CN105404814A - Quality risk evaluation method and system of commercial bank software - Google Patents

Quality risk evaluation method and system of commercial bank software Download PDF

Info

Publication number
CN105404814A
CN105404814A CN201510617008.7A CN201510617008A CN105404814A CN 105404814 A CN105404814 A CN 105404814A CN 201510617008 A CN201510617008 A CN 201510617008A CN 105404814 A CN105404814 A CN 105404814A
Authority
CN
China
Prior art keywords
risk
software
defect
valuation
business
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510617008.7A
Other languages
Chinese (zh)
Inventor
李璐
肖莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN201510617008.7A priority Critical patent/CN105404814A/en
Publication of CN105404814A publication Critical patent/CN105404814A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a quality risk evaluation method and system of commercial bank software. The method and the system firstly obtain a business evaluation value which reflects influence caused on bank business and a maximum loss degree caused on relevant business when quality problems are in the presence in the bank software so as to obtain a requirement risk evaluation value of risks generated in the commercial bank software when the requirements of a user are changed, and a software defect risk evaluation value which reflects the risks caused due to the own defects of the commercial bank software can be obtained; and then, the business risk evaluation value, the requirement risk evaluation value and the software defect risk evaluation value form an evaluation value vector which can objectively reflect the quality risks of the commercial bank software. Since the quality risk evaluation method and system of the commercial bank software can objectively evaluate the quality risks of the commercial bank software, a bank can adopt a corresponding measure for the quality risks of the commercial bank software according to an evaluation result.

Description

The quality risk appraisal procedure of a kind of commercial bank software and system
Technical field
The application relates to software technology field, more particularly, relates to quality risk appraisal procedure and the system of a kind of commercial bank software.
Background technology
The effect of the various commercial banks software that bank uses is extremely important, is the important tool that bank processes all kinds of business, is not only related to normally carrying out of business, be also related to the fund security of bank and client.Therefore, require that Mei Zhong commercial bank software can both run to stability and safety, to ensure the safety of banking.But do not have a kind of method to evaluate objectively the quality risk of commercial bank's software objectively at present, bank also takes corresponding measure with regard to having no idea according to the quality risk of commercial bank's software.
Summary of the invention
In view of this, the application provides quality risk appraisal procedure and the system of a kind of commercial bank software, for carrying out quality risk assessment to the various commercial banking software of Bank application, to solve the problem of having no idea at present commercial bank's software to be carried out to objective evaluation.
To achieve these goals, the existing scheme proposed is as follows:
A quality risk appraisal procedure for commercial bank's software, comprises step:
Obtain the business risk valuation of described commercial bank software, impact when described business risk valuation reflects that quality problems appear in described commercial bank software, banking produced and the maximum loss degree that related service is caused;
Obtain the Requirements Risks valuation of described commercial bank software, the risk that described Requirements Risks valuation reflection produces because the demand of user changes;
Obtain the software defect value at risk of described commercial bank software, described defect value at risk reflects the risk that the defect that described commercial bank software itself exists causes;
Described business risk valuation, described Requirements Risks valuation and described software defect value at risk are formed a valuation vector, the quality risk of described valuation vector reflection described commercial bank software.
Optionally, described business risk valuation comprises the scoring of business level of interest, business continuance requirement scoring and scope of business scoring.
Optionally, described Requirements Risks valuation be described commercial bank software from a upper milestone to current milestone newly increased requirement number, the demand number of cancellation and the demand number that changes and to assess the ratio of the aggregate demand number in node upper one with described commercial bank software.
Optionally, described software defect value at risk comprises the defect rank of described commercial bank software, defects count and defect repair efficiency.
A quality risk evaluating system for commercial bank's software, comprising:
First acquisition module, for obtaining the business risk valuation of described commercial bank software, impact when described business risk valuation reflects that quality problems appear in described commercial bank software, banking produced and the maximum loss degree that related service is caused;
Second acquisition module, for obtaining the Requirements Risks valuation of described commercial bank software, the risk that described Requirements Risks valuation reflection produces because the demand of user changes;
3rd acquisition module, for obtaining the software defect value at risk of described commercial bank software, described defect value at risk reflects the risk that the defect that described commercial bank software itself exists causes;
Vector constructing module, for described business risk valuation, described Requirements Risks valuation and described software defect value at risk are formed a valuation vector, the quality risk of described valuation vector reflection described commercial bank software.
