10.1. General features of defects, errors and risks in complex software

10.2. Causes and properties of defects, errors and modifications in complex software

10.3. Risks in the life cycle of complex software

10.4. Risks in the formation of requirements for the characteristics of complex software

Statistics of errors and defects in program complexes and their characteristics in specific types of PS projects can serve as guidelines for developers in allocating resources in the PS life cycle and protect them from excessive optimism in assessing the achieved quality of software products. Sources of errors in PS are specialists - specific people with their individual characteristics, qualifications, talent and experience. In this case, it is possible to identify predictable modifications, expansions and improvements of PS and changes caused by the identification of random, unpredictable defects and errors . As a result, the flux density and the size of the necessary adjustments in the modules and components in the development and maintenance of PS can vary tenfold. However, in large program complexes, the statistics and the distribution of types of changes performed for teams of different specialists are leveled out and quite general patterns appear that can be used as guidelines for their identification and systematization. This can be helped by evaluating typical defects, modifications and adjustments by accumulating them and summarizing the experience of creating certain PS classes in specific enterprises.

The concept of “risks” includes negative events and their magnitudes, reflecting losses, damages or damages from processes or products, caused by defects in the design of requirements, shortcomings in the justification of PS projects, as well as in subsequent stages of development, implementation and the entire life cycle of program complexes. In the life cycle of a subscriber it is not always possible to achieve the desired positive effect and some damage may occur - the risk in the created projects, software products and their characteristics. Risks manifest themselves as negative consequences of defects in the operation and application of PS, which can damage the system, the environment or the user as a result of deviation of the characteristics of objects or processes from those specified by the customer, agreed with the developers.

Software quality assessments can be carried out from two positions: from the standpoint of positive efficiency and the direct adequacy of their characteristics to the purpose, creation and application goals, as well as from the negative position of possible damage - the risk from using the software or the system. Quality indicators mainly reflect the positive effect of the use of the system or PS and the main task of the project developers is to ensure high quality values. Risks characterize the possible negative effects of defects or user damage in the application and operation of the software and system, and the task of developers is to reduce defects and eliminate risks. Therefore, the methods and quality management systems in the PS life cycle are close to the methods for analyzing and managing the risks of the projects of the program complexes; they should complement them and jointly contribute to the improvement of software products and systems based on them.

The characteristics of defects and risks are directly related to the achieved accuracy, safety and reliability of the programs and help:

• evaluate the real state of the project and plan the necessary laboriousness and duration for its positive completion;

• select methods and tools for automating testing and debugging programs that are adequate to the current state of development and maintenance of software systems that are most effective for eliminating certain types of defects and risks;

• calculate the necessary effectiveness of countermeasures and additional means of operational protection against potential defects and undetected errors;

- assess the required computer resources for memory expansion and performance, taking into account the cost of implementing countermeasures when modifying and eliminating errors and risks.

The concept of an error in a program - in general, an error means an irregularity, inaccuracy or inadvertent distortion of an object or process, which may be the cause of damage - a risk in the operation and application of the program. It is assumed that the correct, reference state of the object or process is known, in relation to which the presence of a deviation — an error or defect — can be determined. The initial benchmark for any software is the specification of customer or potential user requirements for programs. Such documents establish the composition, content and values ​​of the results that the user must receive under certain conditions and source data. Any deviation of the results of the functioning of the program from the requirements placed on it and the benchmarks created on them should be qualified as an error - a defect in the program that causes some damage. Differences between the expected and obtained results of the functioning of the programs can be the result of errors not only in the created programs, but also errors in the initial requirements of the specifications, which were the basis for the creation of benchmarks-tests. Thus, an objective reality is manifested, consisting in the impossibility of absolute correctness and completeness of the original specifications and standards for complex PS projects.

In practice, in the life cycle process of the substation PS, the initial requirements are gradually refined, modified, expanded and detailed by agreement between the customer and the developer. The basis of such clarifications are non-formalized representations and knowledge of customers and developers, as well as the results of intermediate design stages. However, it is even more difficult to establish the incorrectness of such standards than to detect defects in the programs accompanied, since there are fundamentally no formalized data that can be used as source data. In the process of decomposition and verification of the original specification of requirements for software, errors may occur in the specifications for groups of programs and for individual modules. This contributes to the expansion of the spectrum of possible defects and causes the need for

building a range of testing methods and tools to identify incorrectness in the specifications for components of different levels.

