Integrating Software into PRA: A Test-Based Approach

Probabilistic risk assessment (PRA) is a methodology to assess the probability of failure or success of a system's operation. PRA has been proved to be a systematic, logical, and comprehensive technique for risk assessment. Software plays an increasing role in modern safety critical systems. A significant number of failures can be attributed to software failures. Unfortunately, current probabilistic risk assessment concentrates on representing the behavior of hardware systems, humans, and their contributions (to a limited extent) to risk but neglects the contributions of software due to a lack of understanding of software failure phenomena. It is thus imperative to consider and model the impact of software to reflect the risk in current and future systems. The objective of our research is to develop a methodology to account for the impact of software on system failure that can be used in the classical PRA analysis process. A test-based approach for integrating software into PRA is discussed in this article. This approach includes identification of software functions to be modeled in the PRA, modeling of the software contributions in the ESD, and fault tree. The approach also introduces the concepts of input tree and output tree and proposes a quantification strategy that uses a software safety testing technique. The method is applied to an example system, PACS.     

Nuclear Plant PRA: How Far Has It Come?

Nearly ten years have passed since the publication in August 1974 of the draft Reactor Safety Study (WASH 1400), the first detailed attempt to apply probabilistic risk assessment (PRA) techniques to estimate the public risks posed by commercial nuclear power plants. Now is an opportune time to look back and see how PRA has fared over these ten years. We will not attempt to pass judgement on how the Reactor Safety Study report itself has withstood the test of time, as that task is best left to others less directly involved in preparing the report. Instead, we will examine advances in the understanding, acceptance, and utilization of PRA techniques, as well as technical advances in PRA methods. Some of the significant insights gained from PRAs will be discussed. Finally, some observations on the future of PRA will be offered.     

软件盗版：公司的战略选择与政府政策的选择分析

软件产品的特点是开发成本高,但盗版和复制成本几乎为0,因而在软件市场上,原版厂商、盗版厂商、软件用户和政府之间形成一种博弈关系,在不考虑网络效应的条件下,本文分不同情况研究了这种博弈关系:在防盗版问题上,政府起着重要的作用;在实施政府政策的效率与实施政策的代价之间,政府应做出权衡;另一方面,随着技术的进步,政府的政策应作出调整。     

Optimal Allocation of Effort to Software Maintenance: A Queuing Theory Approach

We develop variations of the M|G|1 queue to model the process of software maintenance within organizations and use these models to compute the optimal allocation of resources to software maintenance. User requests are assumed to arrive following a Poisson process and a binomial distribution is used to model duplication of requests. We obtain expressions for expected queue lengths with an exponential server using an N‐policy for an integer N≥1. We also obtain the optimal batching size and mean service rate by minimizing the total cost consisting of the cost of the server, the cost of waiting, and the fixed cost of maintenance, if applicable.     

Optimal Enhancement and Lifetime of Software Systems: A Control Theoretic Analysis

We develop an optimal control model to maximize the net value provided by a software system over its useful life. The model determines the initial number of features in the system, the level of dynamic enhancement effort, and the lifetime of the system. The various factors affecting these optimal choices are systems characteristics (e.g., complexity, age, quality), user learning, and process maturity. We also consider that there is a time lag between the addition of a feature and the realization of its benefit to users. The basic model is extended to consider the decision of replacing the existing system by a new one.     

A Mathematical Model of Service Failure and Recovery Strategies*

Understanding the nature of service failures and their impact on customer responses and designing cost‐effective recovery strategies have been recognized as important issues by both service researchers and practitioners. We first propose a conceptual framework of service failure and recovery strategies. We then transform it into a mathematical model to assist managers in deciding on appropriate resource allocations for outcome and process recovery strategies based on customer risk profiles and the firm's cost structures. Based on this mathematical model we derive optimal recovery strategies, conduct sensitivity analyses of the optimal solutions for different model parameters, and illustrate them through numerical examples. We conclude with a discussion of managerial implications and directions for future research.     

