Clarification risks and NFRs

Hello fellow ranchers,

I would want to confirm my understanding is correct which is,

If scalability, Security, performance and availability are already clearly mentioned as NFRs in the assignment, then they should not appear in risk list any more.

Am I right in assuming this?

Look forward to hear your views,

Regards,
VJ

I disagree. Just because something is a requirement doesn't mean it's not a risk. I personally feel Security is almost always the biggest risk on an external facing project, just look at the recent trouble Sony had.

Thanks Will. I still have security in my risk list. What about scalability and performance?

I had all of them in list earlier, but removed them cos I got a feeling that if design and architecture address these issues enough, aren't the risks automatically mitigated or there aren't risks existing anymore to do with scalability and performance.

Over to you..and any other takers ..

Cheers

Any more comments about NFRs and risks.

I know software design is all subjective and revolves around how one interprets requirements.

But this one is more of pleasing the evaluator and getting to guess how he will think.

I would appreciate if some SCEA looks at this question.