摘要
为了解决大型软件研发项目安全性风险概率问题,以软件编码阶段中的质量风险类的文档质量风险因素为实际案例,研究和分析了大型软件工程项目复杂系统的风险特征。模糊故障树是由模糊数学和模糊集合理论综合集成的定量分析方法,首先计算顶事件的概率和底事件概率重要度,然后根据顶事件发生的概率重要度,确定顶事件对应的薄弱环节,最终为降低顶事件发生概率提供有效的改进途径。研究案例采用该定量模型,以文件破坏重大风险作为故障树顶事件,得出其概率和底事件概率重要度,找出了引起安全问题的存储风险,从而有效地保证软件开发过程的安全可靠性。因此,该定量方法能够有效地控制大型软件研发项目的安全性问题,不仅有效而且可行。
The security risk probability of large software R&D projects is analyzed based on the documentation quality risk factor in the software coding phase as an actual case and the risk characteristics of complex systems.The 'Fuzzy-FAT' quantitative analysis method combines fuzzy mathematics and fuzzy set theory.The method first calculates the top event probability and the probability importance of the end event,then the importance of the top event is used to determine the top event having the weakest links to reduce the top event probability.A case study shows that the system effectively uses the risk assessment of the top events to evaluate the event probability and the importance to identify security risks that influence the software development process safety and reliability.Therefore,the method effectively controls large software development project security issues in an efficient,controlled manner.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2009年第S2期2103-2107,共5页
Journal of Tsinghua University(Science and Technology)
基金
国防科工委重点基础研究项目(Z072003A001)
