Enabling system evolution through configuration management on the hardware/software boundary

Self Cite

Finding a balance between the time-to-market and quality of a delivered product is a daunting task. The optimal release moment is not easily found. We propose to use historical project data to monitor the progress of running projects. From the data we inferred a formula providing a rough indication of the number of defects given the effort spent thus far (effort-to-defect formula). Furthermore, we provide a worst case bound to the allowed number of residual defects at the end of a project in order to achieve the required level of quality. For this purpose we slightly modified a well-known reliability growth model by Bishop and Bloomfield. It turned out that the software in Philips' MRI scanners has a defect rate of 1 per 1175 device-years of observation. This coincides with the second highest safety integrity level (SIL3) as defined in the IEC 61508 standard. The highest level (SIL4) is only attainable by applying redundancy. Finally, we combine the effort-to-defect formula with the reliability growth model to monitor the progress of a project and to determine when the required level of quality will be reached. We show that a common fault distribution, the Rayleigh model, is not necessarily the best model for predicting the number of residual defects in the system. Using a well-known data analysis approach called exploratory data analysis (EDA) we obtained an alternative model based on the Normal curve. We have evaluated the Rayleigh model and our model based on the Normal curve at Philips Healthcare MRI. The Normal curve predicts defects over time better than the Rayleigh model in the case of Philips Healthcare MRI. Furthermore, time series models (ARIMA) are also useful for accurately describing the defect trend, but are not suitable for long-term predictions. Finally, cost estimation models (COCOMO) lack the predictive capabilities of models fitted on the data using EDA. Their capabilities are limited compared to a model derived from data which reflects the constitutional knowledge of the actual realization of systems within a specific company. However, they can still be used to advantage when there is limited or no data available to use as a basis for lifting from gut feel to order of magnitude.

Section: Systems Engineering and Mrimentioning

confidence: 99%

Balancing Time‐to‐Market and Quality in Embedded Systems

Spek

Verhoef

2013

Self Cite

“…Disciplines: Under the SCM view, the system configuration is composed by CIs that contain software code, as well as items that represent, model, or simulate a piece of hardware (electronic schemas or printed circuit board descriptions). New challenges appear [Krikhaar et al, 2009]: In particular, the integrated hardware/software configurations must be managed carefully, as the two disciplines, which have been traditionally separated, must cooperate closely on a regular base. This requires adequate SCM functionality for storing hardware and software sources, but also for interdisciplinary release management.…”

Section: A 5-axis Reference Model For Software Configuration Managementmentioning

confidence: 99%

Managing software development information in global configuration management activities

Capilla

Dueñas

Krikhaar³

2012

Self Cite

Software Configuration Management (SCM) techniques have been considered the entry point to rigorous software engineering, where multiple organizations cooperate in a decentralized mode to save resources, ensure the quality of the diversity of software products, and manage corporate information to get a better return of investment. The incessant trend of Global Software Development (GSD) and the complexity of implementing a correct SCM solution grow not only because of the changing circumstances, but also because of the interactions and the forces related to GSD activities. This paper addresses the role SCM plays in the development of commercial products and systems, and introduces a SCM reference model to describe the relationships between the different technical, organizational, and product concerns any software development company should support in the global market.

“…Policies and standards pertaining to IT security, such as ISO 27001 [ISO, ] and NIST Special Publications 800‐series [NIST, ], have grown in importance in the systems engineering community. Furthermore, the relevance of IT and cyber‐security on the systems engineering domain has been underscored in recent publications [see, for examples, Krikhaar et al., ; Bayuk and Horowitz, ]. A vast number of publications on IT security have focused on systems architecting and firm‐level organizational policies; nevertheless, there is also a need to broaden IT security as a macroeconomic systems engineering problem.…”

Section: Introductionmentioning

confidence: 99%

Modeling the Ripple Effects of IT‐Based Incidents on Interdependent Economic Systems

Ali

Santos

2014

The information technology (IT) sector is one of the most critically utilized infrastructures within the U.S. economic system. The IT sector is vulnerable to man-made attacks and it is challenging to assess the consequences of disruptions to the production and delivery of essential IT services to other economic systems. In this paper, we developed a dynamic model based on economic input-output analysis to assess time-varying disruptions on the IT sector over multiple periods. The model is applied in an ex post analysis of an actual denial-of-service (DoS) attack scenario on the IT infrastructure to estimate the consequences propagated to interdependent economic systems. The model uses Bureau of Economic Analysis data to simulate the effects of IT-based incidents and subsequently identify the critically affected economic sectors. Key results of the case study include assessments of ripple effects to vulnerable sectors in the form of inoperability and economic loss measures. An investigation of the DoS attack in year 2000 using the proposed dynamic model revealed significant losses that are consistent with the magnitude of losses from previous studies. Furthermore, the model is capable of depicting the breakdown of losses across various economic sectors, which is a significant improvement relative to previously published results. This research also extends into a multiyear trend analysis (1999)(2000)(2001)(2002)(2003)(2004)(2005)(2006)(2007)(2008)(2009)) to aid in developing policies for reducing the effects of IT risks across the interdependent sectors of the U