A Discourse on the Incorporation of Organizational Factors into Probabilistic Risk Assessment: Key Questions and Categorical Review

This article presents a discourse on the incorporation of organizational factors into probabilistic risk assessment (PRA)/probabilistic safety assessment (PSA), a topic of debate since the 1980s that has spurred discussions among industry, regulatory agencies, and the research community. The main contributions of this article include (1) identifying the four key open questions associated with this topic; (2) framing ongoing debates by considering differing perspectives around each question; (3) offering a categorical review of existing studies on this topic to justify the selection of each question and to analyze the challenges related to each perspective; and (4) highlighting the directions of research required to reach a final resolution for each question. The four key questions are: (I) How significant is the contribution of organizational factors to accidents and incidents? (II) How critical, with respect to improving risk assessment, is the explicit incorporation of organizational factors into PRA? (III) What theoretical bases are needed for explicit incorporation of organizational factors into PRA? (IV) What methodological bases are needed for the explicit incorporation of organizational factors into PRA? Questions I and II mainly analyze PRA literature from the nuclear domain. For Questions III and IV, a broader review and categorization is conducted of those existing cross-disciplinary studies that have evaluated the effects of organizational factors on safety (not solely PRA-based) to shed more light on future research needs.     

属性可比性对消费者品牌评价的影响:评价模式的调节作用

各种新型传播媒体(如互联网)的介入使得消费者在购买之前就可以搜寻到各种选择。消费者可以对不同选择进行比较,权衡各自的优劣势来得到最后的评价。但是,由于市场竞争日益激烈,不同品牌在不同方面有所侧重,所以消费者很难对它们进行取舍。基于此,深入探讨消费者品牌偏好的形成机制无论是对于营销实践还是营销学术研究都具有重要意义。本文以认知心理学领域的结构匹配模型为理论基础,重点研究评价模式(单独评价和共同评价)对消费者决策过程的影响。根据结构匹配模型,不同品牌的属性可以分成共同属性、可比属性(不同的品牌都具有这个维度,但是不同的选择在这个维度上存在差异)和不可比属性(每个品牌所具有的独特属性或是只在一个品牌中提到的属性)。两个实验的数据分析结果均证实不同的评价模式(共同评价或是单独评价)会影响消费者在决策过程中对可比和不可比属性的使用:相对于单独评价模式,共同评价模式下的消费者更倾向于使用可比属性做出评价。反之,单独评价模式下的消费者在决策过程中更倾向于依赖不可比属性。最后指出了本文的理论和实践意义。     

中国软件企业过程改进的“制度化”:以东软集团实施CMMI为例

通过对东软集团股份有限公司实施CMMI的实地调查和案例研究,探讨该公司实施CMMI提高软件过程能力的背景和绩效,揭示中国软件企业过程改进的"制度化"体系。研究结果表明,该公司引进CMMI模式改进软件过程,使软件生产已经成为"制度化的过程"以及一个习惯性遵循和使用规则的过程。CMMI为中国软件企业走向规范化、规模化、成熟化起到了重大的促进和导向作用。     

Spatial Transmission Models: A Taxonomy and Framework

Within risk analysis and, more broadly, the decision behind the choice of which modeling technique to use to study the spread of disease, epidemics, fires, technology, rumors, or, more generally, spatial dynamics, is not well documented. While individual models are well defined and the modeling techniques are well understood by practitioners, there is little deliberate choice made as to the type of model to be used, with modelers using techniques that are well accepted in the field, sometimes with little thought as to whether alternative modeling techniques could or should be used. In this article, we divide modeling techniques for spatial transmission into four main categories: population‐level models, where a macro‐level estimate of the infected population is required; cellular models, where the transmission takes place between connected domains, but is restricted to a fixed topology of neighboring cells; network models, where host‐to‐host transmission routes are modeled, either as planar spatial graphs or where shortcuts can take place as in social networks; and, finally, agent‐based models that model the local transmission between agents, either as host‐to‐host geographical contacts, or by modeling the movement of the disease vector, with dynamic movement of hosts and vectors possible, on a Euclidian space or a more complex space deformed by the existence of information about the topology of the landscape. We summarize these techniques by introducing a taxonomy classifying these modeling approaches. Finally, we present a framework for choosing the most appropriate spatial modeling method, highlighting the links between seemingly disparate methodologies, bearing in mind that the choice of technique rests with the subject expert.     

