pt} } \makeatother \fvset{frame=single,numberblanklines=false,xleftmargin=5mm,xrightmargin=5mm} \fancyhf{} \setlength{\headheight}{14pt} \fancyhead[LE]{\bfseries\leftmark} \fancyhead[RO]{\bfseries\rightmark} \fancyfoot[RO]{} \fancyfoot[CO]{\thepage} \fancyfoot[LO]{\TheID} \fancyfoot[LE]{} \fancyfoot[CE]{\thepage} \fancyfoot[RE]{\TheID} \hypersetup{citebordercolor=0.75 0.75 0.75,linkbordercolor=0.75 0.75 0.75,urlbordercolor=0.75 0.75 0.75,bookmarksnumbered=true} \fancypagestyle{plain}{\fancyhead{}\renewcommand{\headrulewidth}{0pt}} \date{} \usepackage{authblk} \providecommand{\keywords}[1] { \footnotesize \textbf{\textit{Index terms---}} #1 } \usepackage{graphicx,xcolor} \definecolor{GJBlue}{HTML}{273B81} \definecolor{GJLightBlue}{HTML}{0A9DD9} \definecolor{GJMediumGrey}{HTML}{6D6E70} \definecolor{GJLightGrey}{HTML}{929497} \renewenvironment{abstract}{% \setlength{\parindent}{0pt}\raggedright \textcolor{GJMediumGrey}{\rule{\textwidth}{2pt}} \vskip16pt \textcolor{GJBlue}{\large\bfseries\abstractname\space} }{% \vskip8pt \textcolor{GJMediumGrey}{\rule{\textwidth}{2pt}} \vskip16pt } \usepackage[absolute,overlay]{textpos} \makeatother \usepackage{lineno} \linenumbers \begin{document} \author[1]{Palak Arora} \author[2]{Harshpreet Singh} \affil[1]{ Lovely Professional University} \renewcommand\Authands{ and } \date{\small \em Received: 6 December 2013 Accepted: 3 January 2014 Published: 15 January 2014} \maketitle \begin{abstract} COTS based development is becoming a popular software development approach for building large organizational software using existing developed components. COTS based approach provides pre-developed components either as in house or commercial off the shelf components, which reduces effort and cost for developing the software. There are potential challenges, risks and complexities in using COTS components. This paper provides an analysis of risks and challenges faced during developing software using CBSD approach. The risks under various phases are identified, categorized and prioritized the risks in various phases of CBSD and provide the mitigation strategy to manage the risks. \end{abstract} \keywords{CBSD, risks in CBSD, risk mitigation} \begin{textblock*}{18cm}(1cm,1cm) % {block width} (coords) \textcolor{GJBlue}{\LARGE Global Journals \LaTeX\ JournalKaleidoscope\texttrademark} \end{textblock*} \begin{textblock*}{18cm}(1.4cm,1.5cm) % {block width} (coords) \textcolor{GJBlue}{\footnotesize \\ Artificial Intelligence formulated this projection for compatibility purposes from the original article published at Global Journals. However, this technology is currently in beta. \emph{Therefore, kindly ignore odd layouts, missed formulae, text, tables, or figures.}} \end{textblock*} \let\tabcellsep& \par Identification of Critical Risk Phase in Commercial-off-the-Shelf Software (CBSD) using FMEA Approach Introduction OTS-based software development aims in building the software using the existing developed components. The components can be developed in house for usage among vast projects of similar requirements. The components can also be purchased from the market as the components are also developed as small software's which intend to provide the basic functionality required for large projects.\par Various components are also available in the repositories with their functionalities and Quality attributes. A target application/ software are developed by selecting the appropriate components from the component repository \& then integrating the components into a target system as in Figure {\ref 1} below.\par At present time, more than 60\% of software are developed using component approach due to its enormous features such as:\par Author ?: Student, School of CSE, Lovely Professional University Phagwara, Punjab. e-mail: palakarora718@gmail.com Author ?: Assistant Professor, School of CSE Lovely Professional University Phagwara, Punjab. e-mail: harshpreet.17478@lpu.co.in \section[{Select Integrate}]{Select Integrate}\par Figure {\ref 1} : Component-based Software Development\par ? Rapidly development.\par ? Accessed Immediately.\par ? Reduced Complexity.\par ? Increases efficiency of products.