An important feature of the process of detecting errors in programs is the absence of a fully defined reference program, which the text and the results of the functioning of the developed program must comply with. Therefore, in most cases it is impossible to establish the presence and localize the defect by direct comparison with the program without errors. When debugging and testing, secondary toffee errors are first detected , i.e. the consequences and results of the manifestation of some internal defects or incorrectness of programs (Fig. 10.1). These internal defects should be qualified as primary errors or causes of detected anomalies of the results. Subsequent localization and correction of such primary errors should lead to the elimination of errors initially found in the results of the programs.

The loss of efficiency and the risks of programs due to incomplete correctness in the first approximation can be considered directly proportional (with a coefficient) to secondary errors in the output results. A typical case is when the same in magnitude and type of secondary errors in different resultant data significantly differ in their effect on the overall effectiveness and risks of using a set of programs. This effect of secondary errors, at best, can be assessed by expert analysis methods, subject to a preliminary, clear classification of the types of possible primary errors in programs and output values. Thus, the assessment of the consequences that are reflected in secondary errors and the functioning of programs can, in principle, be made on the basis of damage values — the risk due to unresolved causes — the primary errors in the program. Secondary errors are decisive for the efficiency of the program, but not every primary error makes a significant contribution to the output. As a result, a number of primary errors may remain undetected and, in essence, do not affect the functional characteristics of the PS.

The appearance of errors in programs, of course, precedes their detection and elimination on the basis of secondary manifestations. The greatest number of primary errors is introduced at the stages of system analysis and development of program modifications. In this case, the share of system analysis accounts for the most difficult to detect and eliminate defects. At the subsequent stages of the development of PS changes, errors are introduced and eliminated in the programs in the process of their adjustment by the results of testing. The general trends are the rapid increase in the cost of making each change in the successive stages of the program modification processes.

In the system analysis of modifications, the intensity of error detection is relatively small, and it is difficult to isolate it from the PS design process. The intensity of the manifestation and detection of secondary errors is greatest at the stage of active testing and autonomous debugging of software components. It then decreases approximately exponentially. Differences in the intensity of the elimination of primary errors, based on their secondary manifestations, and the introduction of primary errors

when adjusting programs determine the speed of achieving a given quality versions of PS. The severity level of the consequences of errors varies from project classes and from the enterprise, but, in general, errors can be divided into three levels.

Small errors are those that the average user will not pay attention to when using PS due to the lack of their manifestation and the consequences of which are usually not detected. Small errors may include spelling errors on the screen, missing sections in the directory and other minor problems. Such errors never prevent the release and application of the system version and software product. On a ten-point scale of risk, small errors range from 1 to 3 rd priority (see below).

Moderate errors are those that affect the end-user, but there are weak consequences or workarounds to preserve sufficient PS functionality. These are defects such as invalid links on the pages, erroneous text on the screen, and even malfunctions if these malfunctions are difficult to reproduce and do not affect a significant number of users. Some moderate errors may penetrate the final software product. Errors that can be corrected at this level should be corrected if there is time and opportunity for this. On a ten-point scale, moderate errors range from 4th to 7th priority.

Critical errors stop the release of the software version. These can be high impact errors that cause system crashes or data loss, affect the reliability and security of the use of PS with which a set of programs is never transmitted to the user. On a ten-point scale - from 8 to 10th priority.

The set of errors, defects and consequences of modifications of projects of large-scale program complexes can be streamlined and conditionally represented as an inverted pyramid depending on the potential danger and the possible magnitude of the corrections of their consequences - fig. 10.2. The upper part of the list contains modifications, defects and errors, the consequences of which usually require the greatest amount of resources for implementing changes, and they are gradually reduced with a decrease in the list. Such a representation of the magnitude of the types of adjustments to programs and data is useful to use as a guideline to take into account the necessary resources in the development and maintenance of software, but it may contain significant deviations in the ordering of statistical data of real projects. Each type of adjustment corresponds to a more or less specific category of specialists, who are the source of changes of this type (table 10.1). Such a correlation should be considered and taken into account as a general qualitative trend in the analysis and search for their causes.