Optionally, described business risk valuation comprises the scoring of business level of interest, business continuance requirement scoring and scope of business scoring.
Optionally, described Requirements Risks valuation be described commercial bank software from a upper milestone to current milestone newly increased requirement number, the demand number of cancellation and the demand number that changes and to assess the ratio of the aggregate demand number in node upper one with described commercial bank software.
Optionally, described software defect value at risk comprises the defect rank of described commercial bank software, defects count and defect repair efficiency.
As can be seen from above-mentioned technical scheme, this application discloses quality risk appraisal procedure and the system of a kind of commercial bank software, first the method and system obtain reflection commercial bank software when there are quality problems to the impact of banking generation and the business risk valuation to the maximum loss degree that related service causes, and then obtain the Requirements Risks valuation of the risk that reflection commercial bank software produces because the demand of user changes, also obtain the software defect value at risk of the risk that reflection commercial bank software causes due to the defect that exists itself; Then business risk valuation, Requirements Risks valuation and software defect value at risk are configured to a valuation vector, this valuation vector can objectively respond the quality risk of commercial bank's software.The quality risk appraisal procedure provided due to the application and system can be assessed objectively to the quality risk of commercial bank's software, thus bank can be enable to take appropriate measures according to the quality risk of assessment result to commercial bank's software.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The process flow diagram of the quality risk appraisal procedure of a kind of commercial bank software that Fig. 1 provides for the embodiment of the present application;
The schematic diagram of the quality risk evaluating system of a kind of commercial bank software that Fig. 2 provides for another embodiment of the application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
Embodiment one
The process flow diagram of the quality risk appraisal procedure of a kind of commercial bank software that Fig. 1 provides for the embodiment of the present application.
As shown in Figure 1, the methods of risk assessment that provides of the present embodiment is for assessing for the quality risk of commercial bank's software of commencing business required bank.Concrete steps comprise the steps:
S101: the business risk valuation obtaining commercial bank's software.
In the application, business risk valuation is designated as B q, the implication of business risk valuation is: have an impact to banking when quality problems appear in software and the degree of maximum loss that related service may cause.Such as deposit, the business risk valuation of business of withdrawing the money is larger than the value at risk of the business of querying the balance.
In the application, the factor of influence of business risk valuation comprises business level of interest, business continuance requires and the scope of business.
Business level of interest refers to the degree that this business should be concerned.Usually, along with the development of commercial banking, the concerned degree of often kind of business is also constantly change.The application is from portfolio, customer quantity two aspect tolerance business level of interest.Portfolio refers to the turnover that in the regular period, (such as 1 year) this business is total, customer quantity refers to the client's sum participating in this business, and turnover is larger, and customer quantity is more, mean that the risk of this kind of business is larger, business level of interest should be higher.
This factor is divided into 4 grades, and mark is respectively 1-4, and mark is corresponding in turn to from low to high:
1 point: portfolio is low, customer quantity is few;
2 points: portfolio is low, customer quantity is many;
3 points: portfolio is high, customer quantity is few;
4 points: portfolio is high, customer quantity is many.
Business continuance requires to refer to that this business is to the desirability run without interruption.Be divided into 3 grades, mark is respectively 1-3, and mark is corresponding in turn to from low to high:
1 point: can shut down at any time;
2 points: can shut down at night or can shut down at weekend;
3 points: do not allow to shut down.
The scope of business refers to the territorial scope of this service coverage.Be divided into 3 grades, mark is respectively 1-3, is corresponding in turn to from low to high:
1 point: city, at county level;
2 points: province, autonomous region's level;
3 points: the whole nation.
Business risk valuation is defined as: three factor of influence assessment mark sums.Be formulated as:
Business risk valuation B q=business level of interest score+business continuance requires score+scope of business score, and known business risk valuation is minimum is 3, is up to 10.
For certain system item of the Agricutural Bank of China, to business risk valuation B qcalculating carry out in the demand analysis stage of software project.The business personnel being familiar with business is invited to mark to business level of interest, business continuance requirement, the scope of business.
First, calculate the total business volume of the corresponding business of the evaluated system of 2012-2014, in 3 years, the average turnover of this business is about 1.2 hundred million yuan, participation business client sum is about 300 people, rule of thumb, this numerical value belongs in agricultural bank inside the project that business turnover is lower, participation client number is less, and therefore business level of interest score assignment is 1.
