Methodology for the assessment of software risk

Susan Ann Sherer, University of Pennsylvania


We present a framework for software quality that incorporates the economic significance of software failure. We present methodology to assess software exposure and software risk--the magnitude of the potential loss due to software failure, and the expected value of this loss, respectively. Neither traditional software reliability measurement techniques nor traditional development and testing methodologies consider the fact that the consequences of various software failures will be very different. Thus, they are of limited use in the allocation of resources to the portions of a system with the greatest risk. We present methodology to measure the differential risk of failure in various portions of a software system. We draw upon probabilistic risk assessment techniques to assess exposure of a software system due to events in the environment in which the software will operate. Procedures are presented to estimate the potential exposure due to failures caused by faults in different modules comprising a software system. Consideration is given to both module function and and expected use. A Bayesian approach is used to estimate the likelihood of failure due to faults in each module. We feel that software risk is a far more meaningful measure of software quality than the more traditional expected number of residual errors or failures per unit time. Measures of exposure and risk can be used by software engineering managers throughout the development process. Consideration of software exposure can guide software design decisions. Allocation of test and maintenance effort can be made relative to the potential risk of individual modules.

Subject Area

Information Systems|Computer science

Recommended Citation

Sherer, Susan Ann, "Methodology for the assessment of software risk" (1988). Dissertations available from ProQuest. AAI8908388.