Table 10.1

10.2. Causes and properties of defects, errors and modifications in complex software

One of the main reasons for the changes in the program complexes are organizational defects in the modification and expansion of PS functions , which differ from other types and can be conventionally singled out as independent ones (see Fig. 10.2). Errors and defects of this type appear due to a lack of understanding by the team of specialists in the technology of the life cycle process of the PS, as well as due to the lack of clear organization and phased quality control of products and changes. This is caused by the neglect of managers to organize everything.

the technological process of life-cycle complex PS and leads to a serious underestimation of its defects, as well as the complexity and complexity of modifications. In the absence of systematic and methodical development and testing of PS changes, a significant number of errors remain unidentified, and, above all, defects in the interaction of individual functional components with each other and with the external environment. To reduce this type of mass errors, leaders and system engineers who can control and configure the requirements of PS, should take an active role.

Changes in the characteristics of the system and the external environment, taken in the process of developing PS for the original, can be the result of analytical calculations, simulations or studies of similar systems. In some cases, there may be no complete adequacy of the intended and real characteristics, which is the cause of complex and difficult to detect system errors and defects in the development of the project. The situation with such errors is further complicated by the fact that experiments to test the interaction of PS with the real external environment in the entire area of ​​parameter changes are often difficult and expensive, and in some cases, when creating dangerous situations, are unacceptable. In these cases, it is necessary to use modeling and imitation of the external environment with a deliberate simplification of its individual elements and characteristics, although the degree of simplification is not always possible to estimate with the necessary accuracy. However, the full adequacy of the models of the external environment and the real system is difficult to achieve, and in many cases impossible, which may cause a significant number of large defects.

Primary errors in the programs of projects can be analyzed with varying degrees of detail and depending on various factors. Practical experience has shown that the most significant factors affecting the characteristics of detectable errors are '.

• the methodology, technology and level of automation of the system and structural design of the substation, as well as the direct programming of components;

• the duration from the beginning of the testing process and the current stage of development or maintenance and modification of the program complex;

• PS class, scale (size) and types of components in which errors are detected;

• methods, types and level of automation of verification and testing, their adequacy to the characteristics of components and potential errors in programs;

• The types and accuracy of benchmark tests used to detect errors.

The primary errors in PS in order of decreasing their influence on the complexity of detection and the extent of adjustments can be divided into the following groups (see fig. 10.2):

• errors due to the complexity of the components and PS in general and most strongly affecting the size of the modifications;

• errors due to large scale - the size of the program complex, as well as high requirements for its quality;

• planning errors and correctness of modification requirements can often be the most critical for the overall success of the life cycle of the substation and the system;

• design errors, development of the PS structure and functions into more complete and accurate technical descriptions of scenarios of how the program complex and system will function;

• system errors caused by the deviation of the PS operation in the real system, and the characteristics of external objects from those assumed during the design;

• algorithmic errors associated with the incomplete formation of the necessary conditions for the solution and the incorrect formulation of the goals of the functional tasks;

• errors of implementation of specifications of changes - software defects, possibly errors of violation of requirements or structure of PS components;

• There are no changes in the software code;

• It’s not a problem.

• It is also possible to read devices for display devices.

It is not possible to make it possible to determine the complexity of the crime.It has been noted that the system will not be subject to any restrictions.It can be divided into two large groups:

• It’s not a problem, but you’ve got it;

• It is a dynamic process.

Group of Factors of The Affecting the complexity of program complex errors The the include:

• value of the program being modified, expressed in the complex;

• It is used for the computer database;

• the complexity of the program complex;

• adjustments;

• the program complex.

It has been decisive. It can be seen that it is not a problem. Of complexity of The program complex errors The is advisable to an analyze on the basis of the will most a three specific components:

- It is determined by the user.