Value‐Driven Creation of Functionality in Software Projects: Optimal Sequencing and Reuse

We study the problem of optimally sequencing the creation of elements in a software project to optimize a time‐weighted value objective. As elements are created, certain parts of the system (referred to as “groups”) become functional and provide value, even though the entire system has not been completed. The main tradeoff in the sequencing problem arises from elements that belong to multiple groups. On the one hand, creating groups with common elements early in the project reduces the effort required to build later functionality that uses these elements. On the other hand, the early creation of such groups can delay the release of some critical functionality. We formulate the element sequencing problem and propose a heuristic to solve it. This heuristic is compared against a lower bound developed for the problem. Next, we study a more general version of the element sequencing problem in which an element requires some effort to be made reusable. When a reusable element is used in another group, some more effort is needed to specialize the element to work as desired in that group. We study reuse decisions under a weighted completion time objective (i.e., the sum of the completion time of each group weighted by its value is minimized), and show how these decisions differ from those under a traditional makespan objective (i.e., only the final completion time of the project is minimized). A variety of analytical and numerical results are presented. The model is also implemented on data obtained from a real software project. A key finding of this work is that the optimal effort on reuse is never increased (typically lowered) when a weighted completion time objective is used. This finding has implications for managing reuse in projects in which user value influences the order in which functionality is created.     

Management Errors and System Reliability: A Probabilistic Approach and Application to Offshore Platforms

Probabilistic risk analysis, based on the identification of failure modes, points to technical malfunctions and operator errors that can be direct causes of system failure. Yet component failures and operator errors are often rooted in management decisions and organizational factors. Extending the analysis to identify these factors allows more effective risk management strategies. It also permits a more realistic assessment of the overall failure probability. An implicit assumption that is often made in PRA is that, on the whole, the system has been designed according to specified norms and constructed as designed. Such an analysis tends to overemphasize scenarios in which the system fails because it is subjected to a much higher load than those for which it was designed. In this article, we find that, for the case of jacket-type offshore platforms, this class of scenarios contributes only about 5% of the failure probability. We link the PRA inputs to decisions and errors during the three phases of design, construction, and operation of platforms, and we assess the contribution of different types of error scenarios to the overall probability of platform failure. We compute the benefits of improving the design review, and we find that, given the costs involved, improving the review process is a more efficient way to increase system safety than reinforcing the structure.     

考虑信息源相关的软件可信性评估模型

本文研究了信息源相关背景下的软件可信性评估问题.首先提出了一种改进的Denoeux谨慎连接规则,给出了面向多证据合并的水平合成算法;其次,定义了一个综合折扣和相对权重的联合系数用于指标集结或群体意见集结;最后,在分析评估过程中客观存在的信息不确定性和信息源相关等问题的基础上,给出了一个基于证据理论的软件可信性评估模型.典型算例验证了该模型的合理性和有效性.     

Deliberation: Integrating Analytical Results into Environmental Decisions Involving Multiple Stakeholders

The National Research Council has recommended the use of an analytic/deliberative decision making process in environmental restoration decisions that involve multiple stakeholders. This work investigates the use of the results of risk assessment and multiattribute utility analysis (the "analysis") in guiding the deliberation. These results include the ranking of proposed remedial action alternatives according to each stakeholder's preferences, as well as the identification of the major reasons for these rankings. The stakeholder preferences are over a number of performance measures that include the traditional risk assessment metrics, e.g., individual worker risk, as well as programmatic, cultural, and cost-related impacts. Based on these results, a number of proposals are prepared for consideration by the stakeholders during the deliberation. These proposals are the starting point for the formulation of actual recommendations by the group. In our case study, these recommendations included new remedial action alternatives that were created by the stakeholders after an extensive discussion of the detailed analytical results.     

Pricing Software Upgrades: The Role of Product Improvement and User Costs

The computer software industry is an extreme example of rapid new product introduction. However, many consumers are sophisticated enough to anticipate the availability of upgrades in the future. This creates the possibility that consumers might either postpone purchase or buy early on and never upgrade. In response, many software producers offer special upgrade pricing to old customers in order to mitigate the effects of strategic consumer behavior. We analyze the optimality of upgrade pricing by characterizing the relationship between magnitude of product improvement and the equilibrium pricing structure, particularly in the context of user upgrade costs. This upgrade cost (such as the cost of upgrading complementary hardware or drivers) is incurred by the user when she buys the new version but is not captured by the upgrade price for the software. Our approach is to formulate a game theoretic model where consumers can look ahead and anticipate prices and product qualities while the firm can offer special upgrade pricing. We classify upgrades as minor, moderate or large based on the primitive parameters. We find that at sufficiently large user costs, upgrade pricing is an effective tool for minor and large upgrades but not moderate upgrades. Thus, upgrade pricing is suboptimal for the firm for a middle range of product improvement. User upgrade costs have both direct and indirect effects on the pricing decision. The indirect effect arises because the upgrade cost is a critical factor in determining whether all old consumers would upgrade to a new product or not, and this further alters the product improvement threshold at which special upgrade pricing becomes optimal. Finally, we also analyze the impact of upgrade pricing on the total coverage of the market.     

