Towards a unified approach to the representation of, and reasoning with, probabilistic risk information about software and its system interface

Early risk assessment is key in planning the development of systems, including systems that involve software. Such risk assessment needs a combination of the following elements; 1) Severity estimates for the potential effects of failures, and likelihood estimates for their causes; 2) Fault trees that link causes to failures; 3) Efficacy estimates of design and process steps towards reducing risk; 4) Distinctions between preventing, alleviating and detecting (thereafter removing), risks; 5) Risk preventions that have potential side effects of themselves introducing risks. The paper shows a unified approach that accommodates all these elements. The approach combines fault trees (from probabilistic risk assessment methods) with explicit treatment of risk mitigations (a generalization of the notion of a "detection" seen in FMECA analyses). Fault trees capture the causal relationships by which failure mechanisms may combine to lead to failure modes. Risk mitigations encompass (and distinguish among) options to prevent risks, detect risks, and alleviate risks (i.e., decrease their impact should they occur). This approach has been embodied in extensions to a JPL-developed risk assessment tool, and is illustrated here on software risk assessment information drawn from an actual project\´s software system FMECA (failure modes, effects and criticality analysis). Since its elements are typical of risk assessment of software and its system interface, the findings should be relevant to a wide range of software systems.