«Software Fault Reporting Processes in Business-Critical Systems Jon Arvid Børretzen Doctoral Thesis Submitted for the partial fulfilment of the ...»
[Gamma95] Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design patterns: Elements of reusable object-oriented software. Addison Wesley, 1995.
[Glass94] Glass, R.L.: The Software Research Crisis. IEEE Software, (11)6, pp. 42-47, Nov. 1994.
[Grady92] Grady, R.: Practical Software Metrics for Project Management and Process Improvement. Prentice Hall, 1992.
[Heimdahl98] Heimdahl, M.P.E., Heitmeyer, C.L.: Formal methods for developing high assurance computer systems: working group report. Proceedings of the 2nd IEEE Workshop on Industrial Strength Formal Specification Techniques, pp. 60-64, 21-23 Oct. 1998.
[Heineman01] Heineman, G.T., Councill, W.T.: Component-Based Software Engineering. Addison-Wesley, Boston, 2001.
[Herrmann99] Herrmann, D.S., Peercy, D.E.: Software reliability cases: the bridge between hardware, software and system safety and reliability. Proceedings of the Annual Reliability and Maintainability Symposium, pp. 396-402, Washington, DC, USA,18-21 Jan. 1999.
[Hongxia01] Hongxia J., Santhanam, P.: An approach to higher reliability using software components. Proceedings of 12th International Symposium on Software Reliability Engineering, pp. 2-11, Hong Kong, China, 27-30 Nov. 2001.
[IEEE 1228] IEEE: Standard for Software Safety Plans, IEEE STD 1228-1994. 17 logical p. of 23 physical pages.
[IEEE 1044] IEEE: Standard Classification for Software Anomalies, IEEE STD 1044December 2, 1993 [IEEE 610.12] IEEE: IEEE Standard Glossary of Software Engineering Terminology, IEEE STD 610.12-1990. 84 p., created in 1990 and reaffirmed in 2002.
[ISO91] ISO: ISO/IEC 9126 - Information technology - Software evaluation – Quality characteristics and guide-lines for their use. December 1991.
[ISO 9000] ISO: Quality management and quality assurance standards, Part 1:
Guidelines for selection and use, ISO 9000-1. Geneva, 1994 [ISO 9001] ISO: Quality Management Systems - Requirements for quality assurance, ISO 9001:2000. Geneva, 2000.
[ITU-T E.800] ITU: Telephone Network and ISDN, Quality of Service, Network Management and Traffic Engineering – Terms and Definitions Related to Quality of Service And Network Performance Including Dependability, ITU-T Recommendation E.800. 54 p, Geneva, Switzerland, August 1994.
[ITU-T X.902] ITU: Open Distributed Processing – Reference Model – Part 2:
Foundations, ITU-T Recommendation X.902. 20 p, Geneva, Switzerland, 1995.
[Jarke93] Jarke, M., Bubenko, J.A., Rolland, C., Sutcliffe, A., Vassiliou, Y.: Theories Underlying Requirements Engineering: An Overview of NATURE at Genesis.
Proceedings of the IEEE Symposium on Requirements Engineering, pp. 19-31, IEEE Computer Society Press, San Diego, January 1993.
[Kohl99] Kohl, R.J.: Establishing guidelines for suitability of COTS for a mission critical application. Proceedings of The Twenty-Third Annual International Computer Software and Applications Conference, COMPSAC '99, pp. 98 -99, Phoenix, AZ, USA, 27-29 Oct. 1999.
[Kroll03] Kroll, P., Krutchen, P.: The Rational Unified Process Made Easy: A Practitioner's Guide to Rational Unified Process. Addison Wesley, Boston, 2003.
[Kropp98] Kropp, N.P., Koopman Jr., P.J., Siewiorek, D.P.: Automated Robustness Testing of Off-the-Shelf Software Components. Proceedings of the 29th Symposium on Fault-Tolerant Computing, pp. 230-239, Madison, Wisconsin, USA, June 15-18, 1999.
[Kruchten00] Kruchten, P.: The Rational Unified Process. An Introduction. AddisonWesley, Boston, 2000.
[Laprie95] Laprie, J.-C.: Dependable computing and fault tolerance: Concepts and terminology. Proceedings of the Twenty-Fifth International Symposium on FaultTolerant Computing, Pasadena, California, June 27-30, 1995.
[Leveson95] Leveson, N.: Safeware: System safety and computers. Addison Wesley, 1995.
[Leveson07] Leveson, N.: System Safety Engineering: Back To The Future (web version of updates to 1995 book), available from http://sunnyday.mit.edu/book2.pdf, 2007.
