Analisa Risiko Proyek Pengembangan Software Pada CV. XYZ

Nicolas Adriaan Apriatono(1*), Adi Wibowo(2), Ibnu Gunawan(3),

(1) Program Studi Teknik Informatika
(2) Program Studi Teknik Informatika
(3) Program Studi Teknik Informatika
(*) Corresponding Author


CV.XYZ is a small size company that works on software engineering.The worker in this company is not many, between 5 – 8 people only. The problem in this company is there are no identification of risks that can happen.

 The examples of the problems are the clients suddenly request some features for their software, no milestone on the project, no data about clients’ system and no monitoring on the ongoing projects. These things can hold back the company’s performance. Thus, risk analysis is needed for analyzing risk faktors that can disturb software development.

In this thesis, identification on how the company works is performed, analysing for any existing risk and response for those risks. The risk assessment process is done based on NIST 800-30 that explains about ten steps of risk assessment, determining risks based on ISO 29110 about how to create software on a company that works in software engineering with less than 25 workers in it, and OWASP Risk Rating Methodology about determining the value of every risk based on certain criterias. OWASP is used as guidelines for determining weight of each risks that has been found using ISO 29110. Based on analysis, those methods used are useful for searching and responding existing risks. Result shows 1 high risk, 2 medium risks and 19 low risks. For high risk there  is no risk identification on the company that makes the company does not know what risk can impact them. The response is avoid by doing risk identification.


Software Risk Analysis; ISO 29110; OWAS; NIST 800-30; Software Engineering Project

Full Text:



Chrisdiyanto, I. 2013. IT Risk Assesment Di Perpustakaan Universitas Kristen Petra. Surabaya : Universitas Kristen Petra.

Creswell, J. 2014. Research Design Fourth Edition. USA : SAGE Publications, Inc.

Garbarino, S. dan Holland, J. 2009. Quantitative and Qualitative Methods in Impact Evaluation and Measuring Result. UK : GSDRC.

ISO. 2012. Software Engineering Lifecycle Profiles for Very Small Entities (VSE). Switzerland : ISO.

OWASP Foundation. 2014. OWASP Risk Rating Methodology.URI:

Rizky, S. 2011. Konsep Dasar Rekayasa Perangkat Lunak. Jakarta : Prestasi Pustaka.


  • There are currently no refbacks.

Jurnal telah terindeks oleh :