我们学到了什么关于软件保障的价值

International Symposium on Empirical Software Engineering and Measurement Pub Date : 2014-09-18 DOI:10.1145/2652524.2652591

D. Port, T. Bui, J. Wilf, Y. Kobayashi, Yuko Miyamoto

{"title":"我们学到了什么关于软件保障的价值","authors":"D. Port, T. Bui, J. Wilf, Y. Kobayashi, Yuko Miyamoto","doi":"10.1145/2652524.2652591","DOIUrl":null,"url":null,"abstract":"Context: There is a pervasive feeling that somehow software assurance is important. For example, national space agencies, such as the National Aeronautics and Space Administration (NASA) and the Japan Aerospace Exploration Agency (JAXA), require assurance for their critical software systems. Their assurance effort goes beyond testing, and includes activities such as process compliance checks, artifact audits, and traceability validation. These activities can be costly and their benefits, particularly in managing risk, are poorly understood. This inevitably leads to tough questions concerning value such as \"Is assurance worth doing?\" and \"How much assurance do we actually need?\"\n Goal: For many years the software assurance community has been struggling with how to rationalize investing in software assurance. Numerous value models have been suggested, but these have not been able to explicitly connect assurance activities to their expected benefits, making them difficult to use for value assessment. As a consequence, assurance managers are ill equipped to plan and justify their budgets, frequently finding that assurance is first on the chopping block when cuts are made. We discuss some common value propositions and how why they are not operationally useful within our assurance practice.\n Method: From our ongoing empirical study of assurance practice at NASA and JAXA, we are led to a fundamental assurance value proposition that implies an operational and justifiable proposition of assurance value. We depart from contemporary views that focus on defect-centric factors such as defect avoidance or early defect mitigation. Rather, we have observed that assurance value stems from enabling more confident quality-critical decision-making.\n Results: From this new viewpoint value can be tangibly measured as a reduction in the risk of making a bad decision due to uncertainty in quality factors. This has some surprising and consequential implications. For example, from this viewpoint, assurance value does not depend on the actual number of defects found; instead it depends on the degree of coverage an assurance activity provides, regardless if defects are found.\n Conclusions: By exploring what we have learned about assurance value we better understand and from an industry standpoint it is an important issue to address.","PeriodicalId":124452,"journal":{"name":"International Symposium on Empirical Software Engineering and Measurement","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"What we have learned about the value of software assurance\",\"authors\":\"D. Port, T. Bui, J. Wilf, Y. Kobayashi, Yuko Miyamoto\",\"doi\":\"10.1145/2652524.2652591\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Context: There is a pervasive feeling that somehow software assurance is important. For example, national space agencies, such as the National Aeronautics and Space Administration (NASA) and the Japan Aerospace Exploration Agency (JAXA), require assurance for their critical software systems. Their assurance effort goes beyond testing, and includes activities such as process compliance checks, artifact audits, and traceability validation. These activities can be costly and their benefits, particularly in managing risk, are poorly understood. This inevitably leads to tough questions concerning value such as \\\"Is assurance worth doing?\\\" and \\\"How much assurance do we actually need?\\\"\\n Goal: For many years the software assurance community has been struggling with how to rationalize investing in software assurance. Numerous value models have been suggested, but these have not been able to explicitly connect assurance activities to their expected benefits, making them difficult to use for value assessment. As a consequence, assurance managers are ill equipped to plan and justify their budgets, frequently finding that assurance is first on the chopping block when cuts are made. We discuss some common value propositions and how why they are not operationally useful within our assurance practice.\\n Method: From our ongoing empirical study of assurance practice at NASA and JAXA, we are led to a fundamental assurance value proposition that implies an operational and justifiable proposition of assurance value. We depart from contemporary views that focus on defect-centric factors such as defect avoidance or early defect mitigation. Rather, we have observed that assurance value stems from enabling more confident quality-critical decision-making.\\n Results: From this new viewpoint value can be tangibly measured as a reduction in the risk of making a bad decision due to uncertainty in quality factors. This has some surprising and consequential implications. For example, from this viewpoint, assurance value does not depend on the actual number of defects found; instead it depends on the degree of coverage an assurance activity provides, regardless if defects are found.\\n Conclusions: By exploring what we have learned about assurance value we better understand and from an industry standpoint it is an important issue to address.\",\"PeriodicalId\":124452,\"journal\":{\"name\":\"International Symposium on Empirical Software Engineering and Measurement\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Symposium on Empirical Software Engineering and Measurement\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2652524.2652591\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Symposium on Empirical Software Engineering and Measurement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2652524.2652591","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

