SYSTEM AND METHOD TO DETERMINE DEFECT RISKS IN SOFTWARE SOLUTIONS

US 20110067005A1
Filed: 09/11/2009
Published: 03/17/2011
Est. Priority Date: 09/11/2009
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions operable to:

receive one or more risk factors;

receive one or more contexts and identify one or more context relationships;

associate the one or more contexts with the one or more risk factors;

map the one or more risk factors for an associated context to a software defect related risk consequence to determine a risk model; and

execute a risk-based testing based on the risk model to determine a defect related risk evaluation for a software development project.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions. The programming instructions are operable to receive one or more risk factors, receive one or more contexts, identify one or more context relationships and associate the one or more contexts with the one or more risk factors. Additionally, the programming instructions are operable to map the one or more risk factors for an associated context to a software defect related risk consequence to determine a risk model and execute a risk-based testing based on the risk model to determine a defect related risk evaluation for a software development project.

Citations

25 Claims

1. A method implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions operable to:
- receive one or more risk factors;
  
  receive one or more contexts and identify one or more context relationships;
  
  associate the one or more contexts with the one or more risk factors;
  
  map the one or more risk factors for an associated context to a software defect related risk consequence to determine a risk model; and
  
  execute a risk-based testing based on the risk model to determine a defect related risk evaluation for a software development project.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the one or more risk factors is an orthogonal list of risk factors.
  - 3. The method of claim 1, wherein the one or more risk factors comprise at least one of technical risk factors, business risk factors and project management risk factors.
  - 4. The method of claim 1, wherein the one or more risk factors comprises user-added risk factors.
  - 5. The method of claim 1, wherein the one or more risk factors are defined with one or more of a risk factor name, a risk factor category, a requirement type, a description, one or more scale definitions and a risk factor value.
  - 6. The method of claim 5, further comprising determining the risk factor value by at least one of measuring directly, calculating from risk sub factor values and using a questionnaire.
  - 7. The method of claim 1, further comprising refactoring the one or more risk factors to achieve an orthogonal list of risk factors by at least one of merging risk factors, deleting a risk factor, splitting risk factors and adding the risk factor.
  - 8. The method of claim 1, wherein the identifying the one or more contexts comprise at least one of a top-down approach and a bottom-up approach.
  - 9. The method of claim 1, wherein the identifying the one or more context relationships comprises identifying one or more aggregate context relationships and one or more implementation context relationships.
  - 10. The method of claim 1, wherein the associating the one or more contexts with the one or more risk factors comprises, for each of the one or more risk factors identifying contexts from the one or more contexts for which the one or more risk factors are applicable.
  - 11. The method of claim 1, wherein the mapping the one or more risk factors for the associated context to the software defect related risk consequence comprises determining a dimension where the one or more risk factors generates a risk impact.
  - 12. The method of claim 11, wherein the dimension comprises at least one of:
    - a failure possibility dimension, which indicates a likelihood that a defect will occur within a specific context; and
      
      a failure damage dimension, which indicates a consequence of an occurrence of the defect in production.
  - 13. The method of claim 1, wherein the mapping the one or more risk factors for the associated context to the software defect related risk consequence comprises receiving mapping rules as if-then rules.
  - 14. The method of claim 1, wherein the mapping the one or more risk factors for the associated context to the software defect related risk consequence comprises:
    - determining a relative weight for relevant risk factors;
      
      determining a weighted sum of the relevant risk factors of a context for failure damage risk factors;
      
      determining a weighted sum of the relevant risk factors of the context for failure possibility risk factors; and
      
      calculating a product of the weighted sum of the relevant risk factors for failure damage risk factors and the weighted sum of the relevant risk factors for failure possibility risk factors to determine an overall risk for the context.
  - 15. The method of claim 1, wherein the executing the risk-based testing is performed for each stage in a software development lifecycle.
  - 16. The method of claim 1, wherein the executing the risk-based testing comprises:
    - breaking down software into risk evaluation units;
      
      evaluating and annotating a software solution with selected risk factors for the risk evaluation units;
      
      performing the risk-based testing on the software from one or more dimensions,collecting test results and a test process from the risk-based testing; and
      
      updating the defect related risk evaluation.
  - 17. The method of claim 16, further comprising updating the risk model including at least one of altering a relative weight of a risk factor, adding a new risk factor, adding or removing a context and altering one or more mapping definitions.
  - 18. The method of claim 1, wherein a service provider at least one of creates, maintains, deploys and supports the computer infrastructure.
  - 19. The method of claim 1, wherein steps are provided by a service provider on a subscription, advertising, and/or fee basis.

