Evaluation of software dependability

It has been said that the term software engineering is an aspiration not a description. We would like to be able to claim that we engineer software, in the same sense that we engineer an aero-engine, but most of us would agree that this is not currently an accurate description of our activities. My suspicion is that it never will be. From the point of view of this essay – i.e. dependability evaluation – a major difference between software and other engineering artefacts is that the former is pure design. Its unreliability is always the result of design faults, which in turn arise as a result of human intellectual failures. The unreliability of hardware systems, on the other hand, has tended until recently to be dominated by random physical failures of components – the consequences of the ‘perversity of nature’. Reliability theories have been developed over the years which have successfully allowed systems to be built to high reliability requirements, and the final system reliability to be evaluated accurately. Even for pure hardware systems, without software, however, the very success of these theories has more recently highlighted the importance of design faults in determining the overall reliability of the final product. The conventional hardware reliability theory does not address this problem at all. In the case of software, there is no physical source of failures, and so none of the reliability theory developed for hardware is relevant. We need new theories that will allow us to achieve required dependability levels, and to evaluate the actual dependability that has been achieved, when the sources of the faults that ultimately result in failure are human intellectual failures

BAYESIAN INFERENCE FOR A SOFTWARE RELIABILITY MODEL USING METRICS INFORMATION.

In this paper, we are concerned with predicting the number of faults N and the time to next failure of a piece of software. Information in the form of software metrics data is used to estimate the prior distribution of N via a Poisson regression model. Given failure time data, and a well known model for software failures, we show how to sample the posterior distribution using Gibbs sampling, as implemented in the package "WinBugs". The approach is illustrated with a practical example.

An Empirical analysis of Open Source Software Defects data through Software Reliability Growth Models

The purpose of this study is to analyze the reliability growth of Open Source Software (OSS) using Software Reliability Growth Models (SRGM). This study uses defects data of twenty five different releases of five OSS projects. For each release of the selected projects two types of datasets have been created; datasets developed with respect to defect creation date (created date DS) and datasets developed with respect to defect updated date (updated date DS). These defects datasets are modelled by eight SRGMs; Musa Okumoto, Inflection S-Shaped, Goel Okumoto, Delayed S-Shaped, Logistic, Gompertz, Yamada Exponential, and Generalized Goel Model. These models are chosen due to their widespread use in the literature. The SRGMs are fitted to both types of defects datasets of each project and the their fitting and prediction capabilities are analysed in order to study the OSS reliability growth with respect to defects creation and defects updating time because defect analysis can be used as a constructive reliability predictor. Results show that SRGMs fitting capabilities and prediction qualities directly increase when defects creation date is used for developing OSS defect datasets to characterize the reliability growth of OSS. Hence OSS reliability growth can be characterized with SRGM in a better way if the defect creation date is taken instead of defects updating (fixing) date while developing OSS defects datasets in their reliability modellin

Why Cooperate? Ethical Analysis of InfoSec Vulnerability Disclosure

Vendors, security consultants and information security researchers seek guidance on if and when to disclose information about specific software or hardware security vulnerabilities. We apply Kantianism to argue that vendors and third parties (InfoSec researchers, consultants, and other interested parties) have an ethical obligation to inform customers and business partners (such as channel partners or providers of complementary products and services) about specific software vulnerabilities (thus addressing if disclosure should occur). We apply Utilitarianism to address the question of when disclosure should occur. By applying these two philosophical perspectives we conclude that to maximize social welfare, vendors should release software fixes as soon as possible, and third parties should adopt a coordinated disclosure policy to avoid placing customers and business partners at unnecessary risk

Узагальнена модель негомогенного пуассонівського процесу для оцінювання надійності програмного забезпечення

This article is devoted to the reliability estimation’s theory and non homogeneous Poisson process models investigation. The generalized finite non Homogeneous Poisson model is proposed.Дана стаття присвячена питанням оцінювання надійності программного забезпечення, дослідженню моделей, що базуються на не гомогенному пуасонівському процесі та розробці узагальненої моделі

Non-Homogeneous Poisson Process to Model Seasonal Events: Application to the Health Diseases

The daily number of hospital admissions due to mosquito-borne diseases can vary greatly. This variability can be explained by different factors such as season of the year, temperature and pollution levels, among others. In this paper, we propose a new class of non-homogeneous Poisson processes which incorporates seasonality factors to more realistically fit data related to rare events, and in particular we show how the modifications applied to the special NHPP intensity function improve the analysis and fit of daily hospital admissions, due to dengue in Ribeirão Preto, São Paulo state, Brazil

On a method for mending time to failure distributions

Many software reliability growth models assume that the time to next failure may be infinite; i.e., there is a chance that no failure will occur at all. For most software products this is too good to be true even after the testing phase. Moreover, if a non-zero probability is assigned to an infinite time to failure, metrics like the mean time to failure do not exist. In this paper, we try to answer several questions: Under what condition does a model permit an infinite time to next failure? Why do all finite failures non-homogeneous Poisson process (NHPP) models share this property? And is there any transformation mending the time to failure distributions? Indeed, such a transformation exists; it leads to a new family of NHPP models. We also show how the distribution function of the time to first failure can be used for unifying finite failures and infinite failures NHPP models. --software reliability growth model,non-homogeneous Poisson process,defective distribution,(mean) time to failure,model unification

Software reliability studies

There are many software reliability models which try to predict future performance of software based on data generated by the debugging process. Our research has shown that by improving the quality of the data one can greatly improve the predictions. We are working on methodologies which control some of the randomness inherent in the standard data generation processes in order to improve the accuracy of predictions. Our contribution is twofold in that we describe an experimental methodology using a data structure called the debugging graph and apply this methodology to assess the robustness of existing models. The debugging graph is used to analyze the effects of various fault recovery orders on the predictive accuracy of several well-known software reliability algorithms. We found that, along a particular debugging path in the graph, the predictive performance of different models can vary greatly. Similarly, just because a model 'fits' a given path's data well does not guarantee that the model would perform well on a different path. Further we observed bug interactions and noted their potential effects on the predictive process. We saw that not only do different faults fail at different rates, but that those rates can be affected by the particular debugging stage at which the rates are evaluated. Based on our experiment, we conjecture that the accuracy of a reliability prediction is affected by the fault recovery order as well as by fault interaction

SOFTWARE RELIABILITY SIMULATION: PROCESS, APPROACHES AND METHODOLOGY

Reliability is probably the most crucial factor to put ones hand up for in any engineering process. Quantitatively, reliability gives a measure (quantity) of quality, and the quantity can be properly engineered using appropriate reliability engineering process. Software Reliability Modeling has been one of the much-attracted research domains in Software Reliability Engineering, to estimate the current state as well as predict the future state of the software system reliability. This paper aims to raise awareness about the usefulness and importance of simulation in support of software reliability modeling and engineering. Simulation can be applied in many critical and touchy areas and enables one to address issues before they these issues become problems. This paper brings to fore some key concepts in simulation-based software reliability modeling. This paper suggests that the software engineering community could exploit simulation to much greater advantage which include cutting down on software development costs, improving reliability, narrowing down the gestation period of software development, fore-seeing the software development process and the software product itself and so on