Risks are intrinsic part of any software project.Most software projects face severe risk during the development process, but some finds minor risks. Vulnerabilities of these risks are threat to a quality of a software product. One of the main causes that may lead to failure of the project is negligence to perform risk assessment due to lack of knowledge about risk factors. The objective of this paper is to identify, classify and assess the risks that may cause negative impact to software project. We first analyze the root cause which may lead to
terrible risk. Then we classified and prioritized the risks according to their nature. For this purpose, Fishbone Analysis is used. To find out risk factors probability and severity we have done questionnaire-based survey and interviews from various organizations. We collect data from different organization and perform Quantitative and Qualitative Risk Assessment. Through this assessment we find likelihood, severity and Risk Exposure (r). Finally, some future direction is discussed to control overall risk factors.