Publications Details

Risk management - What about software?

Risks in software systems arise from many directions. There are risks that the software is faulty, that the system may be attacked, that safety hazards exist, that the system may be inoperable or untimely, that an abnormal event may cause unexpected actions, etc. Risk analysis tools should support and document risk-mitigation decisions and facilitate understanding of residual risks. These tools must be based on a sound theory of risk, which does not exist today. Probabilistic risk assessment techniques apply to physically-based systems where failure modes and event dependence are fairly well understood. But they cannot be blindly applied to software systems, which do not share these characteristics. Moreover, we need to meld many diverse aspects of risk for software systems. This presentation will explore some thought-provoking ideas about modeling, problem spaces, solution approaches, math, decision friendly output, and the role of risk analysis in the software lifecycle.