Software metrics should support managerial decision making in software projects. We explain how traditional metrics approaches, such as regression-based models for cost estimation fall short of this goal. Instead, we describe a causal model (using a Bayesian network) which incorporates empirical data, but allows it to be interpreted and supplemented using expert judgement. We show how this causal model is used in a practical decision-support tool, allowing a project manager to trade-off the resources used against the outputs (delivered functionality, quality achieved) in a software project. The model and toolset have evolved in a number of collaborative projects and hence capture significant commercial input. Extensive validation trials are taking place among partners on the EC funded project MODIST (this includes Philips, Israel Aircraft Industries and QinetiQ) and the feedback so far has been very good. The estimates are sensible and the causal modelling approach enables decision-makers to reason in a way that is not possible with other project management and resource estimation tools. To ensure wide dissemination and validation a version of the toolset with the full underlying model is being made available for free to researchers. 1.

norman,martin,william

We consider approximate inference in hybrid Bayesian Networks (BNs) and present a new iterative algorithm that efficiently combines dynamic discretisation with robust propagation algorithms on junction trees structures. Our approach offers a significant extension to Bayesian Network theory and practice by offering a flexible way of modelling continuous nodes in BNs conditioned on complex configurations of evidence and intermixed with discrete nodes as both parents and children of continuous nodes. Our algorithm is implemented in a commercial Bayesian Network software package, AgenaRisk, which allows model construction and testing to be carried out easily. The results from the empirical trials clearly show how our software can deal effectively with different type of hybrid models containing elements of expert judgement as well as statistical inference. In particular, we show how the rapid convergence of the algorithm towards zones of high probability density, make robust inference analysis possible even in situations where, due to the lack of information in both prior and data, robust sampling becomes unfeasible.

The following paper characterizes the area of software processes considering their different approaches for evaluation and measurement. It shows some of the existing kinds of evaluation (rules of thumb, laws, principles, formulas etc.) and metrics concepts in the software management literature background ([3], [4], [6], [16], [17], [24], [30] etc.). The goal is to identify process quality rules that cover the whole software process models and structures in order to achieve a quantitative software management and to identify open problems. We discuss a methodology achieving a holistic overview about quality-based relations between different components of the software development considering products, processes and resources. This paper is based on a detailed literature recherché about process measurement available in [5]. 1

This paper shows how recent revolutionary Bayesian Network (BN) algorithms can be used to model very complex reliability problems in a simple unified way. The algorithms work for socalled hybrid BNs, which are BNs that can contain a mixture of both discrete and continuous variables. Such hybrid BNs enable us to model failure times and reliability together. The approach allows a compact representation of the event-dependent failure behaviours characteristic of fault-tolerant systems, avoiding the state space explosion problem of the Markov Chain based approaches. The BN framework presented is able to solve any configuration of static and dynamic gates with general time-to-failure distributions, without using numerical integration techniques or simulation methods. Unlike other approaches (which tend to be restricted to using exponential distributions) we can use as input any parametric or empirical failure rate distribution. The approach offers a powerful framework for analysts and decision makers to successfully perform robust reliability assessment. Sensitivity, uncertainty, diagnosis analysis, common cause failures, and warranty analysis can also be easily performed within this framework.

Abstract. With the rapid adoption of the Service Oriented Architecture (SOA), sophisticated software systems are increasingly built by composing coarse-grained service components offered by different organizations through standard web service interfaces. The ability to quantify end-to-end security risks of composite software services is extremely valuable to businesses that increasingly rely on web applications to interact with their customers and partners. In this position paper, we propose a framework that predicts the probability of end-to-end security breaches of a software service by using a combination of three models: (1) a software security model that describes the probability distribution of security bugs in individual components, (2) a service composition model that describes the interactions of components and the contribution of security bugs in individual components to the overall security of the service, and (3) a hacking exposure model that estimates hackers ’ knowledge of individual components and hence the probability that a security hole, if exists, may be exploited. 1

To make accurate predictions of attributes like defects found in complex software projects we need a rich set of process factors. We have developed a causal model that includes such process factors, both quantitative and qualitative. The factors in the model were identified as part of a major collaborative project. A challenge for such a model is getting the data needed to validate it. We present a dataset, elicited from 31 completed software projects in the consumer electronics industry, which we used for validation. The data were gathered using a questionnaire distributed to managers of recent projects. The dataset will be of interest to other researchers evaluating models with similar aims. We make both the dataset and causal model available for research use. 1.

Although a number of approaches have been taken to quality prediction for software, none have achieved widespread applicability. This paper describes a single model to combine the diverse forms of, often causal, evidence available in software development in a more natural and efficient way than done previously. We use Bayesian Networks as the appropriate formalism for representing defect introduction, detection and removal processes throughout any life-cycle. The approach combines subjective judgements from experienced project managers and available defect rate data to produce a risk map and use this to forecast and control defect rates. Moreover, the risk map more naturally mirrors real world influences without any distracting mathematical formality. The paper focuses on the extensive validation of the approach within Philips Consumer Electronics (dozens of diverse projects across Philips internationally). The resulting model (packaged within a commercial software tool, AgenaRisk, usable by project managers) is now being used to predict defect rates at various testing and operational phases. The results of the validation confirm that the approach is scalable, robust and more accurate that can be achieved using classical methods. We have found 95 % correlation between actual and predicted defects. The defect prediction models incorporate cutting-edge ideas and results from software metrics and process improvement research and package them as risk templates that can either be applied either offthe-shelf or after calibrating them to local conditions and to suit the software development processes in use. 1.

Abstract not found