[Li06] Li, J., Bjoernson, F.O., Conradi, R., Kampenes, V.B.: An Empirical Study of Variations in COTS-based Software Development Processes in Norwegian IT Industry. Journal of Empirical Software Engineering, 11(3), pp. 433-461, 2006.
[Littlewood00] Littlewood, B., Strigini, L.: Software reliability and dependability: a roadmap. Proceedings of the Conference on The Future of Software Engineering, 22nd International Conference on Software Engineering, pp. 175-188, Limerick, Ireland, June 2000.
[Mohagheghi04] Mohagheghi, P., Conradi, R., Killi, O.M., Schwarz, H.: An Empirical Study of Software Reuse vs. Defect Density and Stability. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04), pp. 282-292, Edinburgh, Scotland, May 2004.
[Mohagheghi04b] Mohagheghi, P.: The Impact of Software Reuse and Incremental Development on the Quality of Large Systems. PhD Thesis, NTNU 2004:95, ISBN 82-471-6408-6, 10 July 2004.
[Mohagheghi04c] Mohagheghi, P., Conradi, R.: Exploring Industrial Data Repositories:
Where Software Development Approaches Meet. In Proceedings of the 8th ECOOP Workshop on Quantitative Approaches in Object-Oriented Software Engineering (QAOOSE’04), 9 p., Oslo, Norway, 15 June 2004.
[Mohagheghi06] Mohagheghi, P., Conradi, R., Børretzen, J.A.: Revisiting the Problem of Using Problem Reports for Quality Assessment. Proceedings of the 4th Workshop on Software Quality, held at ICSE'06, Shanghai, pp. 45-50, 21 May 2006.
[Moløkken04] Moløkken-Østvold, K.J., Jørgensen, M., Tanilkan, S.S., Gallis, H., Lien, A.C., Hove, S.E.: Simula Report 2004-03. “Results from the BEST-Pro (Better Estimation of Software Tasks and Process Improvement) survey”, 2004.
[Neumann07] Neumann, P.G.: The Risks Digest. Available from:
[Parnas03] Parnas, D.L., Lawford, M.: The role of inspection in software quality assurance. IEEE Transactions on Software Engineering, 29(8), pp 674-676, Aug.
[Price99] Price, J.: Christopher Alexander's pattern language. IEEE Transactions on Professional Communication, (42)2, pp. 117-122, June 1999.
[Rational] Rational Software, available at: http://www-306.ibm.com/software/rational/, 2007.
[Rausand91] Rausand, M.: Risikoanalyse. Tapir Forlag, Trondheim, 1991.
[Riehle96] Riehle, D. and Zullighoven, H.; Understanding and Using Patterns in Software Development. Theory and Practice of Object Systems, 2(1), pp. 3-13, 1996.
[Royce70] Royce, W.W.: Managing the Development of Large Software Systems.
Proceedings of IEEE WESCON, pp. 1-9, August 1970.
[SAP] SAP AG: SAP ERP, http://www.sap.com/index.epx [Schneidewind98] Schneidewind, N.F.: Methods for assessing COTS reliability, maintainability, and availability. Proceedings of IEEE International Conference on Software Maintenance, pp. 224-225, Bethesda, Maryland, USA, 16-20 Nov. 1998.
[Seaman99] Seaman, C.B.: Qualitative Methods in Empirical Studies of Software Engineering. IEEE Transactions on Software Engineering, (25)4, pp. 557–572, July/August 1999.
[SEI] Carnegie Mellon Software Engineering Institute: Performance-Critical Systems (PCS) Introduction. Available from: http://www.sei.cmu.edu/pcs/introduction.html, 2007.
[Shull00] Shull, F., Russ, I., Basili, V.: How Perspective-Based Reading Can Improve Requirements Inspections. IEEE Computer, 33(7), pp. 73-79, July 2000.
[Solingen99] van Solingen, R., Berghout, E.: The Goal/Question/Metric Method.
McGraw Hill, 1999.
[Sommerville04] Sommerville, I.: Software Engineering. 7th edition, Addison-Wesley, 2004.
[Stålhane02] Stålhane, T., Conradi, R., Sjøberg, D.: Proposal for BUCS project. pp. 1October 2002.
[Stålhane03] Stålhane, T, Myhrer, P.T., Lauritsen, T., Børretzen, J.A.: Intervju med utvalgte norske bedrifter omkring utvikling av forretningskritiske systemer. Internal
BUCS report, 6 pages, available at:
[Strauss98] Strauss, A., Corbin, J.: Basics of Qualitative Research. Sage Publications, London, UK, 1998.
