A Bayesian Networks-Based Risk Identification Approach for Software Process Risk: The Context of Chinese Trustworthy Software

For all of the many advantages and enormous benefits that information technology has brought to us, it has subjected to increasing risks that need enough attention. Bayesian network (BN) is an important probabilistic inference approach to support reasoning under uncertainty. This paper describes how BN is applied to quantify the occurrence probability of software process risk factors and the influence strength among the process risk factors in the context of Chinese trustworthy software. The information of 52 factors was obtained through a questionnaire survey of 93 project managers in five high Capability Maturity Model Integration (CMMI) level software companies. The focus of this paper is to present the key risk checklist and good timing for process risk control to improve software process risk management. Special effort has been put on the description of the experimental study, which provides the top 20 key risk factors in software process and critical software sub-processes for process risk management. The findings can provide the key risk checklist to software risk manager for risk identification and decision-making in process risk management. This is a general approach and, as such, it can be applied to a certain software project or some software enterprises with updated data.

[1]  Xue-hai Yuan,et al.  A Fuzzy Trustworthiness System with Probability Presentation Based on Center-of-gravity Method , 2015 .

[2]  Honggang Wang,et al.  Empirical Evaluation of Classifiers for Software Risk Management , 2009, Int. J. Inf. Technol. Decis. Mak..

[3]  Yongtae Park,et al.  Large engineering project risk management using a Bayesian belief network , 2009, Expert Syst. Appl..

[4]  Sun-Jen Huang,et al.  An empirical analysis of risk components and performance on software projects , 2007, J. Syst. Softw..

[5]  Cunbin Li,et al.  A Method of Power Supply Mode Selection for Urban Distribution Network Planning Based on Association Rules , 2015 .

[6]  Carmen Lacave,et al.  A review of explanation methods for Bayesian networks , 2002, The Knowledge Engineering Review.

[7]  Peter Duchessi,et al.  A methodology for developing Bayesian networks: An application to information technology (IT) implementation , 2007, Eur. J. Oper. Res..

[8]  Yong Hu,et al.  Software project risk analysis using Bayesian networks with causality constraints , 2013, Decis. Support Syst..

[9]  Norman E. Fenton,et al.  Decision Support Software for Probabilistic Risk Assessment Using Bayesian Networks , 2014, IEEE Software.

[10]  William Marsh,et al.  Predicting software defects in varying development lifecycles using Bayesian nets , 2007, Inf. Softw. Technol..

[11]  Gang Kou,et al.  Data mining for software trustworthiness , 2012, Inf. Sci..

[12]  Donald E. Neumann An Enhanced Neural Network Technique for Software Risk Analysis , 2002, IEEE Trans. Software Eng..

[13]  Jianping Li,et al.  An integrated risk measurement and optimization model for trustworthy software process management , 2012, Inf. Sci..

[14]  Miroslaw Staron,et al.  A framework for developing measurement systems and its industrial evaluation , 2009, Inf. Softw. Technol..

[15]  Shan Liu,et al.  Understanding the impact of risks on performance in internal and outsourced information technology projects: The role of strategic importance , 2014 .

[16]  Larry Bernstein Trustworthy software systems , 2005, SOEN.

[17]  Jin Wang,et al.  Incorporation of formal safety assessment and Bayesian network in navigational risk estimation of the Yangtze River , 2013, Reliab. Eng. Syst. Saf..

[18]  A. Boonstra,et al.  Does risk management contribute to IT project success? A meta-analysis of empirical evidence , 2010 .

[19]  Chin-Feng Fan,et al.  BBN-based software project risk management , 2004, J. Syst. Softw..

[20]  S.T. Redwine,et al.  Processes for producing secure software , 2004, IEEE Security & Privacy Magazine.

[21]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[22]  Lars Mathiassen,et al.  Attention-shaping tools, expertise, and perceived control in IT project risk assessment , 2007, Decis. Support Syst..

[23]  Bart Baesens,et al.  Toward Comprehensible Software Fault Prediction Models Using Bayesian Network Classifiers , 2013, IEEE Transactions on Software Engineering.

[24]  Ping Guo,et al.  Software Risk Prediction Based on the Hybrid Algorithm of Genetic Algorithm and Decision Tree , 2007, ICIC.

[25]  Gary Klein,et al.  Risks to different aspects of system success , 1999, Inf. Manag..

[26]  Olcay Taner Yildiz,et al.  Software defect prediction using Bayesian networks , 2012, Empirical Software Engineering.

[27]  Ingrid Bouwer Utne,et al.  Use of dynamic Bayesian networks for life extension assessment of ageing systems , 2015, Reliab. Eng. Syst. Saf..

[28]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[29]  Mark Keil,et al.  Understanding software project risk: a cluster analysis , 2004, Inf. Manag..

[30]  Ben J. M. Ale,et al.  Risk of human fatality in building fires: A decision tool using Bayesian networks , 2009 .

[31]  Andrea Back,et al.  The Influence of Risk Factors in Decision-Making Process for Open Source Software Adoption , 2016, Int. J. Inf. Technol. Decis. Mak..

[32]  Luca Podofillini,et al.  Comparing the treatment of uncertainty in Bayesian networks and fuzzy expert systems used for a human reliability analysis application , 2015, Reliab. Eng. Syst. Saf..

[33]  Ana Cristina Vieira de Melo,et al.  Software maintenance project delays prediction using Bayesian Networks , 2008, Expert Syst. Appl..

[34]  Minqiang Li,et al.  A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis , 2014, Inf. Sci..

[35]  Iman Keivanloo,et al.  Software trustworthiness 2.0 - A semantic web enabled global source code analysis approach , 2014, J. Syst. Softw..

[36]  Mark Keil,et al.  An investigation of risk perception and risk propensity on the decision to continue a software development project , 2000, J. Syst. Softw..

[37]  Mark Keil,et al.  How Software Project Risk Affects Project Performance: An Investigation of the Dimensions of Risk and an Exploratory Model , 2004, Decis. Sci..

[38]  Salman Nazari Shirkouhi,et al.  Identifying and Analyzing Risks and Responses for Risk Management in Information Technology Outsourcing Projects Under Fuzzy Environment , 2014, Int. J. Inf. Technol. Decis. Mak..

[39]  Wilhelm Hasselbring,et al.  Toward trustworthy software systems , 2006, Computer.

[40]  Peter Duchessi,et al.  A Bayesian Belief Network for IT implementation decision support , 2006, Decis. Support Syst..

[41]  Mark Keil,et al.  Understanding the most critical skills for managing IT projects: A Delphi study of IT project managers , 2013, Inf. Manag..

[42]  Paul L. Bannerman,et al.  Risk and risk management in software projects: A reassessment , 2008, J. Syst. Softw..