Secondly, business personnel assesses the continuity demand that operation system is run, and according to the business demand of system, this system does not require run continuously for 24x7 hour, allows to shut down at night or weekend, but dailyly should keep online, and therefore business continuance requires be divided into 2.
Finally, this service coverage whole nation agricultural bank system, therefore the scope of business must be divided into 3.
S102: the Requirements Risks valuation obtaining commercial bank's software.
In the application, Requirements Risks valuation is designated as E q, Requirements Risks refers to the risk that software project produces due to changes in demand.Because banking speed of development is very fast, the development of business causes the change of demand, and the change of demand causes software constantly to upgrade to adapt to service needed.Therefore, the degree of stability of demand has a significant impact software quality.Changes in demand is faster, and potential software quality problem may be more.
Requirements Risks valuation weighs software project from a upper milestone to the changes in demand situation of current milestone, suppose that between two milestones, project newly increased requirement number is N, the demand number cancelled is C, and the demand number changed is V, and in a upper assessment node, project aggregate demand number is T p.Then the Requirements Risks valuation of current milestone is:
E Q = N + C + V T p , T p ≠ 0
Requirements Risks valuation E qcarry out iteration in process at software project to carry out.A software project has some milestones on stream, on each milestone node, and record entry demand number and changes in demand detail.Still for aforementioned project, three exploitation milestones of this project are respectively on June 1st, 2014, on August 1st, 2014 and on Dec 1st, 2014.On June 1st, 2014, project demands number was 350, and on August 1st, 2014, project demands number became 400, and wherein, newly increased requirement 80, cancel demand 30, the demand number changed is 25.So, at the milestone place on August 1st, 2014, Requirements Risks valuation E q=(80+30+25)/350=0.386
S103: the software defect value at risk obtaining commercial bank's software.
Software defect value at risk is designated as F q, software defect risk is the risk because the existing defects of software own causes, and it is determined by the grade of software defect, quantity and remediation efficiency.
Software defect grade is according to generic definition in the industry, and be divided into 4 grades, grade is fatal, serious, general, slight from high to low successively.
First define software defect state comprise newly-increased, open, repair, refuse, close and reopen six kinds.Each state is defined as follows.
Newly-increased (New): by be submitted to defect storehouse from the defect of undiscovered mistake before current time node after, the state of this defect is " increasing newly ".
Open (Open): when developer processes the defect of not closing, the state of this defect is " opening ".
Repair (Fixed): the state of defect, by after defect repair, is set to " repairing " by developer.
Refusal (Rejected): tester and developer reach an agreement to the defect of not closing, and after confirming this defect non-software defect, defect state can be set to " refusal ".
Close (Closed): tester confirms the defect of not closing, and after confirming that this defect is repaired, is set to " closedown " by defect state.
Reopen (Reopen): before current time node, pent defect reappears, the state of this defect should be updated to " reopening ".
The defect loss defined based on defect rank is as follows:
If fatal class defect, then penalty values is 1;
If serious class defect, then penalty values is 0.7;
If general class defect, then penalty values is 0.3;
If slight class defect, then penalty values is 0.1.
Define defects loss total value is in all defect penalty values sum of current time node except " refusal " state and "Off" state.
If L f={ 1,0.7,0.3,0.1} represents the set of penalty values, then the total value S of defect risk fas follows with equation expression:
S F = Σ i = 1 N l i , l i ∈ L F
Above in formula, l irepresent the penalty values of single defect, its value can be 1,0.7,0.3,0.1, the N sum representing the defect of discovery.
Such as, aforementioned project finds 300 defects altogether in first round test process, wherein, fatal class defect 10, serious class defect 50, general class defect 120, slight class defect 120, so the total value of defect risk is:
S F=10*1+50*0.7+120*0.3+120*0.1=93。
Define defects loss average M ffor defect loss total value is divided by the number N of all defect except " refusal " state and "Off" state.
M F = S F N
Still above example, the defect risk average of this project is:
M F=S F/N=93/300=0.31。
Defect loss total value reflects the entirety loss that all defect under system current state causes, and this loss is relevant with the seriousness of defect itself with the quantity of defect.The quantity of defect is more, the rank of defect is higher, and so the total value of defect loss is higher.
Defect loss average reflects the proportion shared by defect of different stage under system current state.In general, high level defect is more, and defect loss average is higher.When defect loss average is higher, also should the total value of binding deficient loss, get rid of and that cause high average situation very few due to defect counts.