\par ? Reduced implementation, operating and maintenance cost. ? Reduced amount of time to deliver products in the market, budget and schedule saving, more than half of the software developers used component based approach. This approach has reduced the software crisis at great extent \hyperref[b5]{[6]}.\par The main rationale of CBSD approach is to develop big system by integrating the pre-built components which decrease the progress time \& costs. There are five main phases: Identification, Evaluation, Selection, Integration and Development of component to develop software using CBSD approach as mentioned in Figure {\ref 2} below. \section[{II.}]{II.} \section[{Review of Literature}]{Review of Literature}\par To provide a reliable and effective software product in the market, software industry influenced by COTS development approach. In software applications CBSD is the only need to be written once and re-used multiple times than being re-written every time when a new application is developed. CBSD approach overlaps the traditional software engineering approach where existing technologies were failed to deliver project ontime and on-budget. The main reasons of these failures are: Testing -Figure {\ref 2} : COTS Development Life cycle -efforts are not properly estimated; Team's skill is under/over estimated. However, the use of CBSD approach provides a lot of benefits, but still there are several challenges, risks, uncertainties related to this approach \hyperref[b5]{[6]}. As the name suggested, CBSD approach means use of existing components, we are depending upon someone else (lack of trust). The main reasons of these problems are due to these factors:? Wrong selection of components,\par ? Black box nature (non-availability of code) of COTS Components,\par ? Lack of knowledge, guidance etc.\par ? Unknown quality of COTS Products.\par Many times, some risks are not identified in one phase and it overlaps to the second phase so in this way, it influences the whole software and fails to the organization's business. So, there is a need of proper Risk Management for using this CBSD approach from the starting phase. Failure Modes and Effects Analysis (FMEA) is a systematic method for evaluating a process to identify where risk is and how it might fail and to assess the relative impact of different failures \hyperref[b6]{[7]}. With the help of FMEA approach, this paper provides risk management strategy for Commercial-off-The-Shelf Software development. \section[{III.}]{III.} \section[{Problem Definition \& Solution}]{Problem Definition \& Solution}\par In developing software using CBSD approach there is an uncertainty that there can be variations between the planned development approach and the actual software developed. A risk could cause an organization to fail to meet its approach and objectives. The main steps of this paper are as in Figure \hyperref[fig_0]{3} below: The use of commercial-off-The Shelf software Development has become an important need for developing software as they offer reduce development time and effort. Similarly there are many challenges faced such as the quality attribute of selected components may cause deviation in the quality of final product, also the cost and effort involved in integrating component during the design process may cause the product design to deviate from the actual requirement There are many challenges that start during COTS development (Identification, Selection, Evaluation, Integration, and Development) summarised as below \hyperref[b0]{[1]} \section[{i. Identification of risks during CBSD Lifecycle}]{i. Identification of risks during CBSD Lifecycle}\par Using the COTS development approach the components are purchased from the third party vendor due to which the development of the software depends upon the customer support services provided by the vendors. So, there are several chances of arising risks on each phase of CBSD as in figure \hyperref[fig_2]{4}. The risks in CBSD life cycle are due to the factors such as the black box nature of COTS components, lack of interoperability standards, the disparity between the user \& suppliers, incomplete format of requirement documentation etc. The classification of risks based on various phases is briefly defined as in \hyperref[b5]{[6]}. Risk during this phase is associated with the problems of evaluating and selecting off-the-shelf software for use in the