MSc Research Intern, Software Quality Economics

Estimating the Risk and Value of Software Qualities

Decisions in software engineering are generally influenced by technology, people, process, and economics. Software quality is increasingly crucial for system success. For development organizations to invest in software quality, they must understand potential risks, benefits, and improvement costs. Currently, integrated methodologies for tackling this across various software qualities are lacking.

At Software Improvement Group (SIG), the Cost Estimation Model assesses maintainability's impact on development effort, serving as a key reporting and decision support technique. However, this model is not yet extended to other software quality characteristics.

The FAIR methodology quantifies risk and impact, primarily focusing on cyber-security risks. It uses a structured approach to quantify and combine factors determining overall risk, presenting results based on likely outcome ranges.

Research Question

The main research question for this MSc Research Intern, Software Quality Economics position is: Can the FAIR approach, or an alternative, be adapted or applied to multiple quality models (e.g., maintainability, security, architecture quality), yielding an integrated cost estimation model for various software qualities?

If so, can the risk models for multiple qualities be combined into a single, comprehensive software economics model for software quality?

If not, can the FAIR approach at least be applied to software security, leveraging software security analysis results from SIG’s Sigrid platform?

Tentative Approach

We envision several stages to achieve the overall goal, though not all may be completed within a single thesis project:

• Use the FAIR model to derive a quantitative security risk profile of a software system, utilizing input from SIG’s software security analysis (part of the Sigrid platform).
• Explore the ability to determine the quantitative difference (in risk) when transitioning between security levels.
• Apply the FAIR model to qualities such as Maintainability and Architecture Quality of a software system.
• Develop a model to estimate the costs associated with improving a software system's security level.
• Define an overarching integrated approach for the software economics of multiple software qualities.

SIG colleagues will provide domain information necessary to construct the various risk assessment models.

Relevant Literature

• [FAIR] https://www.fairinstitute.org/what-is-fair
• [Open-FAIR] https://www.opengroup.org/open-fair
• [Freund 2015] Freund, J. & Jones, J. (2015). Measuring and managing information risk: A FAIR approach. Butterworth-Heinemann.
• [Nuhogro 2011] Nugroho, A., Visser, J., & Kuipers, T. (2011). An empirical model of technical debt and interest. Proceedings - International Conference on Software Engineering, 1–8. https://doi.org/10.1145/1985362.1985364

About this Proposal

Please note that all thesis proposals are preliminary suggestions; their scope, research questions, and approach may be adapted based on student interests, experience, and insights, in collaboration with supervisors from SIG and the university.

Working Environment

You will be an integral part of the Research team at Software Improvement Group, working closely with other stakeholders on this topic. A SIG researcher will serve as your daily supervisor. SIG has extensive experience hosting and supervising Master thesis interns, with 5 to 10 interns completing projects each year, consistently achieving high grades.

SIG offers a dynamic and demanding environment that values autonomy and curiosity. Interns participate in a company onboarding program and have opportunities to observe various customer projects and activities within SIG.

MSc thesis interns receive remuneration and a laptop for their research and access to SIG infrastructure.

Expectations

Students are expected to perform solid scientific work that also holds practical relevance. You will receive extensive support and supervision, and in return, we expect quick learning and responsibility for achieving excellent results. We anticipate a proactive approach in identifying opportunities and challenges, and in engaging SIG colleagues in your research, which will enhance both your experience and results.

Key skills/competency

• Software Quality
• Risk Assessment
• Cost Estimation
• FAIR Methodology
• Software Engineering
• Quantitative Analysis
• Research Methodology
• Security Analysis
• Maintainability Metrics
• Architectural Quality