Software Engineering Institute

The COTS Usage Risk Evaluation (CURE) assumes that an organization is at some stage of acquiring a COTS-based software system, to be created under contract by another organization. In the most familiar scenario, the former organization would be some part of the Federal Government and the latter some large industrial contractor. However, there is no assumption that the acquiring organization is necessarily a Government agency: the questionnaire is equally applicable to any acquiring organization. Ideally, both the acquiring and the contracting organizations will participate in separate evaluations, and a program-wide result will be obtained. However, this is not absolutely necessary.

This document is intended for those personnel participating in the COTS Usage Risk Evaluation (CURE). It provides an overview of the three steps of CURE that involve participation by the program's team members. For each step, both the activity and the personnel expected to perform it are discussed. Finally, it is assumed that the decision to perform CURE has already been made, thus no rationale for a program's participation in the CURE is provided.