20. A system implemented in hardware, comprising:
- a risk factor receiving (RFR) tool operable to receive one or more risk factors;
  
  a context receiving (CR) tool operable to receive;
  
  one or more contexts;
  
  one or more context relationships; and
  
  associations of the one or more contexts with the one or more risk factors;
  
  a mapping tool operable to map the one or more risk factors for an associated context to a software defect related risk consequence to determine a risk model;
  
  a software break-down (SB) tool operable to break-down software into risk evaluation units;
  
  a risk annotation tool operable to evaluate and annotate a software solution with selected risk factors for the risk evaluation units; and
  
  a risk-based testing tool operable to execute a risk-based testing on the software based on the risk model to determine a defect related risk evaluation for a software development project and collect test results and a test process from the risk-based testing.
- View Dependent Claims (21, 22, 23)
- - 21. The system of claim 20, further comprising at least one of:
    - a risk evaluation update (REU) tool operable to update the defect related risk evaluation; and
      
      a risk model update (RMU) tool operable to update the risk model by at least one of altering a relative weight of a risk factor, adding a new risk factor, adding or removing a context and altering one or more mapping definitions
  - 22. The system of claim 20, wherein the one or more risk factors:
    - comprise an orthogonal list of risk factors, including at least one of technical risk factors, business risk factors, project management risk factors and user-added risk factors; and
      
      are defined with one or more of a risk factor name, a risk factor category, a requirement type, a description, one or more scale definitions and a risk factor value.
  - 23. The system of claim 20, wherein the mapping the one or more risk factors for the associated context to the software defect related risk consequence comprises determining a dimension where the one or more risk factors generates a risk impact, wherein the dimension comprises at least one of:
    - a failure possibility dimension, which indicates a likelihood that a defect will occur within a specific context; and
      
      a failure damage dimension, which indicates a consequence of an occurrence of the defect in production.

24. A computer program product comprising a computer usable storage medium having readable program code embodied in the storage medium, the computer program product includes at least one component operable to:
- receive one or more risk factors, wherein the one or more risk factors;
  
  comprise an orthogonal list of risk factors, including at least one of technical risk factors, business risk factors, project management risk factors and user-added risk factors; and
  
  are defined with one or more of a risk factor name, a risk factor category, a requirement type, a description, one or more scale definitions and a risk factor value;
  
  receive one or more contexts and identify one or more context relationships;
  
  associate the one or more contexts with the one or more risk factors;
  
  map the one or more risk factors for an associated context to a software defect related risk consequence to determine a risk model; and
  
  execute a risk-based testing based on the risk model to determine a defect related risk evaluation for a software development project.

25. A computer system for classifying automated code inspection services defect output for defect analysis, the system comprising:
- a CPU, a computer readable memory and a computer readable storage media;
  
  first program instructions to receive one or more risk factors;
  
  second program instructions to receive one or more contexts and identify one or more context relationships;
  
  third program instructions to associate the one or more contexts with the one or more risk factors;
  
  fourth program instructions to map the one or more risk factors for an associated context to a software defect related risk consequence to determine a risk model, wherein the mapping the one or more risk factors comprises determining a dimension where the one or more risk factors generates a risk impact, wherein the dimension comprises at least one of;
  
  a failure possibility dimension, which indicates a likelihood that a defect will occur within a specific context; and
  
  a failure damage dimension, which indicates a consequence of an occurrence of the defect in production; and
  
  fifth program instructions to execute a risk-based testing based on the risk model to determine a defect related risk evaluation for a software development project,wherein the first, second, third, fourth and fifth program instructions are stored on the computer readable storage media for execution by the CPU via the computer readable memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Hess, Howard M., Huang, Sheng, Tan, Hua F., Kagan, Steven, Zhu, Jun, Skrabanek, Susan E., Li, Zhong J., Bassin, Kathryn A., Liu, He H., Li, Shao C.

Granted Patent

US 8,495,583 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/127
CPC Class Codes

G06F 11/008   Reliability or availability...

G06F 11/3466   Performance evaluation by t...

G06F 8/10   Requirements analysis; Spec...

G06Q 10/0635   Risk analysis of enterprise...

SYSTEM AND METHOD TO DETERMINE DEFECT RISKS IN SOFTWARE SOLUTIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD TO DETERMINE DEFECT RISKS IN SOFTWARE SOLUTIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links