Defect loss total value and defect loss average are all the tolerance to project " immediate status ".
Further, the ratio that defect repair disturbance degree represents newfound defects count and the defects count of solution in often wheel assessment is introduced.Be defined as follows.
Suppose that current round is evaluated as R round, last round is evaluated as R-1 round, is defined as follows statistical variable.
1) number of defects N is closed c: the state in the assessment of R-1 wheel is not "Off" state and is not " refusal " state, and the state in the assessment of R wheel is the defects count sum of "Off" state.
2) new discovery number of defects N e: do not exist in the assessment of R-1 wheel, and state be the defects count sum of " increase " in the assessment of R wheel, adds and be in "Off" state in the assessment of R-1 wheel, and R take turns assess in transfer the defect sum of " reopening " state to.
Further, Define defects reparation disturbance degree is:
I = N E N C , N C ≠ 0
Defect repair disturbance degree describes the remediation efficiency of software defect.When defect loss total value is lower, but when defect repair disturbance degree is higher, show that the action of last round repair-deficiency causes how new defect.Defect repair disturbance degree is the tolerance to project " situation of change ".
Citing:
For aforementioned project, this project has carried out three-wheel assessment altogether, and the record data of three-wheel assessment are as follows:
The first round: find that new number of defects is 300, closing number of defects is 0, and owing to being first round assessment, defect repair disturbance degree does not calculate.
Second takes turns: find new number of defects 84, and closing number of defects is 156, and remaining software defects is 300+84-156=228.Defect repair disturbance degree is according to definition=84/156=0.538.
Third round: find new number of defects 10, closing number of defects is 162, and remaining software defects is 228+10-162=76.Defect repair disturbance degree is calculated as: 10/162=0.062.
In sum, defining software defect value at risk is a vector
F Q=[S F,M F,I] T
Citing:
According to aforementioned calculating, each of project is taken turns assessment (respective items object milestone) and can be obtained one group of defect value at risk, comprises S f, M f, I tri-scalar value, such as, the defect value at risk of aforementioned project is:
The first round: S f=93, M f=0.31, I is unavailable
Second takes turns: remaining software defects (except " refusal " state and "Off" state) is 228, wherein critical defect 4, major defect 24, general defect 80, light defects 120.S F=4*1+24*0.7+80*0.3+80*0.1=52.8.M F=52.8/228=0.232.I=0.538.
Third round: remaining software defects is 76, wherein critical defect 1, major defect 5, general defect 20, light defects 50.S F=1*1+5*0.7+20*0.3+50*0.1=15.5,M F=15.5/76=0.204,I=0.062。
S104: structure valuation vector.
After getting the business risk valuation of commercial bank's software, Requirements Risks valuation and defect value at risk, three is configured to a valuation vector R q, this valuation vector is designated as R q, then:
R Q=(B Q,E Q,F Q) T
This valuation vector R qthe quality risk of commercial bank's software can be reflected objectively, therefore can be assessed objectively the quality risk of commercial bank's software objectively by above step.
The performance history of, iteration normally dynamic due to commercial bank's software project, therefore the assessment of quality risk is also a dynamic process.With regard to three partial elements of software quality risk, " immediately " state assessing software project is at that time paid close attention in business risk valuation, and Requirements Risks valuation pays close attention to software project from " change " situation a upper assessment node to evaluation node, software defect value at risk then simultaneously concerned item object " immediately " state and " change " situation.
As can be seen from technique scheme, present embodiments provide the quality risk appraisal procedure of a kind of commercial bank software, first the method obtains reflection commercial bank software when there are quality problems to the impact of banking generation and the business risk valuation to the maximum loss degree that related service causes, and then obtain the Requirements Risks valuation of the risk that reflection commercial bank software produces because the demand of user changes, also obtain the software defect value at risk of the risk that reflection commercial bank software causes due to the defect that exists itself; Then business risk valuation, Requirements Risks valuation and software defect value at risk are configured to a valuation vector, this valuation vector can objectively respond the quality risk of commercial bank's software.The quality risk appraisal procedure provided due to the application can be assessed objectively to the quality risk of commercial bank's software, thus bank can be enable to take appropriate measures according to the quality risk of assessment result to commercial bank's software.
