Application of fuzzy expert systems in assessing operational risk of software

Risk is the potential for realization of undesirable consequences of an event. Operational risk of software is the likelihood of untoward events occurring during operations due to software failures. NASA IV&V Facility is an independent institution which conducts Independent Assessments for various NASA projects. Its responsibilities, among others, include the assessments of operational risks of software. In this study, we investigate Independent Assessments that are conducted very early in the software development life cycle. Existing risk assessment methods are largely based on checklists and analysis of a risk matrix, in which risk factors are scored according to their influence on the potential operational risk. These scores are then arithmetically aggregated into an overall risk score. However, only incomplete project information is available during the very early phases of the software life cycle, and thus, a quantitative method, such as a risk matrix, must make arbitrary assumptions to assess operational risk. We have developed a fuzzy expert system, called the Research Prototype Early Assessment System, to support Independent Assessments of projects during the very early phases of the software life cycle. Fuzzy logic provides a convenient way to represent linguistic variables, subjective probability, and ordinal categories. To represent risk, subjective probability is a better way than quantitative objective probability of failure. Furthermore, fuzzy severity categories are more credible than numeric scores. We illustrated how fuzzy expert systems can infer useful results by using the limited facts about a current project, and rules about software development. This approach can be extended to add planned IV&V level, history of past NASA projects, and rules from NASA experts.