A lightweight approach to technical risk estimation via probabilistic impact analysis

An evolutionary development approach is increasingly commonplace in industry but presents increased difficulties in risk management, for both technical and organizational reasons. In this context, technical risk is the product of the probability of a technical event and the cost of that event. This paper presents a technique for more objectively assessing and communicating technical risk in an evolutionary development setting that (1) operates atop weakly-estimated knowledge of the changes to be made, (2) analyzes the past change history and current structure of a system to estimate the probability of change propagation, and (3) can be discussed vertically within an organization both with development staff and high-level management. A tool realizing this technique has been developed for the Eclipse IDE.

[1]  D HerbslebJames,et al.  Two case studies of open source software development , 2002 .

[2]  Kalle Lyytinen,et al.  Components of Software Development Risk: How to Address Them? A Project Manager Survey , 2000, IEEE Trans. Software Eng..

[3]  R. N. Anantharaman,et al.  Development of an instrument to measure stress among software professionals: factor analytic study , 2003, SIGMIS CPR '03.

[4]  Gail C. Murphy,et al.  Predicting source code changes by mining change history , 2004, IEEE Transactions on Software Engineering.

[5]  Leon Moonen Lightweight impact analysis using island grammars , 2002, Proceedings 10th International Workshop on Program Comprehension.

[6]  Günther Ruhe,et al.  Software release planning for evolving systems , 2005, Innovations in Systems and Software Engineering.

[7]  Yacov Y. Haimes,et al.  Assessment and Management of Software Technical Risk , 1994, IEEE Trans. Syst. Man Cybern. Syst..

[8]  Malcolm Munro,et al.  An early impact analysis technique for software maintenance , 1994, J. Softw. Maintenance Res. Pract..

[9]  Alexander Chatzigeorgiou,et al.  Predicting the probability of change in object-oriented systems , 2005, IEEE Transactions on Software Engineering.

[10]  Jyrki Kontio,et al.  Experiences in improving risk management processes using the concepts of the Riskit method , 1998, SIGSOFT '98/FSE-6.

[11]  J. Herbsleb,et al.  Two case studies of open source software development: Apache and Mozilla , 2002, TSEM.

[12]  Herman Fischer Computer system simulation of an on-line interactive command and control system , 1971, WSC '71.

[13]  S.A. Bohner,et al.  Software change impacts-an evolving perspective , 2002, International Conference on Software Maintenance, 2002. Proceedings..

[14]  Meir M. Lehman,et al.  A Model of Large Program Development , 1976, IBM Syst. J..

[15]  David Notkin,et al.  Software reflexion models: bridging the gap between source and high-level models , 1995, SIGSOFT FSE.

[16]  Bruce I. Blum Three paradigms for developing information systems , 1984, ICSE '84.

[17]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1988, SIGP.

[18]  Norman F. Schneidewind Predicting Risk as a Function of Risk Factors , 2005, SEW.

[19]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[20]  Joseph P. Loyall,et al.  Using dependence analysis to support the software maintenance process , 1993, 1993 Conference on Software Maintenance.

[21]  Edsger W. Dijkstra,et al.  A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[22]  Donald B. Johnson,et al.  Efficient Algorithms for Shortest Paths in Sparse Networks , 1977, J. ACM.

[23]  Andreas Zeller,et al.  Mining version histories to guide software changes , 2005, Proceedings. 26th International Conference on Software Engineering.

[24]  Timothy C. Winkler,et al.  Approximate Reasoning About the Semantic Effects of Program Changes , 1990, IEEE Trans. Software Eng..

[25]  Harald C. Gall,et al.  Populating a Release History Database from version control and bug tracking systems , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[26]  Susan A. Sherer,et al.  The three dimensions of software risk: technical, organizational, and environmental , 1995, Proceedings of the Twenty-Eighth Annual Hawaii International Conference on System Sciences.

[27]  Lori A. Clarke,et al.  A Formal Model of Program Dependences and Its Implications for Software Testing, Debugging, and Maintenance , 1990, IEEE Trans. Software Eng..

[28]  Donald E. Neumann An Enhanced Neural Network Technique for Software Risk Analysis , 2002, IEEE Trans. Software Eng..

[29]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[30]  David Notkin,et al.  Lightweight lexical source model extraction , 1996, TSEM.

[31]  Amrit Tiwana,et al.  The one-minute risk assessment tool , 2004, CACM.

[32]  Des Greer,et al.  Quantitative studies in software release planning under risk and resource constraints , 2003, 2003 International Symposium on Empirical Software Engineering, 2003. ISESE 2003. Proceedings..

[33]  Audris Mockus,et al.  Predicting risk of software changes , 2000, Bell Labs Technical Journal.

[34]  Michael W. Godfrey,et al.  Using origin analysis to detect merging and splitting of source code entities , 2005, IEEE Transactions on Software Engineering.

[35]  Andreas Zeller,et al.  Mining metrics to predict component failures , 2006, ICSE.

[36]  Andreas Zeller,et al.  When do changes induce fixes? , 2005, ACM SIGSOFT Softw. Eng. Notes.

[37]  Keith Brian Gallagher,et al.  Improving visual impact analysis , 1998, Proceedings. International Conference on Software Maintenance (Cat. No. 98CB36272).