Quantifying Software Risk Using Qualitative Data:A Method For Software System Safety

摘要

The safety assessment of software is not asstraight forward a process as it is for hardware.A hardware safety assessment generally relies onan analysis of the severity of the hazards and theprobabilities, whether qualitative or quantitative,coupled with the remaining conditions requiredresulting in a hazardous condition or mishap.Qualitative probabilities are based largely onengineering judgement and experience withsimilar systems, while quantitative probabilitiesare based on solid statistical data, such asreliability predictions and tests. Unfortunately,current reliability measurements for software donot provide sufficient information to assess asoftware system’s level of safety. As a result,qualitative risk assessment has been traditionallyused to assess software safety. Qualitative riskassessments are based on an assessment by thesafety engineer and the software safety team thatsufficient analysis and testing have beenperformed. This paper describes a formalprocess for integrating software hazard riskindices from MIL-STD 882C with specificsoftware analysis and software testing to deriverisk levels – termed ‘Transformed SoftwareHazard Risk Index’ (TSHRI) that expresssoftware risk, relative to a top-level hazard, interms of probability and severity. The TSHRIcan be integrated into hardware, human, andenvironmental interaction risk elements todevelop a complete top-level hazard riskassessment.