system. The risks in this phase are due to some parameters as unavailability of source code, inflexibility of COTS components, lack of requirement document, architecture mismatches etc. \section[{Risks in COTS Integration Phase}]{Risks in COTS Integration Phase}\par These risks are associated with problems of integrating systems from the existing COTS components. These risks can occur while composing of COTS components due to the lack of interoperability standards, occurrence of incompatible format among different COTS components, incomplete format of requirements etc. \section[{Risks during COTS Development}]{Risks during COTS Development}\par The risks in this phase are arises when we develop the architecture from the selected COTS components. The risk arises due to the problem of using an inappropriate development process. \section[{Risks during COTS Implementation Phase}]{Risks during COTS Implementation Phase}\par The risks in this phase are during when we implement the final systems after selecting the appropriate components. These risks are due to the unclear design assumptions, performance factors, and security factors.\par ii. Classification of Risks during Phase-wise of CBSD There are three types of areas where the identified risk arises mostly:\par ? Functional/ Operational Requirements -The risks are which arises with the functionality and performance of the system as perceived by its operators.\par ? Procedural approach -The risks that are related with the technical characteristics of COTS products. ? Production strategy -Those risks which are related with the vendor of the COTS product. In COTS components, the actual functionality and performance of a COTS product are not as publicized so the system may not meet its requirements.\par Requirements Gap COTS component does not match the current operational requirements or procedures. \section[{Security and Safety Issues}]{Security and Safety Issues}\par It may not be possible to certify that the product meets requirements because the COTS product must be tested as a black box without its implementation \section[{Risk involving in Procedural Approach}]{Risk involving in Procedural Approach} \section[{Source code}]{Source code}\par If there is no access to source code, then it may be difficult to trace integration and testing problems to COTS products Upgrades Sometime during upgrading COTS software, it increases the size of the programs \& the size of the hardware memory in the system may be insufficient. \section[{Risks involving in Production Strategy}]{Risks involving in Production Strategy} \section[{iii. Risk Mitigation}]{iii. Risk Mitigation}\par The main focus is to track, control and reduce the identified risk. A survey was conducted in various CMM level 2 companies which summarized the possibility of risk and corresponding impact of risks. Two approaches are used to calculate the risk score of identified risks in order to plan mitigation approach for the high impact risks. a. Failure Mode and Effect Analysis (FMEA) b. Goal-Driven software Risk Management (GSRM) a. Failure Mode and Effect Analysis A failure mode and effects analysis (FMEA) is a method for examine of potential failure modes within a system for classification by the probability and likelihood of the failures \hyperref[b4]{[5]}. This procedure helps a team to identify potential failure modes based on past experience with similar products, enabling the team to design those failures out of the system with the minimum effort and resource expenditure. Effects analysis refers to studying the consequences of those failures. To calculate the risk score of identified risks, we are using this approach \& filled the questionnaire from the 12 team member based on their past experience of using COTS components.