To end this chapter, here are a few easy-to-remember metrics and rules of thumb. As is the case with every design metric, you should use them as guidelines. A violation of the metrics is a red flag, and you should always investigate its cause.
Keep risk between 0.3 and 0.75. Your project should never have extreme risk values. Obviously, a risk value of 0 or 1.0 is nonsensical. The risk should not be too low: Since the criticality risk model cannot go below 0.25, you can round the lower possible limit of 0.25 up to 0.3 as the lower bound for any project. When compressing the project, long before the risk gets to 1.0 (a fully critical project), you should stop compressing. Even a risk value of 0.9 or 0.85 is still high. If the bottom quarter of 0 to 0.25 is disallowed, then for symmetry’s sake you should avoid the top quarter of risk values between 0.75 and 1.0.
Decompress to 0.5. The ideal decompression target is a risk of 0.5, as it targets the tipping point in the risk curve.
Do not over-decompress. As discussed, decompression beyond the decompression target has dismissing returns, and over-decompression increases the risk.
Keep normal solutions under 0.7. While elevated risk may be the price you pay for a compressed solution, it is inadvisable for a normal solution. Returning to the symmetry argument, if risk of 0.3 is the lower bound for all solutions, then risk of 0.7 is the upper bound for a normal solution. You should always decompress high-risk normal solutions.
You should make both risk modeling and risk metrics part of your project design. Constantly measure the risk to see where you are and where you are heading.