上下文:有一种普遍的感觉，不知何故，软件保证是重要的。例如，国家空间机构，如国家航空航天局(NASA)和日本宇宙航空研究开发机构(JAXA)，需要对其关键软件系统进行保证。他们的保证工作超越了测试，还包括过程遵从性检查、工件审计和可追溯性验证等活动。这些活动可能代价高昂，而且它们的好处，特别是在管理风险方面，人们对它们的好处知之甚少。这不可避免地导致了一些关于价值的棘手问题，如“保证值得做吗?”和“我们实际需要多少保证?”目标:多年来，软件保证社区一直在努力解决如何使软件保证投资合理化的问题。已经提出了许多价值模型，但是这些模型都不能明确地将保证活动与其预期收益联系起来，使得它们难以用于价值评估。因此，保证管理人员在计划和证明预算合理性方面能力不足，经常发现在削减开支时，保证是第一个被砍掉的。我们将讨论一些常见的价值主张，以及为什么它们在我们的保证实践中在操作上没有用处。方法:从我们正在进行的NASA和JAXA保证实践的实证研究中，我们得到了一个基本的保证价值主张，该主张暗示了保证价值的可操作和合理主张。我们偏离了关注以缺陷为中心的因素，如缺陷避免或早期缺陷缓解的当代观点。更确切地说，我们已经观察到，保证价值源于更有信心的质量关键决策。结果:从这个新的观点来看，价值可以被有形地衡量为由于质量因素的不确定性而做出错误决策的风险的减少。这有一些令人惊讶和重要的含义。例如，从这个观点来看，保证值并不依赖于发现的缺陷的实际数量;相反，它取决于保证活动提供的覆盖程度，而不管是否发现缺陷。结论:通过探索我们对保证价值的了解，从行业的角度来看，我们更好地理解了这是一个需要解决的重要问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

What we have learned about the value of software assurance

Context: There is a pervasive feeling that somehow software assurance is important. For example, national space agencies, such as the National Aeronautics and Space Administration (NASA) and the Japan Aerospace Exploration Agency (JAXA), require assurance for their critical software systems. Their assurance effort goes beyond testing, and includes activities such as process compliance checks, artifact audits, and traceability validation. These activities can be costly and their benefits, particularly in managing risk, are poorly understood. This inevitably leads to tough questions concerning value such as "Is assurance worth doing?" and "How much assurance do we actually need?" Goal: For many years the software assurance community has been struggling with how to rationalize investing in software assurance. Numerous value models have been suggested, but these have not been able to explicitly connect assurance activities to their expected benefits, making them difficult to use for value assessment. As a consequence, assurance managers are ill equipped to plan and justify their budgets, frequently finding that assurance is first on the chopping block when cuts are made. We discuss some common value propositions and how why they are not operationally useful within our assurance practice. Method: From our ongoing empirical study of assurance practice at NASA and JAXA, we are led to a fundamental assurance value proposition that implies an operational and justifiable proposition of assurance value. We depart from contemporary views that focus on defect-centric factors such as defect avoidance or early defect mitigation. Rather, we have observed that assurance value stems from enabling more confident quality-critical decision-making. Results: From this new viewpoint value can be tangibly measured as a reduction in the risk of making a bad decision due to uncertainty in quality factors. This has some surprising and consequential implications. For example, from this viewpoint, assurance value does not depend on the actual number of defects found; instead it depends on the degree of coverage an assurance activity provides, regardless if defects are found. Conclusions: By exploring what we have learned about assurance value we better understand and from an industry standpoint it is an important issue to address.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Symposium on Empirical Software Engineering and Measurement

自引率

0.00%

发文量