\par The probability of each risk item is measuring on likert scale ranging from low (1), moderate (3), and critical ( {\ref 5} The impact of corresponding risk item is ranging from very low (0) to critical \hyperref[b4]{(5)} Here are some assumptions of choosing these values:\par ? It is assuming that the impact of each risk could be different at each phase; it could be or not be same at each phase. ? Suppose there is a probability of arising risk is Low (1), but its impact may be moderate \hyperref[b1]{(2)} or may be critical \hyperref[b4]{(5)}. The working formula is:\par Results of questionnaire: The results that have been conducted from the respondents are shown as below: - From the above risk score, we analyzed RS5; RS 8 are critical risks because they have high impact of risks. During study it is analyzed that if the risk in one phase is unseen or undetected, it goes to the second phase and so in this way it impacts to the whole system. If the risk in one phase is not detected, it overlaps to the second phase and increases its multiplicative impact factor \hyperref[b4]{[5]}. In GSRM approach the main focus is to integrate the whole risk activities, so that we can identify those phases which have high impact of risks and then we can mitigate those risks. So we will calculate the total impact of risks as table \hyperref[tab_1]{10}. \section[{Risk Score of Integration Phase}]{Risk Score of Integration Phase}\par The working formula to calculate total risk is as: Analysis of Total Risk Score Now the mitigation strategy will be designed for most critical risk that is Integration Phase.Total Risk Score= ?RS k +?RINT k +?RD k + ?RI k\par COTS Integration means when different COTS packages are combine into a system with "glue code". For ex, Office Automation Software, email, messaging system, where the components are bundled as a procedural library \hyperref[b0]{[1]}. But in this phase many risk arises as:\par ? Lack of interoperability standard.\par ? Lack of tools, methods to integrate components.\par ? Effort for integration may increase from what was estimated. ? When developers try to integrate incompatible COTS components etc.\par This integration phase becomes a most challenging phase in Component-based Software Development. The main failures in software arise due to wrong integration of components. As in \hyperref[b3]{[4]}, the recent computer screen upgrade in the British Government caused nearly 80,000 desktop computers to crash The crash halted the United Kingdom's pension and benefits agency that provides benefits to about 24 million people. The crash delayed the process of new claims and forced employees to fax and fill out some payment checks by hand. The problem occurred during an upgrade across the network of computers. So there is need to improve Integration techniques of COTS components.\par Mitigation guidelines for Integration of COTS Components:\par 1. A proper understanding of component's capabilities is must how components are packaged and evaluated.\par 2. A developer should avoid general modifications to COTS components.\par 3. Modifications that add the complexity to the project of COTS components should be avoided. IV. \section[{Conlcusion}]{Conlcusion}\par Commercial-off-The-Shelf Software Development has become a great need for large organizations as it saves development time and money. It is belief that COTS components fulfill everyone's needs and can be used as-is. In reality, the risk arises in each phase of CBSD as, COTS selection, Integration, Development and on maintenance phase. In this paper, the main focus is to provide risk identification strategy for COTS based software Development. The risk adds on each phase of CBSD was identified and risk score is calculated to examine the critical risk phase.\begin{figure}[htbp] \noindent\textbf{3}\includegraphics[]{image-2.png} \caption{\label{fig_0}Figure 3 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{}\includegraphics[]{image-3.png} \caption{\label{fig_1}}\end{figure} \begin{figure}[htbp] \noindent\textbf{4}\includegraphics[]{image-4.png} \caption{\label{fig_2}Figure 4 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{}\includegraphics[]{image-5.png} \caption{\label{fig_4}}\end{figure} \begin{figure}[htbp] \noindent\textbf{4}\includegraphics[]{image-6.png} \caption{\label{fig_5}Figure 4 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{56}\includegraphics[]{image-7.png} \caption{\label{fig_6}Figure 5 :Figure 6 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{7}\includegraphics[]{image-8.png} \caption{\label{fig_7}Figure 7 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{8}\includegraphics[]{image-9.png} \caption{\label{fig_8}Figure 8 