Embodiment two
The schematic diagram of the quality risk evaluating system of a kind of commercial bank software that Fig. 2 provides for another embodiment of the application.
As shown in Figure 2, the risk evaluating system that provides of the present embodiment is for assessing for the quality risk of commercial bank's software of commencing business required bank.Specifically comprise business first acquisition module 10, second acquisition module 20, the 3rd acquisition module 30 and vectorial constructing module 40.
First acquisition module 10 is for obtaining the business risk valuation of commercial bank's software.
In the application, business risk valuation is designated as B q, the implication of business risk valuation is: have an impact to banking when quality problems appear in software and the degree of maximum loss that related service may cause.Such as deposit, the business risk valuation of business of withdrawing the money is larger than the value at risk of the business of querying the balance.
In the application, the factor of influence of business risk valuation comprises business level of interest, business continuance requires and the scope of business.
Business level of interest refers to the degree that this business should be concerned.Usually, along with the development of commercial banking, the concerned degree of often kind of business is also constantly change.The application is from portfolio, customer quantity two aspect tolerance business level of interest.Portfolio refers to the turnover that in the regular period, (such as 1 year) this business is total, customer quantity refers to the client's sum participating in this business, and turnover is larger, and customer quantity is more, mean that the risk of this kind of business is larger, business level of interest should be higher.
This factor is divided into 4 grades, and mark is respectively 1-4, and mark is corresponding in turn to from low to high:
1 point: portfolio is low, customer quantity is few;
2 points: portfolio is low, customer quantity is many;
3 points: portfolio is high, customer quantity is few;
4 points: portfolio is high, customer quantity is many.
Business continuance requires to refer to that this business is to the desirability run without interruption.Be divided into 3 grades, mark is respectively 1-3, and mark is corresponding in turn to from low to high:
1 point: can shut down at any time;
2 points: can shut down at night or can shut down at weekend;
3 points: do not allow to shut down.
The scope of business refers to the territorial scope of this service coverage.Be divided into 3 grades, mark is respectively 1-3, is corresponding in turn to from low to high:
1 point: city, at county level;
2 points: province, autonomous region's level;
3 points: the whole nation.
Business risk valuation is defined as: three factor of influence assessment mark sums.Be formulated as:
Business risk valuation B q=business level of interest score+business continuance requires score+scope of business score, and known business risk valuation is minimum is 3, is up to 10.
For certain system item of the Agricutural Bank of China, to business risk valuation B qcalculating carry out in the demand analysis stage of software project.The business personnel being familiar with business is invited to mark to business level of interest, business continuance requirement, the scope of business.
First, calculate the total business volume of the corresponding business of the evaluated system of 2012-2014, in 3 years, the average turnover of this business is about 1.2 hundred million yuan, participation business client sum is about 300 people, rule of thumb, this numerical value belongs in agricultural bank inside the project that business turnover is lower, participation client number is less, and therefore business level of interest score assignment is 1.
Secondly, business personnel assesses the continuity demand that operation system is run, and according to the business demand of system, this system does not require run continuously for 24x7 hour, allows to shut down at night or weekend, but dailyly should keep online, and therefore business continuance requires be divided into 2.
Finally, this service coverage whole nation agricultural bank system, therefore the scope of business must be divided into 3.
Second acquisition module 20 is for obtaining the Requirements Risks valuation of commercial bank's software.
In the application, Requirements Risks valuation is designated as E q, Requirements Risks refers to the risk that software project produces due to changes in demand.Because banking speed of development is very fast, the development of business causes the change of demand, and the change of demand causes software constantly to upgrade to adapt to service needed.Therefore, the degree of stability of demand has a significant impact software quality.Changes in demand is faster, and potential software quality problem may be more.
Requirements Risks valuation weighs software project from a upper milestone to the changes in demand situation of current milestone, suppose that between two milestones, project newly increased requirement number is N, the demand number cancelled is C, and the demand number changed is V, and in a upper assessment node, project aggregate demand number is T p.Then the Requirements Risks valuation of current milestone is:
E Q = N + C + V T p , T p ≠ 0
Requirements Risks valuation E qcarry out iteration in process at software project to carry out.A software project has some milestones on stream, on each milestone node, and record entry demand number and changes in demand detail.Still for aforementioned project, three exploitation milestones of this project are respectively on June 1st, 2014, on August 1st, 2014 and on Dec 1st, 2014.On June 1st, 2014, project demands number was 350, and on August 1st, 2014, project demands number became 400, and wherein, newly increased requirement 80, cancel demand 30, the demand number changed is 25.So, at the milestone place on August 1st, 2014, Requirements Risks valuation E q=(80+30+25)/350=0.386
3rd acquisition module 30 is for obtaining the software defect value at risk of commercial bank's software.