A Methodology for Integrating Tsunami Inundation Modelling into Land Use Planning in New Zealand

Guidance has been produced for land use planners and decision-makers on how tsunami inundation modelling can be included into land use planning. The process of developing the guideline included exploring the difficulties in integrating physical science models into land use planning with a focus on tsunami. These difficulties included addressing uncertainty and reconciling planners' needs with the capability of the modellers. The guidance was based on two key questions. (1) How can tsunami modelling be incorporated into land use planning? (2) What information do planners need from modellers to improve planning and policy for tsunami? The purpose of this paper is to provide a brief overview of the guideline, with the aim of assisting others in producing similar guidance for implementing tsunami modelling into land use planning. The guideline includes tsunami basics, a decision tree for including tsunami risk into land use planning, which forms the basis of the guideline.     

Classifying Revenue Management: A Taxonomy to Assess Business Practice*

As revenue management (RM) techniques evolve there is a need to take stock of how organizations practice RM and the interactions among techniques. This would help practitioners and researchers better understand how RM practice is influenced by the business setting, including those not traditionally associated with advanced RM techniques. Also, it would facilitate investigations of which practices lead to better outcomes in different contexts. Research to date has focused on individual techniques within individual business settings, with limited attention to the range of environments in which RM practice occurs. This suggests a need for a common framework to classify and assess differences in practice. In this article, we present a taxonomy which comprises (i) seven indicators of practice and (ii) a decision tree to measure RM across diverse businesses. We test the classification system in a survey of 232 businesses. Results show the taxonomy provides a comprehensive view of RM practice, with meaningful discrimination across settings. Findings also offer insight into how practices vary across different settings. Our taxonomy contributes to future research by facilitating systematic comparisons of RM practices, the settings in which it is adopted, and its impact on performance.     

Managing Outsourced Software Projects: An Analysis of Project Performance and Customer Satisfaction

We examine the drivers of project performance and customer satisfaction in outsourced software projects using a proprietary panel dataset. The data cover 822 customer observations related to 182 unique projects executed by an India‐based software services vendor. Adopting a multidisciplinary perspective, we investigate how project planning, team stability, and communication effectiveness impact project performance and customer satisfaction. We delineate the direct and interactive influences of the antecedent variables. We also examine how these influences are moderated by two important project contexts: (a) the nature of software work (maintenance and development vs. testing projects) and (b) project maturity (new vs. mature projects). Among other results, we demonstrate that, when project planning capabilities are high, the positive impact of team stability and communication effectiveness on project performance is even higher. In addition, our results suggest that the impact of communication on project performance is muted when team stability is high. Finally, we also demonstrate that the impact of the antecedent variables on project performance varies with the nature of software work. Our findings offer specific and actionable insights to managers that can help them manage outsourced projects better, and open up new research perspectives in the context of outsourced project management.     

The Effect of Liability and Patch Release on Software Security: The Monopoly Case

An abundance of flawed software has been identified as the main cause of the poor security of computer networks because major viruses and worms exploit the vulnerabilities of such software. As an incentive mechanism for software security quality improvement, software liability has been intensely discussed among both academics and practitioners for a long time. An alternative approach to managing software security is patch release, which has been widely adopted in practice. In this paper, we examine these two different ways of mitigating customer risk in the software market: liability and patch release. We study the impact of both mechanisms on a monopolistic software vendor's decision on security quality. We find the conditions under which each mechanism is effective in terms of improving security quality and increasing social surplus. The heterogeneous nature of loss is identified to be a key factor for the effectiveness of the liability mechanism. On the other hand, patch release can be effective and welfare‐enhancing regardless of the nature of loss as long as customers incur low patching cost, and/or the vendor incurs low patch development cost. We also examine the impact of customer misperception of the outcome from vulnerable software on the effectiveness of liability.     

非线性时变系统行为与软件开发组织的演化

分析了软件开发组织演化过程,建立了软件开发组织演化的系统动力学模型,运用非线性系统演化理论研究了影响软件开发组织演化的因素,以及这些因素对软件开发组织演化行为的影响规律,分析了软件开发组织的初始状态、软件行业内项目需求总规模,以及软件组织所依赖的外部组织资源支持等因素对软件开发组织演化过程和演化结果的影响,指出软件开发组织发展初期应当依赖于项目和外界资源支持,发展中期和高峰期应当防止人才和资本资源流失。