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{}\includegraphics[]{image-10.png} \caption{\label{fig_9}}\end{figure} \begin{figure}[htbp] \noindent\textbf{9}\includegraphics[]{image-11.png} \caption{\label{fig_10}Figure 9 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{10}\includegraphics[]{image-12.png} \caption{\label{fig_11}Figure 10 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{1} \par \begin{longtable}{P{0.2796416938110749\textwidth}P{0.570358306188925\textwidth}} \multicolumn{2}{l}{1. Risks Involving in Functional/ Operational}\\ Requirements\tabcellsep \\ \tabcellsep Requirements\\ Availability\tabcellsep In the case of COTS components, it is\\ Risks\tabcellsep difficult to predict that the available\\ \tabcellsep COTS component will meet the\\ \tabcellsep functional requirements, so the\\ \tabcellsep estimated development cost and\\ \tabcellsep schedule are highly uncertain\\ Functionality\tabcellsep \\ \& Performance\tabcellsep \end{longtable} \par \caption{\label{tab_1}Table 1 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{2} \par \begin{longtable}{P{0.17322274881516586\textwidth}P{0.6324644549763033\textwidth}P{0.03625592417061611\textwidth}P{0.008056872037914692\textwidth}} Conformance\tabcellsep \multicolumn{3}{l}{COTS components do not conform to}\\ to\tabcellsep commercial\tabcellsep standards\tabcellsep so\\ Commercial\tabcellsep \multicolumn{3}{l}{interoperability with other selected}\\ Standards\tabcellsep \multicolumn{3}{l}{COTS products may be difficult \&}\\ \tabcellsep costly.\tabcellsep \tabcellsep \\ Integration\tabcellsep \multicolumn{3}{l}{Contractor does not have the technical}\end{longtable} \par \caption{\label{tab_2}Table 2 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{3} \par \begin{longtable}{P{0.2462962962962963\textwidth}P{0.5537037037037037\textwidth}P{0.03148148148148148\textwidth}P{0.012962962962962963\textwidth}P{0.005555555555555556\textwidth}} For this\tabcellsep \tabcellsep Risks\tabcellsep \\ potential\tabcellsep \tabcellsep \tabcellsep \\ kinds of\tabcellsep \tabcellsep \tabcellsep \\ Risks are:\tabcellsep \tabcellsep \tabcellsep \\ Acquisition\tabcellsep \multicolumn{3}{l}{During evaluation time, alternative}\\ Alternatives\tabcellsep \multicolumn{4}{l}{methods of acquiring COTS products}\\ Risks\tabcellsep \multicolumn{2}{l}{are not evaluated}\tabcellsep \\ Vendor\tabcellsep \multicolumn{3}{l}{Sometimes, the vendor of COTS}\\ Reliability\tabcellsep \multicolumn{4}{l}{product is financially weak or unstable}\\ Risks\tabcellsep \multicolumn{2}{l}{\& poor support.}\tabcellsep \\ Cost and\tabcellsep \multicolumn{4}{l}{The cost and schedule estimates are}\\ Schedule\tabcellsep \multicolumn{4}{l}{not considered during acquiring the}\\ Completeness:\tabcellsep \multicolumn{2}{l}{COTS-based system.}\tabcellsep \\ \multicolumn{2}{l}{Business Skills The}\tabcellsep relationship\tabcellsep between\tabcellsep the\\ \tabcellsep \multicolumn{4}{l}{contractor and vendor contractor are}\\ \tabcellsep weak.\tabcellsep \tabcellsep \end{longtable} \par \caption{\label{tab_3}Table 3 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{4} \par \begin{longtable}{P{0.08185185185185186\textwidth}P{0.05037037037037037\textwidth}P{0.6195555555555555\textwidth}P{0.012592592592592593\textwidth}P{0.034\textwidth}P{0.01385185185185185\textwidth}P{0.03777777777777778\textwidth}} COTS\tabcellsep Risk Id\tabcellsep \multicolumn{4}{l}{Risk in Selection Phase}\tabcellsep Risk Score\\ Driver/Factor\tabcellsep \tabcellsep \tabcellsep \tabcellsep \\ Behaviour Factors\tabcellsep RS1\tabcellsep \multicolumn{4}{l}{Unavailability of source}\tabcellsep 124\\ \tabcellsep \tabcellsep code\tabcellsep \tabcellsep \\ \tabcellsep RS2\tabcellsep \multicolumn{4}{l}{Organizations have very}\tabcellsep 108\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{limited access to product's}\\ \tabcellsep \tabcellsep \multicolumn{2}{l}{internal design.}\tabcellsep \\ \tabcellsep RS 3\tabcellsep \multicolumn{4}{l}{The Quality level of a}\tabcellsep 118\\ \tabcellsep \tabcellsep \multicolumn{3}{l}{component is unknown.}\\ \tabcellsep RS 4\tabcellsep During\tabcellsep \tabcellsep \multicolumn{2}{l}{evaluation,}\tabcellsep 126\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{developers have limited}\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{chance to verify COTS}\\ \tabcellsep \tabcellsep behaviour.