Software defect value at risk is designated as F q, software defect risk is the risk because the existing defects of software own causes, and it is determined by the grade of software defect, quantity and remediation efficiency.
Software defect grade is according to generic definition in the industry, and be divided into 4 grades, grade is fatal, serious, general, slight from high to low successively.
First define software defect state comprise newly-increased, open, repair, refuse, close and reopen six kinds.Each state is defined as follows.
Newly-increased (New): by be submitted to defect storehouse from the defect of undiscovered mistake before current time node after, the state of this defect is " increasing newly ".
Open (Open): when developer processes the defect of not closing, the state of this defect is " opening ".
Repair (Fixed): the state of defect, by after defect repair, is set to " repairing " by developer.
Refusal (Rejected): tester and developer reach an agreement to the defect of not closing, and after confirming this defect non-software defect, defect state can be set to " refusal ".
Close (Closed): tester confirms the defect of not closing, and after confirming that this defect is repaired, is set to " closedown " by defect state.
Reopen (Reopen): before current time node, pent defect reappears, the state of this defect should be updated to " reopening ".
The defect loss defined based on defect rank is as follows:
If fatal class defect, then penalty values is 1;
If serious class defect, then penalty values is 0.7;
If general class defect, then penalty values is 0.3;
If slight class defect, then penalty values is 0.1.
Define defects loss total value is in all defect penalty values sum of current time node except " refusal " state and "Off" state.
If L f={ 1,0.7,0.3,0.1} represents the set of penalty values, then the total value S of defect risk fas follows with equation expression:
S F = Σ i = 1 N l i , l i ∈ L F
Above in formula, l irepresent the penalty values of single defect, its value can be 1,0.7,0.3,0.1, the N sum representing the defect of discovery.
Such as, aforementioned project finds 300 defects altogether in first round test process, wherein, fatal class defect 10, serious class defect 50, general class defect 120, slight class defect 120, so the total value of defect risk is:
S F=10*1+50*0.7+120*0.3+120*0.1=93。
Define defects loss average M ffor defect loss total value is divided by the number N of all defect except " refusal " state and "Off" state.
M F = S F N
Still above example, the defect risk average of this project is:
M F=S F/N=93/300=0.31。
Defect loss total value reflects the entirety loss that all defect under system current state causes, and this loss is relevant with the seriousness of defect itself with the quantity of defect.The quantity of defect is more, the rank of defect is higher, and so the total value of defect loss is higher.
Defect loss average reflects the proportion shared by defect of different stage under system current state.In general, high level defect is more, and defect loss average is higher.When defect loss average is higher, also should the total value of binding deficient loss, get rid of and that cause high average situation very few due to defect counts.
Defect loss total value and defect loss average are all the tolerance to project " immediate status ".
Further, the ratio that defect repair disturbance degree represents newfound defects count and the defects count of solution in often wheel assessment is introduced.Be defined as follows.
Suppose that current round is evaluated as R round, last round is evaluated as R-1 round, is defined as follows statistical variable.
1) number of defects N is closed c: the state in the assessment of R-1 wheel is not "Off" state and is not " refusal " state, and the state in the assessment of R wheel is the defects count sum of "Off" state.
2) new discovery number of defects N e: do not exist in the assessment of R-1 wheel, and state be the defects count sum of " increase " in the assessment of R wheel, adds and be in "Off" state in the assessment of R-1 wheel, and R take turns assess in transfer the defect sum of " reopening " state to.
Further, Define defects reparation disturbance degree is:
I = N E N C , N C ≠ 0
Defect repair disturbance degree describes the remediation efficiency of software defect.When defect loss total value is lower, but when defect repair disturbance degree is higher, show that the action of last round repair-deficiency causes how new defect.Defect repair disturbance degree is the tolerance to project " situation of change ".
Citing:
For aforementioned project, this project has carried out three-wheel assessment altogether, and the record data of three-wheel assessment are as follows:
The first round: find that new number of defects is 300, closing number of defects is 0, and owing to being first round assessment, defect repair disturbance degree does not calculate.