[Thomas96] Thomas, S.A., Hurley, S.F., Barnes, D.J.: Looking for the human factors in software quality management. Proceedings of International Conference on Software Engineering: Education and Practice, pp. 474-480, Dunedin, New Zealand, 24-27 Jan. 1996.
[Vinter00] Vinter, O., Lauesen, S.: Analyzing Requirements Bugs. Software Testing & Quality Engineering Magazine, Vol. 2-6, Nov/Dec 2000 [Votta95] Votta, L.G., Zajak, M.L.: Design Process Improvement Case Study Using Process Waiver Data. Proceedings of the 5th European Software Engineering Conference, pp.44-58, Barcelona, Spain, September 25-28, 1995.
[Wohlin00] Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation in software engineering: an introduction. Kluwer Academic Publishers, Norwell, MA, USA, 2000.
[Yin03] Yin, R.K.: Case Study Research, Design and Methods. Sage Publications, 2003.
[Zelkowitz98] Zelkowitz, M.V., Wallace, D.R.: Experimental models for validating technology. IEEE Computer, (31)5, pp. 23-31, May 1998.
Appendix A: Papers This section contains the seven papers P1-P7 as presented in section 1.5, as well as a proposed paper P8 presented as a technical report. It should be noted that the papers have been re-formatted from their original format to fit into this thesis.
P1. Safety activities during early software project phases Jon Arvid Børretzen, Tor Stålhane, Torgrim Lauritsen, and Per Trygve Myhrer Department of Computer and Information Science, Norwegian University of Science and Technology, NO-7491 Trondheim, Norway Email: firstname.lastname@example.org Abstract This paper describes how methods taken from safety-critical practises can be used in development of business-critical software. The emphasis is on the early phases of product development, and on use together with the Rational Unified Process. One important part of the early project phases is to define safety requirements for the system. This means that in addition to satisfying the need for functional system requirements, non-functional requirements about system safety must also be included.
By using information that already is required or produced in the first phases of RUP together with some suitable “safety methods”, we are able to produce a complete set of safety requirements for a business-critical system before the system design process is started.
Software systems play an increasingly important role in our daily lives. The technological development has lead to the introduction of software systems into an increasing number of areas. In many of these areas we become dependent on these systems, and their weaknesses could have grave consequences. There are areas where correctly functioning software is important for the health and well-being of humans, like air-traffic control and in health systems. There are, however, other systems that we also expect and hope will run correctly because of the negative effects of failure, even if the consequences are mainly of an economic nature. This is what we call business-critical systems, and business-critical software. The number of areas where functioning software is at the core of operation is steadily increasing. Both financial systems and ebusiness systems are relying on increasingly larger and more complex software systems.
In order to increase the quality and efficiency of such products we need methods, techniques and processes specifically aimed at improving the development, use and maintenance of this type of software.
In this paper, we will discuss methods that can be used together with Rational Unified Process in the early parts of a development project. These methods are Safety Case, Preliminary Hazard Analysis and Hazard and Operability Analysis. Our contribution is to combine these methods into a comprehensive method for use early in the development of business-critical systems.
The BUCS project is a research project funded by the Norwegian Research Council (NFR). The goal of the BUCS project is to help developers, users and customers to develop software that is safe to use. In a business environment this means that the system seldom or never behaves in such a way that it causes the customer or the customer’s users to lose money or important information. We will use the term “business-safe” for this characteristic.
The goal of the BUCS project is not to help developers to finish their development on schedule and to the agreed price. We are not particularly interested in delivered functionality or how to identify or avoid process and project risk. This is not because we think that these things are not important – it is just that we have defined them out of the BUCS project.
The BUCS project is seeking to develop a set of integrated methods to improve support for analysis, development, operation, and maintenance of business-critical systems.
Some methods will be taken from safety-critical software engineering practices, while others will be taken from general software engineering. Together they are tuned and refined to fit into this particular context and to be practical to use in a software development environment. The research will be based on empirical studies, where interviews, surveys and case studies will help us understand the needs and problems of the business critical software developers.
Early in the BUCS project, we conducted a series of short interviews with eight software developing companies as a pre-study to find some important issues we should focus on [Stålhane03]. These interviews showed us that many companies used or wanted to use RUP or similar processes, and that a common concern in the industry was lack of communication, both internally and with the customers. With this basis, the BUCS project has decided to use RUP as the environment for our enhanced methods, and the methods used will be helpful in improving communication on requirements gathering, implementation and documentation in a software development project.
Adaptation of methods from safety-critical development has to be done so that the methods introduced fit into RUP and are less complicated and time consuming than
when used in regular safety-critical development.