Final answer:
Asymmetric risk in a cooperative relationship between a software development firm and a quality assurance lab with inadequate skills represents a significant challenge, similar to choosing between Plan A and Plan B when facing potential threats as per Figure 20.1. The lack of quality assurance capability poses a risk equivalent to ignoring a catastrophic threat, emphasizing the need for a conservative approach to manage opportunistic behavior.
Step-by-step explanation:
Cooperative relationships between a software development firm and a quality assurance lab, where the lab lacks the necessary skills to ensure there are no security gaps in the software, is an example of asymmetric risk. Asymmetric risk arises when one party in a partnership has less information or capability than the other, which can lead to significant negative consequences if not properly managed. As outlined in Figure 20.1, facing a potential devastating threat, the choice between Plan A, a natural response when the threat is not believed to be real, and Plan B, which aims to mitigate the threat, represents a strategic decision based on assessing such risks.
In software development, not addressing the threat of security gaps due to insufficient quality assurance can be catastrophic, similar to ignoring the threat as described by Plan A. Conversely, investing in better quality assurance or even over-preparing when the threat is minor or nonexistent, akin to Plan B, is not ideal but is less damaging. This scenario underscores the importance of making informed decisions, balancing between being conservative in approach and understanding the potential opportunistic behavior that can arise from asymmetric risk situations.