It has been shown that it can be estimated that it has been

• The structure of the intermodular links is subject to the interimularity of the intermodular structure;

• There are no restrictions on the number and extent of data available to the user.

The Scale - the size bed of the program Complexes and Their variable part will most Influences the number of errors The, as with the a well as with the the quality 'requirementsPS (see lecture 5). The composition of the program complex. It is not a question of their quality. If you need to make a difference, it will make it a bit more difficult to make it. Quality is achieved by expanding. In the area of ​​the quality of the programs.It’s not a problem.

Errors in the correctness of the formation and planning of the fulfillment of requirements for software systems are often considered the most critical for the overall success of the software and system versions. Requirement errors are the most difficult to detect and the most difficult to correct. That is why the correction of error requirements may be 15-70 times more expensive than the errors of their programming. Requirement to change

This may be omitted in the system and PS specifications. This leads to user dissatisfaction, and the program is considered to be the customer and user erroneous. Skipping some requirements is the most common problem among requirements errors. Requirement error may represent conflicting requirements in the specification of modifications. For example, the two requirements to be followed have the opposite meaning. The uncertainty of requirements can manifest itself - this way of formulating a requirement that even if it does not conflict with another requirement, it is not clear enough to lead to a single, constructive solution in drafting a change. The end user often calls it a mistake, although in reality it is a choice of a constructive solution based on an incomplete or uncertain requirement.Numerous studies have shown that requirements errors are the most expensive to correct and most difficult to detect.

The design and development errors of the PS structure are determined by the processes of translating uncertain and general provisions made at the requirements specification stage into more accurate technical descriptions of scenarios of how the modified PSs and the system should work. Structure errors are easier to detect than requirements errors, but they may end up being equally costly with adjustments. The main reason that structure errors are expensive to correct is that they can affect the system as a whole. Correcting changes to the entire system is more difficult, and there is a greater risk of introducing new errors than when fixing several broken lines of code or replacing a single module.

Structure errors can be divided into three categories: omissions, conflicts, and translation errors. Gaps means the inability to incorporate changes to one or more requirements into the final PS structure. When the omission of a new function or component falls into the final structure, it will become an error in the final software product. Conflicts arise when the modification of two different, constructive properties have a conflicting structure. This can occur in case of an apparent conflict, when it is established in the structure that a file can be opened by two different people at the same time, then

single user access is defined. If you are not a complete rewriting of the PS version of the modules.

Translation errors are the most insidious of all structural level errors. They occur when customer requirements are interpreted incorrectly, at least from the end user's point of view. If the developer of the structure either reads the requirements incorrectly or does not see the content of the request, as well as the end user, an error will appear in developing the structure of this component or PS.

System errors in PS are determined by the law of incomplete information. In addition, these processes often can’t be taken. The goal of the system is to ensure that it is not a problem. This is a list of individual components that have been defined as system errors.

It is possible to determine the results of the external calculations. In all cases, there may be a situation in the environment. It is often impossible to advance in advance.

With autonomous and at the beginning of complex debugging of PS versions, the relative share of system errors may be small (about 10%), but it significantly increases (up to 35-40%) at the final stages of complex debugging of new base versions of PS. In the process of tracking system errors are predominant (about 60–80% of all errors

side). It should also be noted a large number of commands that are corrected by correcting each such error (about 20-50 teams for one error).

Algorithmic errorsprograms are difficult to detect using static automatic control methods. The difficulty of their detection and localization is determined, first of all, by the absence for many logical programs of a strictly formalized formulation of the problem, a complete and accurate specification that can be used as a reference for comparing the results of the functioning of programs. Algorithmic errors include, first of all, errors due to incorrect statement of requirements for functional tasks, when the specifications do not fully specify all the conditions necessary to obtain the correct result. These conditions are formed and refined in large part in the process of testing and identifying errors in the results of the functioning of programs. Errors due to incomplete consideration of all conditions for solving problemsthey are the most frequent in this group and account for up to 50–70% of all algorithmic errors.