\tabcellsep \tabcellsep \\ Functionality\tabcellsep RS 5\tabcellsep \multicolumn{4}{l}{Requirement of the user and}\tabcellsep 174\\ Factors\tabcellsep \tabcellsep component\tabcellsep \tabcellsep \multicolumn{2}{l}{architecture}\\ \tabcellsep \tabcellsep \multicolumn{2}{l}{does not match.}\tabcellsep \\ \tabcellsep RS6\tabcellsep \multicolumn{2}{l}{Architecture}\tabcellsep of\tabcellsep the\tabcellsep 113\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{component is not analyzed}\\ \tabcellsep \tabcellsep according\tabcellsep \tabcellsep to\tabcellsep the\\ \tabcellsep \tabcellsep \multicolumn{2}{l}{functionality.}\tabcellsep \\ \tabcellsep RS 7\tabcellsep \multicolumn{4}{l}{Difficult for requirement}\tabcellsep 86\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{engineers to select among}\\ \tabcellsep \tabcellsep different\tabcellsep \multicolumn{2}{l}{techniques}\tabcellsep of\\ \tabcellsep \tabcellsep selection.\tabcellsep \tabcellsep \\ \tabcellsep RS 8\tabcellsep \multicolumn{3}{l}{Lack of market survey.}\tabcellsep 207\\ Cost Factor\tabcellsep RS 9\tabcellsep \multicolumn{4}{l}{Required COTS is found}\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{costly as compared to in-}\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{house Development cost.}\end{longtable} \par {\small\itshape [Note: 69Analysis of Risk Score]} \caption{\label{tab_5}Table 4 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{5} \par \begin{longtable}{P{0.1694620253164557\textwidth}P{0.12104430379746836\textwidth}P{0.45189873417721516\textwidth}P{0.005379746835443038\textwidth}P{0.043037974683544304\textwidth}P{0.021518987341772152\textwidth}P{0.037658227848101265\textwidth}} Risk Driver/\tabcellsep \multicolumn{5}{l}{Risk Id Risks in Integration}\tabcellsep Risk\\ Factors\tabcellsep \tabcellsep Phase\tabcellsep \tabcellsep \tabcellsep Score\\ Cost Factors\tabcellsep RINT1\tabcellsep \multicolumn{3}{l}{Underestimate}\tabcellsep the\tabcellsep 122\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{development time and}\\ \tabcellsep \tabcellsep cost\tabcellsep \tabcellsep \\ \tabcellsep RINT2\tabcellsep \multicolumn{4}{l}{The cost is too much to}\tabcellsep 83\\ \tabcellsep \tabcellsep \multicolumn{4}{l}{configure the components}\\ \tabcellsep RINT3\tabcellsep \multicolumn{2}{l}{Immature}\tabcellsep \multicolumn{2}{l}{COTS}\tabcellsep 91\\ \tabcellsep \tabcellsep \multicolumn{2}{l}{components.}\tabcellsep \\ \tabcellsep RINT4\tabcellsep Lack\tabcellsep of\tabcellsep \multicolumn{2}{l}{requirement}\tabcellsep 211\\ \tabcellsep \tabcellsep \multicolumn{3}{l}{configurations.}\\ \tabcellsep RINT5\tabcellsep \multicolumn{3}{l}{Lack of cost control.}\tabcellsep 112\\ Size Factors\tabcellsep RINT5\tabcellsep \multicolumn{4}{l}{Difficult to predict the size}\tabcellsep 132\\ \tabcellsep \tabcellsep \multicolumn{3}{l}{of components.}\\ Personnel\tabcellsep RINT6\tabcellsep \multicolumn{3}{l}{Lack of knowledge.}\tabcellsep 73\\ shortfall factors\tabcellsep \tabcellsep \tabcellsep \tabcellsep \\ \tabcellsep RINT7\tabcellsep \multicolumn{4}{l}{Lack of interoperability}\tabcellsep 146\\ \tabcellsep \tabcellsep \multicolumn{2}{l}{standard.}\tabcellsep \\ \tabcellsep RINT8\tabcellsep Lack\tabcellsep of\tabcellsep \multicolumn{2}{l}{integrator}\tabcellsep 150\\ \tabcellsep \tabcellsep \multicolumn{2}{l}{personnel.}\tabcellsep \\ Security\tabcellsep RINT9\tabcellsep \multicolumn{3}{l}{Vulnerability risks.}\tabcellsep 140\\ factors\tabcellsep \tabcellsep \tabcellsep \tabcellsep \\ Functionality\tabcellsep RINT10\tabcellsep \multicolumn{4}{l}{Unavailability of source}\tabcellsep 137\\ Factors\tabcellsep \tabcellsep code.\tabcellsep \tabcellsep \\ \tabcellsep RINT11\tabcellsep \multicolumn{2}{l}{Components}\tabcellsep \multicolumn{2}{l}{are not}\tabcellsep 86\\ \tabcellsep \tabcellsep \multicolumn{3}{l}{platform independent.}\\ Analysis of Risk Score\tabcellsep \tabcellsep \tabcellsep \tabcellsep \end{longtable} \par \caption{\label{tab_6}Table 5 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{7} \par \begin{longtable}{P{0.18385579937304075\textwidth}P{0.05329153605015673\textwidth}P{0.538244514106583\textwidth}P{0.0053291536050156735\textwidth}P{0.03197492163009404\textwidth}P{0.037304075235109715\textwidth}} \tabcellsep \tabcellsep Phase\tabcellsep \tabcellsep \tabcellsep \\ Functionality\tabcellsep RI 1\tabcellsep Unclear\tabcellsep \tabcellsep design\tabcellsep 139\\ Factors\tabcellsep \tabcellsep \multicolumn{2}{l}{assumptions.