Issue No. 06 - June (1998 vol. 31)
In this interview, safety-critical systems expert John McDermid explores the sources of risk and the extra analysis work they require. In some cases, he says, this extra effort may erode attractive initial development costs in critical applications. McDermid describes why an application's characteristics are the major influences on the choice of whether to choose COTS or custom. For stringent applications-those that demand high integrity, reliability, and availability- the cost of creating a suitable assurance or safety argument may be prohibitive, or even impossible if there is insufficient access to the COTS software's design rationale. On the other hand, applications that emphasize flexibility may find that real-time kernels, which change relatively little and have seen extensive use, may be more robust than bespoke solutions. Hard data that would clarify the trade-offs between custom versus COTS solutions is still not available. McDermid states that more experience is needed to determine the relative costs of each solution. The observations should be made of a long-term development cycle that includes multiple upgrades and maintenance problems. Meanwhile, he states, the best strategies for those contemplating COTS use are to identify and plan for both project and COTS-specific risks and look beyond the initial development cost to the lifetime support of the product. Those who fail to do so may end up paying more than the COTS solution is worth.
N. Talbert, "The Cost of COTS," in Computer, vol. 31, no. , pp. 46-52, 1998.