An integrated risk measurement and optimization model for trustworthy software process management

The growing demand for higher trustworthiness of software poses an unprecedented challenge to the software industry. Risk management is the important part for high quality software development processes. However, under the constraints of project cost and duration, it is very difficult to establish the budget for risk management. To integrate efficient risk management and pure software process is the goal of this paper. We propose a software process model with risk management and cost control modules to help improve software process risk management. Furthermore, based on this process model, a measurement model that includes process risk and software trustworthiness metrics is presented. Through risk management effectiveness calculation methods and risk transfer assumptions, a software process risk optimization model is proposed. This model can be used to derive an optimized risk management scheme for the process of trustworthy software development, with constraints of process cost and duration. Simulation cases are then analyzed by this model framework. The results show that risk management is critical to enhance trustworthiness but risk management is an effective complement, rather than the most fundamental process, to enhance the trustworthiness of software. Software developers should adopt appropriate and optimal strategies about risk management inputs, especially in lower CMMI level companies.

[1]  AhnGail-Joon,et al.  Establishing trustworthiness in services of the critical infrastructure through certification and accreditation , 2005 .

[2]  Miroslaw Staron,et al.  A framework for developing measurement systems and its industrial evaluation , 2009, Inf. Softw. Technol..

[3]  Honggang Wang,et al.  User preferences based software defect detection algorithms selection using MCDM , 2012, Inf. Sci..

[4]  Robin A. Gandhi,et al.  Establishing trustworthiness in services of the critical infrastructure through certification and accreditation , 2005, ACM SIGSOFT Softw. Eng. Notes.

[5]  Luigi Portinale,et al.  Bayesian networks in reliability , 2007, Reliab. Eng. Syst. Saf..

[6]  Larry Bernstein Trustworthy software systems , 2005, SOEN.

[7]  C. V. Ramamoorthy,et al.  Using influence diagrams for software risk analysis , 1995, Proceedings of 7th IEEE International Conference on Tools with Artificial Intelligence.

[8]  William Marsh,et al.  Predicting software defects in varying development lifecycles using Bayesian nets , 2007, Inf. Softw. Technol..

[9]  James Bret Michael,et al.  Proceedings of the Center for National Software Studies Workshop on Trustworthy Software , 2004 .

[10]  Sajjad Mahmood,et al.  A survey of component based system quality assurance and assessment , 2005, Inf. Softw. Technol..

[11]  William Marsh,et al.  Making resource decisions for software projects , 2004, Proceedings. 26th International Conference on Software Engineering.

[12]  Finn V. Jensen,et al.  Bayesian Networks and Decision Graphs , 2001, Statistics for Engineering and Information Science.

[13]  Norman E. Fenton,et al.  Modeling dependable systems using hybrid Bayesian networks , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[14]  S.T. Redwine,et al.  Processes for producing secure software , 2004, IEEE Security & Privacy Magazine.

[15]  Sung-Kwun Oh,et al.  The design of polynomial function-based neural network predictors for detection of software defects , 2013, Inf. Sci..

[16]  Da Ruan,et al.  Choquet integral based aggregation approach to software development risk assessment , 2010, Inf. Sci..

[17]  Ana Cristina Vieira de Melo,et al.  Software maintenance project delays prediction using Bayesian Networks , 2008, Expert Syst. Appl..

[18]  Ye Yang,et al.  Process Trustworthiness as a Capability Indicator for Measuring and Improving Software Trustworthiness , 2009, ICSP.

[19]  Huey-Ming Lee,et al.  A new algorithm for applying fuzzy set theory to evaluate the rate of aggregative risk in software development , 2003, Inf. Sci..

[20]  Radford M. Neal Probabilistic Inference Using Markov Chain Monte Carlo Methods , 2011 .

[21]  Dengsheng Wu,et al.  A Multi-criteria Risk Optimization Model for Trustworthy Software Process Management , 2009 .

[22]  Judea Pearl,et al.  Bayesian Networks , 1998, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[23]  Judea Pearl,et al.  Influence Diagrams - Historical and Personal Perspectives , 2005, Decis. Anal..

[24]  Norman E. Fenton,et al.  Improved reliability modeling using Bayesian networks and dynamic discretization , 2010, Reliab. Eng. Syst. Saf..

[25]  Bjørn Axel Gran Assessment of programmable systems using Bayesian belief nets , 2002 .

[26]  Anasis Majumdar,et al.  Capability Maturity Model Integration (CMMI) , 2011 .

[27]  Lukasz Radlinski,et al.  Software Project and Quality Modelling Using Bayesian Networks , 2010 .

[28]  Vitoantonio Bevilacqua,et al.  Bayesian Gene Regulatory Network Inference Optimization by means of Genetic Algorithms , 2009, J. Univers. Comput. Sci..

[29]  Huey-Ming Lee,et al.  Applying fuzzy set theory to evaluate the rate of aggregative risk in software development , 1996, Fuzzy Sets Syst..

[30]  Walter F. Tichy,et al.  Proceedings 25th International Conference on Software Engineering , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[31]  Mario Piattini,et al.  Managing software process measurement: A metamodel-based approach , 2007, Inf. Sci..

[32]  D. Vose Risk Analysis: A Quantitative Guide , 2000 .

[33]  Paul L. Bannerman,et al.  Risk and risk management in software projects: A reassessment , 2008, J. Syst. Softw..

[34]  Tong-Seng Quah,et al.  Estimating software readiness using predictive models , 2009, Inf. Sci..

[35]  Wilhelm Hasselbring,et al.  Toward trustworthy software systems , 2006, Computer.

[36]  Jianping Li,et al.  Risk Management in the Trustworthy Software Process: A Novel Risk and Trustworthiness Measurement Model Framework , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[37]  Desheng Dash Wu,et al.  A non-functional requirements tradeoff model in Trustworthy Software , 2012, Inf. Sci..

[38]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[39]  James J. Jiang,et al.  A Measure of Software Development Risk , 2002 .

[40]  John McLean Trustworthy Software: Why we need it, Why we don't have it, How we can get it , 2006, COMPSAC.

[41]  Wilhelm Hasselbring,et al.  Trustworthy software systems: a discussion of basic concepts and terminology , 2006, SOEN.

[42]  Barry W. Boehm,et al.  The Future of Software Processes , 2005, ISPW.

[43]  K. Saleh,et al.  The Security Requirements Behavior Model for Trustworthy Software , 2008, 2008 International MCETECH Conference on e-Technologies (mcetech 2008).

[44]  J. Ramalho-Santos,et al.  Cronbach's alpha: a tool for assessing the reliability of scales , 1999 .

[45]  Zhengxin Chen,et al.  Multiple criteria mathematical programming for multi-class classification and application in network intrusion detection , 2009, Inf. Sci..

[46]  N. Fenton,et al.  Project Data Incorporating Qualitative Factors for Improved Software Defect Prediction , 2007, Third International Workshop on Predictor Models in Software Engineering (PROMISE'07: ICSE Workshops 2007).

[47]  Norman E. Fenton,et al.  Software metrics: roadmap , 2000, ICSE '00.

[48]  Barry W. Boehm,et al.  How Much Software Quality Investment Is Enough: A Value-Based Approach , 2006, IEEE Software.

[49]  Peter Duchessi,et al.  A methodology for developing Bayesian networks: An application to information technology (IT) implementation , 2007, Eur. J. Oper. Res..