Quantitative Risk Assessment Method Development in the Context of the SDLC-model

Quantitative Risk Assessment Method Development in the Context of the SDLC-model

연구 분야: Infrastructure

학회: 2021 IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T)

The quantitative software development risk assessment method, which was developed to solve the problem of contradictions arising in the software development, if software developers neglect the factors of software security vulnerabilities, is examined in this work. A distinctive feature of the examined method is the integrated use of the “Fault tree analysis” technique and the method of estimating the net present value of the software development project with taking into account the negative factors of the possibility of not revealing software security vulnerabilities. The use of the improved “Fault tree analysis” technique will allow to increase the accuracy of quantitative risk assessment of software development by up to 22%. At the same time, the use of the method of estimating the net present value of the software development project allows the project to be considered in a comprehensive manner, taking into account the need for security accounting and software vulnerability testing using tools.