Second takes turns: find new number of defects 84, and closing number of defects is 156, and remaining software defects is 300+84-156=228.Defect repair disturbance degree is according to definition=84/156=0.538.
Third round: find new number of defects 10, closing number of defects is 162, and remaining software defects is 228+10-162=76.Defect repair disturbance degree is calculated as: 10/162=0.062.
In sum, defining software defect value at risk is a vector
F Q=[S F,M F,I] T
Citing:
According to aforementioned calculating, each of project is taken turns assessment (respective items object milestone) and can be obtained one group of defect value at risk, comprises S f, M f, I tri-scalar value, such as, the defect value at risk of aforementioned project is:
The first round: S f=93, M f=0.31, I is unavailable
Second takes turns: remaining software defects (except " refusal " state and "Off" state) is 228, wherein critical defect 4, major defect 24, general defect 80, light defects 120.S F=4*1+24*0.7+80*0.3+80*0.1=52.8.M F=52.8/228=0.232.I=0.538.
Third round: remaining software defects is 76, wherein critical defect 1, major defect 5, general defect 20, light defects 50.S F=1*1+5*0.7+20*0.3+50*0.1=15.5,M F=15.5/76=0.204,I=0.062。
Vector constructing module 40 is for constructing valuation vector.
After getting the business risk valuation of commercial bank's software, Requirements Risks valuation and defect value at risk, three is configured to a valuation vector R by vectorial constructing module q, this valuation vector is designated as R q, then:
R Q=(B Q,E Q,F Q) T
This valuation vector R qobjectively can see the quality risk of ground reflection commercial bank software, therefore can be assessed objectively the quality risk of commercial bank's software objectively by native system.
The performance history of, iteration normally dynamic due to commercial bank's software project, therefore the assessment of quality risk is also a dynamic process.With regard to three partial elements of software quality risk, " immediately " state assessing software project is at that time paid close attention in business risk valuation, and Requirements Risks valuation pays close attention to software project from " change " situation a upper assessment node to evaluation node, software defect value at risk then simultaneously concerned item object " immediately " state and " change " situation.
As can be seen from technique scheme, present embodiments provide the quality risk evaluating system of a kind of commercial bank software, first this system obtains reflection commercial bank software when there are quality problems to the impact of banking generation and the business risk valuation to the maximum loss degree that related service causes, and then obtain the Requirements Risks valuation of the risk that reflection commercial bank software produces because the demand of user changes, also obtain the defect value at risk of the risk that reflection commercial bank software causes due to the defect that exists itself; Then business risk valuation, Requirements Risks valuation and defect value at risk are configured to a valuation vector, this valuation vector can objectively respond the quality risk of commercial bank's software.The quality risk appraisal procedure provided due to the application can be assessed objectively to the quality risk of commercial bank's software, thus bank can be enable to take appropriate measures according to the quality risk of assessment result to commercial bank's software.
In this instructions, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar portion mutually see.To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the application.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein when not departing from the spirit or scope of the application, can realize in other embodiments.Therefore, the application can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.

Claims (8)

1. a quality risk appraisal procedure for commercial bank's software, is characterized in that, comprise step:
Obtain the business risk valuation of described commercial bank software, impact when described business risk valuation reflects that quality problems appear in described commercial bank software, banking produced and the maximum loss degree that related service is caused;
Obtain the Requirements Risks valuation of described commercial bank software, the risk that described Requirements Risks valuation reflection produces because the demand of user changes;
Obtain the software defect value at risk of described commercial bank software, described defect value at risk reflects the risk that the defect that described commercial bank software itself exists causes;
Described business risk valuation, described Requirements Risks valuation and described software defect value at risk are formed a valuation vector, the quality risk of described valuation vector reflection described commercial bank software.
2. quality risk appraisal procedure as claimed in claim 1, is characterized in that, described business risk valuation comprises the scoring of business level of interest, business continuance requirement scoring and scope of business scoring.
3. quality risk appraisal procedure as claimed in claim 1, it is characterized in that, described Requirements Risks valuation be described commercial bank software from a upper milestone to current milestone newly increased requirement number, the demand number of cancellation and the demand number that changes and to assess the ratio of the aggregate demand number in node upper one with described commercial bank software.
4. quality risk appraisal procedure as claimed in claim 1, is characterized in that, described software defect value at risk comprises the defect rank of described commercial bank software, defects count and defect repair efficiency.
