Determining how much software assurance is enough?

A classical problem facing many software projects is to determine when to stop testing and release the product for use. Risk analyses address such "how much is enough?" questions, by balancing the risk exposure of doing too little with the risk exposure of doing too much. However, it's difficult to quantify the relative probabilities and sizes of loss in order to provide practical approaches for determining a risk-balanced "sweet spot" operating point.In this paper, we provide a quantitative approach based on the COCOMO II cost estimation model, the COQUALMO quality estimation model and the Value Estimating Relationships.

[1]  Barry Boehm,et al.  Characteristics of software quality , 1978 .

[2]  Somesh Jha,et al.  Software Design as an Investment Activity: A Real Options Perspective , 1998 .

[3]  Ellis Horowitz,et al.  Software Cost Estimation with COCOMO II , 2000 .

[4]  Donald J. Reifer,et al.  Making the Software Business Case , 2001 .

[5]  Brian Randell,et al.  Fundamental Concepts of Computer System Dependability , 2001 .

[6]  M. Shaw,et al.  Software Risk Management and Insurance , 2001 .

[7]  M. Shaw,et al.  The Potential for Synergy Between Certification and Insurance , 2002 .

[8]  Laurie A. Williams,et al.  Pair Programming Illuminated , 2002 .

[9]  Neil Thompson,et al.  Risk Based E-Business Testing , 2002 .

[10]  Ian Thomas,et al.  Business-Driven Product Planning Using Feature Vectors and Increments , 2002, IEEE Softw..

[11]  Barry Boehm,et al.  Using the Spiral Model and MBASE to Generate New Acquisition Process Models: SAIV, CAIV, and SCQAIV , 2002 .

[12]  Shawn A. Butler Security attribute evaluation method: a cost-benefit approach , 2002, ICSE '02.

[13]  Barry W. Boehm Value-based software engineering: reinventing , 2003, SOEN.

[14]  Barry W. Boehm,et al.  Value-Based Software Engineering: A Case Study , 2003, Computer.

[15]  Barry Boehm,et al.  Determining Software Quality Using COQUALMO , 2003 .

[16]  David A. Bader,et al.  A Framework for Measuring Supercomputer Productivity , 2004, Int. J. High Perform. Comput. Appl..

[17]  Barry W. Boehm,et al.  The ROI of software dependability: The iDAVE model , 2004, IEEE Software.

[18]  Stefan Biffl,et al.  Value-Based Management of Software Testing , 2006, Value-Based Software Engineering.