Algorithmic errors should also include interface errors of modules and functional groups of programs, when the information necessary for the operation of some part of the program is not fully prepared by programs preceding the on-time, or information and control is incorrectly transmitted between interacting modules. This type of error is about 10% of the total, and they can be qualified as errors of incorrect statement of problems. Algorithmic errors are manifested in the incomplete consideration of the ranges of variables, in the incorrect assessment of the accuracy of the values ​​used and obtained, in the incorrect account of the correlation between different variables, in the inadequate presentation of formalized conditions for solving the problem in the form of particular specifications or flowcharts to be programmed.These circumstances are the reason that, in order to correct each algorithmic error, it is necessary to change on average about 20 commands (lines of text), i.e. significantly more than with program errors.

Particular, very significant, part of the algorithmic errors in real-time systems, when accompanied, are errors in the

use of available computing system resources. The attempts to modify the use of allocated resources when modifying programs should be qualified as an error, since then an adjustment should always be made in order to satisfy the existing restrictions. The simultaneous development of multiple modules by various specialists makes it difficult to optimally and balance the distribution of limited computer resources for all tasks, since there is no reliable data on the required resources to solve each of them. As a result, there is either insufficient use or, in the overwhelming majority of cases, a shortage of some computer resources for solving problems in the original version.The largest miscalculations are usually allowed when estimating the time of implementation of various groups of real-time programs and when distributing computer performance. Algorithmic errors of this type are due to the technical complexity of calculating the program implementation time and the relatively low reliability of determining the probability of various information processing routes.

Errors in the implementation of component specifications are software defects, possibly errors in requirements, structure or software errors of components. Implementation errors are the most common and, in general, the easiest to fix on the system, which does not make the problem easier for programmers (see Table 10.1). Unlike requirements errors and structural errors, which are usually application-specific, programmers often make the same kinds of errors when coding.

The first category consists of defects, which lead to the display of error messages for the user, with exact following the order of performance of the required functions. Although these messages may be perfectly legitimate, users may consider this a mistake, since they did everything right and, nevertheless, received an error message. Often, errors of this type are caused either by problems with resources or specific dependencies on data.

The second category of modifications may contain errors related to defects in the graphical user interface. Such errors can be either non-standard modifications of the user interface, which lead to the user doing wrong

actions, or they may be standard user interface components used differently than the end user expects.

The third category may contain missing functions at the implementation stage, which is always considered an error, possibly with a great risk. Many testers and beta users report bugs that are actually desirable improvements. In this case, you can overlook the lack of functions found in this way, which were not in the specifications.

The software errors of the modified components are primarily determined by the degree of automation of programming and the depth of static control of program texts, in terms of number and type. The number of program errors depends on the qualifications of the programmers, on the overall size of the program complex, on the depth of the information interaction of the modules and on a number of other factors. During PS development, program errors can be classified by the types of operations used into the following large groups: operation type errors; variable errors; control and cycle errors. In logical components of PS, these types of errors are close in specific gravity; however, various methods are used to automate their detection. At the initial stages of development and autonomous debugging of modules, software errors account for about one third of all errors. Each software error entails the need to change about 10 commands, which is significantly less than with algorithmic and system errors.

Errors in the documentation of modifications are that the system does something in one way, and the documentation reflects the scenario that it should work differently. In many cases, the rights must be documented, since they are written on the basis of the original system requirements specification. Sometimes documentation is written and includes assumptions and comments about how, according to the authors of the documentation, the system should work. In other cases, the error can be traced not to the code, but to the end-user documentation, internal technological documents describing the system, and even to on-screen prompts and help files. Documentation errors can be divided into three categories - ambiguity, incompleteness and inaccuracy. Vagueness is when

The user is not given enough information to determine how to do the procedure properly. Incomplete documentation leaves the user without information on how to properly implement and complete the task. The user believes that the task is completed, although in fact it is not. Such errors lead to the fact that the user is not satisfied with the version of PS, even if the program can actually do everything that the user wants. Inaccurate documentation is the worst kind of documentation error. Such errors often occur when changes are made to the system later and the changes are not reported to the person writing the documentation.

