An integrated risk measurement and optimization model for trustworthy software process management

The growing demand for higher trustworthiness of software poses an unprecedented challenge to the software industry. Risk management is the important part for high quality software development processes. However, under the constraints of project cost and duration, it is very difficult to establish the budget for risk management. To integrate efficient risk management and pure software process is the goal of this paper. We propose a software process model with risk management and cost control modules to help improve software process risk management. Furthermore, based on this process model, a measurement model that includes process risk and software trustworthiness metrics is presented. Through risk management effectiveness calculation methods and risk transfer assumptions, a software process risk optimization model is proposed. This model can be used to derive an optimized risk management scheme for the process of trustworthy software development, with constraints of process cost and duration. Simulation cases are then analyzed by this model framework. The results show that risk management is critical to enhance trustworthiness but risk management is an effective complement, rather than the most fundamental process, to enhance the trustworthiness of software. Software developers should adopt appropriate and optimal strategies about risk management inputs, especially in lower CMMI level companies. (C) 2011 Elsevier Inc. All rights reserved.