An ontological analysis of software system anomalies and their associated risks

摘要

Software systems have an increasing value in our lives, as our society relies on them for the numerous services they provide. However, as our need for larger and more complex software systems grows, the risks involved in their operation also grows, with possible consequences in terms of significant material and social losses. The rational management of software defects and possible failures is a fundamental requirement for a mature software industry. Standards, professional guides and capability models directly emphasize how important it is for an organization to know and to have a well-established history of failures, errors and defects as they occur in software activities. The problem is that each of these reference models employs its own vocabulary to deal with these phenomena, which can lead to a deficiency in the understanding of these notions by software engineers, causing potential interoperability problems between supporting tools, and, consequently, a poorer adoption of these standards and tools in practice. In this paper, we address this problem of the lack of a consensual conceptualization in this area by proposing two reference conceptual models: an Ontology of Software Defects, Errors and Failures (OSDEF), which takes into account an ecosystem of software artifacts, and a Reference Ontology of Software Systems (ROSS), which characterizes software systems and related artifacts at different levels of abstraction. Moreover, we use OSDEF and ROSS to perform an ontological analysis of the impact of defects, errors and failures of software systems from a risk analysis perspective. To do that, we employee an existing core ontology, namely, the Common Ontology of Value and Risk (COVR). The ontologies presented here are grounded on the Unified Foundational Ontology (UFO) and based on well-known and widely-accepted standards, professional and scientific guides and capability models. We demonstrate how this approach can suitably promote conceptual clarification and terminological harmonization in this area.