Technological errors in the documentation and fixation of programs in the computer memory sometimes amount to 10% of the total number of errors detected during testing. Most technological errors are detected automatically by static methods. With manual preparation of machine media texts with a single fixation, the source data has a probability of distortion of about 10 "3 - 10 ~ 4 per symbol. By duplicating the preparation and logical control, the probability of technological error can be reduced to 10 5 - 10'7 per symbol. Direct human involvement in the preparation of data for input into the computer and in the analysis of the results of the functioning of the programs according to the data on the displays determines to a large extent their level of reliability and does not allow to completely neglect this type of error to in the programs.

In the example of the error analysis of a specific large project , it was assumed that the inspection of the initial programmed code of a large PS was completed for its compliance with the working design specification, during which 3.48 errors were detected per thousand lines of code. The greatest coincidence of the approximation of the Rayleigh error distribution curve with the actual data is established for the moment of obtaining these data, it corresponds to a value equal to also 3.48. The values ​​of the number of errors per one thousand lines were obtained by recalculation to earlier stages, respectively, of the draft design (3.3) and working (7.8) program design. When forecasting in accordance with the Rayleigh distribution curve of the probability of occurrence of program defects at the next stage of the qualification testing of components, we would expect to detect about 2.12 errors per thousand lines of source code.

If the same pattern was preserved at the time of delivery to the client for testing, the software product could contain less than 0.07 errors per thousand lines of code. It is also noted that the frequency of occurrence of 0.1–0.05 errors per thousand lines of code can be considered valid for the responsible real-time systems.

In studies of 20 large supplied software products created in 13 different organizations, teams of specialists achieved an average level of 0.06 defects per thousand lines of new and modified program code. When using the structured method in five projects, 0.04—0.075 errors per thousand lines were reached. Thus, the error rate of about 0.05 per thousand lines of code in various publications is considered close to the limit for high-quality software products.

Another example of assessments of the error level of a critical PS of particularly high quality is the software product of the onboard Shuttle systems created by NASA. According to the authors, it contains less than one error per 10,000 lines of code. However, the cost of a software product reaches $ 1000 per line of code, which is on average one hundred times more than for administrative systems, and ten times more than for a number of ordinary critical real-time control systems.

The given characteristics of defect types and quantitative data can serve as reference points when predicting the possible presence of undetected errors in the life cycle of various complex high-quality PS. The next logical step in the process of estimating them can be averaging for a large number of draft actual data on the number of errors in a particular enterprise per thousand lines of code that are found in various PS. Then, in the next project, it will be possible to use this data as a measure of the number of errors that should be expected to occur when the project is executed with the same PS quality level, or with the goal of increasing productivity in the development to estimate the moment of termination of further testing. Such assessments guarantee against excessive optimism in determining the time frame and in developing schedules for the development, maintenance, and implementation of program modifications with a given quality. The unpredictability of specific errors in software

Max leads to the expediency of consistent, methodical fixation and analysis of the possibility of manifestation of any type of defects and the need to exclude them at the earliest stages of the life cycle of the PS at the lowest cost.

The reasons for the occurrence and manifestation of risks can be: malicious, active actions of interested persons or accidental negative manifestations of defects in the external environment, system or users. In the first case, risks may be due to distortions of programs and information resources and their vulnerability to deliberate, external influences (attacks) in order to illegally use or distort information and programs that are intended to be used by a limited number of people. To solve this problem, methods, tools and standards to ensure the protection of programs and data from deliberate negative external influences have been created and are actively developing . Specific factors of information security and the risks typical for complex information systems are integrity, availability and confidentiality of information resources, as well as a number of typical security systems procedures - cryptographic support, identification and authentication, protection and integrity of user data during deliberate attacks from the external environment more not considered.

The risks of accidental, destabilizing effects of software defects and the absence of a deliberate negative impact on systems, software systems or database information are significantly different from previous tasks. These risks of objects and systems depend on failure situations that adversely affect the performance and implementation of their main functions, the causes of which may be defects and anomalies in equipment, programs, data or computational processes. At the same time, the process of functioning of systems is catastrophically, critically or significantly distorted, which can cause significant damage in their application. The main sources of failure are

situations may be incorrect initial requirements, failures and failures in the equipment, defects or errors in the programs and data of functional tasks, manifested in their execution in accordance with the purpose. With such impacts, the external, functional performance of the systems may not be completely destroyed, but it is impossible to fully perform the specified functions and requirements for the quality of information for consumers. The harmful and catastrophic consequences of such failures in a number of applications of the systems may exceed the results of the consequences of malicious influences, have their own nature, features and characteristics.

