6. Conclusion

structural models [22], fuzzy models [26, 27], interval models [30], software dynamic models [31–33], software/hardware complex models [34, 35], Bayesian model modifications [19, 30, 36, 37], as well as neural networks applied for certain scientific purposes [38, 39]. In order to select a

1. Ease of application that primarily concerns the degree of the model adequacy to the statistic collection system, i.e., utilized input data can be easily obtained; the data must be

2. Validity: the model must be reasonably (sufficiently) accurate to solve the tasks of analysis or synthesis in the field of software security. The positive property of the model that allows reducing the input sample is the ability to use a priori information and integrate data from

3. Applicability for various tasks. Some models allow estimating a wide range of parameters necessary for experts at different stages of the software lifecycle, for instance, reliability values, expected number of errors of different types, predicted time and financial expenditure, developers' qualification, test quality, software cover parameters,

4. Simplicity of implementation including the possibility of automated estimation based on well-known mathematical packages and libraries, model learning after revisions, taking into account the incomplete or incorrect input statistics, and other restrictions of the

• Predictive model's quality parameters (convergence, noise tolerance, prediction accuracy,

• Information criteria of predictive model's quality (dimensionality, BIC/AIC criteria).

IC <sup>¼</sup> max<sup>X</sup>

K

kiχi, (41)

i¼1

where ki is the weighting factor of i property of the considered model selected by the expert

As the study has shown, there are a lot of mathematical models that allow estimating the software reliability and security at different stages of lifecycle, which is important for budget planning. On a practical level, the described classification of models simplifies selection and

suitable model, a number of qualitative and quantitative criteria can be suggested [40].

representative; and the input and output data must be clear for the experts.

The following qualitative criteria can be used:

164 Probabilistic Modeling in System Engineering

The following quantitative criteria can be used:

Combined and integral parameters, for instance:

and χi. is the characteristic function of the i property.

integration of the models based on the available statistics.

• Evaluation accuracy parameters.

other models.

etc.

models.

consistency).

1. The chapter presents a new class of probabilistic step models for software reliability (and security) assessment which allows to improve the adequacy and accuracy of evaluation for modern multi-version software systems (e.g., open-source software). One of the main features of the developed models is taking into account the effect of reducing the degree of reliability when updating programs.

These mathematical models have undergone a detailed study and lead to a method that allows planning and monitoring the level of software reliability at the stages of preliminary testing, trial operation, acceptance testing, inspection, and testing after modifications. Completeness and consistency of the method is ensured by the fact that the developed models do not impose strict limitations on the taxonomy of errors, modifications, tests, and input data.


In the field of quality and functional safety of software, the application of mathematical models is welcomed to reduce the level of subjectivity in testing using black box method, fuzzing, functional testing, etc. (see the lines of international standards IEC 61508, IEC 61511, and ISO/ IEC 33001 and also the Russian new standard GOST R 56939). In this respect, IEC 61508– 7:2010<sup>6</sup> is extremely useful because it regulates the relationship between the classes of software testing and the use of formal and semiformal models in detail.

<sup>5</sup> www.commoncriteriaportal.org

<sup>6</sup> IEC 61508–7:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems—Part 7: Overview of techniques and measures.