}\tabcellsep \tabcellsep \\ Usability\tabcellsep RI 2\tabcellsep \multicolumn{3}{l}{Users cannot retrieve}\tabcellsep 97\\ Factors\tabcellsep \tabcellsep \multicolumn{3}{l}{relevant \& needed}\tabcellsep \\ \tabcellsep \tabcellsep \multicolumn{2}{l}{information.}\tabcellsep \tabcellsep \\ Security\tabcellsep RI 3\tabcellsep \multicolumn{3}{l}{System can be used in}\tabcellsep 132\\ Factors\tabcellsep \tabcellsep \multicolumn{2}{l}{unintended way.}\tabcellsep \tabcellsep \\ \tabcellsep RI 4\tabcellsep \multicolumn{3}{l}{Increase in vulnerability}\tabcellsep 160\\ \tabcellsep \tabcellsep \multicolumn{3}{l}{attack by integrating}\tabcellsep \\ \tabcellsep \tabcellsep \multicolumn{3}{l}{components with one}\tabcellsep \\ \tabcellsep \tabcellsep another.\tabcellsep \tabcellsep \tabcellsep \\ Performance\tabcellsep RI 5\tabcellsep Effect\tabcellsep on\tabcellsep system\tabcellsep 114\\ Factors\tabcellsep \tabcellsep \multicolumn{2}{l}{performance.}\tabcellsep \tabcellsep \end{longtable} \par \caption{\label{tab_7}Table 7 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{8} \par \begin{longtable}{P{0.7126923076923077\textwidth}P{0.13730769230769233\textwidth}} Total impact of risk\tabcellsep \\ CBSD phase\tabcellsep Total Risk\\ Risk in Selection phase\tabcellsep 1098\\ Risk in Implementation Phase\tabcellsep 1481\\ Risk in Implementation Phase\tabcellsep 642\end{longtable} \par \caption{\label{tab_8}Table 8 :}\end{figure} \begin{figure}[htbp] \noindent\textbf{} \par \begin{longtable}{P{0.13943217665615143\textwidth}P{0.7105678233438486\textwidth}} 44 Year 2014 Volume XIV Issue II Version I\tabcellsep 4. 11. A developer should use open Standard technologies that are freely distributed among different data models or software infrastructure\\ ( D D D D ) c\tabcellsep which provide basis for communication and enable consistency among different COTS\\ Global Journal of Computer Science and Technology\tabcellsep components [6]. 12. A proper estimation of time and cost should be estimated, before integrating COTS Components. 13. All drivers should be considered before measuring component behaviour. For ex, ACIEP-used for COTS Integrator Experience with the product, ACIPC -used for COTS Integrator Personnel Capability.\end{longtable} \par \caption{\label{tab_9}}\end{figure} \footnote{© 2014 Global Journals Inc. (US)} \backmatter \begin{bibitemlist}{1} \bibitem[Everett Tollerson et al.]{b2}\label{b2} ‘Conceptual Model for Integration of COTS Components’. James Everett Tollerson , M Hisham , Haddad . \textit{Department of Computer science \&IT}, p. . \bibitem[Kaur and Goel]{b3}\label{b3} \textit{Designing of RIMCOTS model for Risk identification and mitigation for COTS-based Software Development}, Amandeep Kaur , \& Shivani Goel . Research Journal of Computer Systems Engineering-an International Journal \bibitem[Amber et al.]{b4}\label{b4} ‘Determination of Risk During Requirement Engineering Process’. Saima Amber , Narmeen Shawoo \& Saira , Begum . \textit{Journal of Emerging Trends in Computing and Information Sciences}, p. . \bibitem[Failure Effect Mode Analysis (FMEA)]{b6}\label{b6} \textit{Failure Effect Mode Analysis (FMEA)}, (in Institute for healthcare Improvements) \bibitem[Arora and Kaur ()]{b5}\label{b5} ‘Improving COTSbased Software Development Process by Identification and Mitigation of Component Risks’. Palak Arora , Amandeep Kaur . \textit{International Journal of Advanced Research in Computer Science and Software Engineering} 2013. p. . \bibitem[Dr et al. ()]{b0}\label{b0} ‘Requirements Engineering Challenges in Development of Software Applications and selection of Customer-off-The-Shelf (COTS) components’. Dr , Mahrukh Asghar , Umar . \textit{International Journal of Software Engineering(IJSE)} 2010. p. . \bibitem[Risk Management Guide for DOD Acquisition OUSD (AT&L) Systems and Software Engineering/Enterprise Development]{b1}\label{b1} ‘Risk Management Guide for DOD Acquisition’. \textit{OUSD (AT\&L) Systems and Software Engineering/Enterprise Development}, \end{bibitemlist} \end{document}