Considered risks may be due to violations of technology or restrictions on the use of resources - the budget, plans, team of specialists, tools allocated for the development of PS. The resulting damage in the aggregate depends on the magnitude and probability of occurrence of each negative impact. This damage - the risk is characterized by a variety of metrics, depending on the objects of analysis, and in some cases can be measured by direct material, informational, functional losses of the applied PS or systems. One of the indirect methods for determining the magnitude of the risk may be an estimate of the total costs required to eliminate the negative consequences in the PS, the system, or the external environment, resulting from a particular risk event.

The processes of analysis and risk reduction should be accompanied by the main stages of the development and maintenance of life-cycle complex software tools in accordance with international standards, as well as the methods of quality assurance systems for software systems. These processes can be reflected in the five phases of work and procedures that are recommended to be carried out with the support of the basic work of the life cycle of projects of complex software tools, and can serve as the basis for the development of appropriate work plans for managing and reducing risks - Fig. 10.3:

• risk analysis should begin with the preparation of detailed initial requirements and characteristics of the project PS, the system and the external environment for which there should be no risks of operation and application;

• It is recommended to distinguish three classes for managing risks and reducing them in the considered projects of complex program complexes.

risks: functional suitability of substations, constructive characteristics of quality and violation of resource limitations in the implementation of life cycle processes of substations;

Preparation of source data:

• definition of goals, purpose and functions of the software project and the system;

• development of prerequisites for functional suitability and structural characteristics of the PS;

• forming an expert group for threat analysis and risk management

Isolation, identification, analysis of threats and risks of software:

• identifying sources and threats of violation of requirements and resource restrictions, defining criteria for the performance of an PS project;

• analysis of the causes, the allocation of categories of threats and the possible consequences of the risks of the functional suitability of the PS;

• analysis of the causes, threats and possible risks of design characteristics and limitations of the PS project resources

Hazard and risk assessment and selection of countermeasures to reduce them:

• assessment of potential consequences, levels of potential threats and priorities of the PS project risk category;

• planning methods and resources for implementing countermeasures to reduce the hazardous, priority risks of the PS project;

• allocation of resources to countermeasures for a balanced reduction of the integral risk of the PS project

Reducing or eliminating dangerous risks ps:

• implementation of countermeasures to reduce integral risk and compile reports on the status of the project;

• adjustment of the requirements for functional suitability, structural characteristics and resources of the PS project;

• registration of integral risk reduction results at the next stage of the PS project

Control, registration, monitoring and approval of acceptable integral risk of PS:

• control, tracking and monitoring of the implementation of the reduction of the integral risk at the stages of the PS project;

• documentation and approval of the permissible integral risk at the stages of the PS project life cycle;

• execution of the final report on the results of PS risk reduction

Fig. 10.3

277

• in each class, it is proposed to analyze several categories of the most important risks, which should be ordered according to the degree of danger, threats to the project, due to resource constraints, defects and / or insufficient quality of development and the life cycle of the PS;

• countermeasures to reduce risks are recommended to be analyzed and applied consistently, starting with the elimination of the most dangerous initial causes - threats, then analyzing and reducing the vulnerability of components and the PS as a whole, and if these countermeasures are insufficient, directly act to reduce the resulting damage - the risk in the PS and systems;

• risk mitigation processes should be completed with monitoring, maintenance and configuration management of changes in the versions of high-quality software packages with minimal acceptable risks.

Thus, in the life cycle of software, the damage - the risks may occur - fig. 10.4:

Requirements, threats and risks of the external environment Requirements, threats and risks of the system

+

Requirements and threats to the system software

* i *

I Implementation risks II Implementation risks II Implementation risks

functional constructive resource limitations

I fitness I I characteristics I software project I

software tool software tool facilities