5. a quality risk evaluating system for commercial bank's software, is characterized in that, comprising:
First acquisition module, for obtaining the business risk valuation of described commercial bank software, impact when described business risk valuation reflects that quality problems appear in described commercial bank software, banking produced and the maximum loss degree that related service is caused;
Second acquisition module, for obtaining the Requirements Risks valuation of described commercial bank software, the risk that described Requirements Risks valuation reflection produces because the demand of user changes;
3rd acquisition module, for obtaining the software defect value at risk of described commercial bank software, described defect value at risk reflects the risk that the defect that described commercial bank software itself exists causes;
Vector constructing module, for described business risk valuation, described Requirements Risks valuation and described software defect value at risk are formed a valuation vector, the quality risk of described valuation vector reflection described commercial bank software.
6. quality risk evaluating system as claimed in claim 5, is characterized in that, described business risk valuation comprises the scoring of business level of interest, business continuance requirement scoring and scope of business scoring.
7. quality risk evaluating system as claimed in claim 5, it is characterized in that, described Requirements Risks valuation be described commercial bank software from a upper milestone to current milestone newly increased requirement number, the demand number of cancellation and the demand number that changes and to assess the ratio of the aggregate demand number in node upper one with described commercial bank software.
8. quality risk evaluating system as claimed in claim 5, is characterized in that, described software defect value at risk comprises the defect rank of described commercial bank software, defects count and defect repair efficiency.
CN201510617008.7A 2015-09-24 2015-09-24 Quality risk evaluation method and system of commercial bank software Pending CN105404814A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510617008.7A CN105404814A (en) 2015-09-24 2015-09-24 Quality risk evaluation method and system of commercial bank software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510617008.7A CN105404814A (en) 2015-09-24 2015-09-24 Quality risk evaluation method and system of commercial bank software

Publications (1)

Publication Number Publication Date
CN105404814A true CN105404814A (en) 2016-03-16

Family

ID=55470299

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510617008.7A Pending CN105404814A (en) 2015-09-24 2015-09-24 Quality risk evaluation method and system of commercial bank software

Country Status (1)

Country Link
CN (1) CN105404814A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108563566A (en) * 2018-04-09 2018-09-21 郑州云海信息技术有限公司 A kind of risk analysis method and system of system
CN109684851A (en) * 2018-12-27 2019-04-26 中国移动通信集团江苏有限公司 Evaluation of Software Quality, device, equipment and computer storage medium
CN110188541A (en) * 2019-04-18 2019-08-30 招银云创(深圳)信息技术有限公司 Methods of risk assessment, device, assessment terminal and the storage medium of operation system
CN110599459A (en) * 2019-08-14 2019-12-20 深圳市勘察研究院有限公司 Underground pipe network risk assessment cloud system based on deep learning
CN110717646A (en) * 2019-09-03 2020-01-21 福建省农村信用社联合社 Method and system for realizing bank demand post-evaluation
CN112488534A (en) * 2020-12-03 2021-03-12 福建省农村信用社联合社 Risk early warning method, system, equipment and medium before bank software is online
CN114860618A (en) * 2022-07-06 2022-08-05 湖南三湘银行股份有限公司 RPA-based automatic function testing method and system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108563566A (en) * 2018-04-09 2018-09-21 郑州云海信息技术有限公司 A kind of risk analysis method and system of system
CN109684851A (en) * 2018-12-27 2019-04-26 中国移动通信集团江苏有限公司 Evaluation of Software Quality, device, equipment and computer storage medium
CN110188541A (en) * 2019-04-18 2019-08-30 招银云创(深圳)信息技术有限公司 Methods of risk assessment, device, assessment terminal and the storage medium of operation system
CN110188541B (en) * 2019-04-18 2021-06-04 招银云创信息技术有限公司 Risk assessment method and device of business system, assessment terminal and storage medium
CN110599459A (en) * 2019-08-14 2019-12-20 深圳市勘察研究院有限公司 Underground pipe network risk assessment cloud system based on deep learning
CN110717646A (en) * 2019-09-03 2020-01-21 福建省农村信用社联合社 Method and system for realizing bank demand post-evaluation
CN112488534A (en) * 2020-12-03 2021-03-12 福建省农村信用社联合社 Risk early warning method, system, equipment and medium before bank software is online
CN114860618A (en) * 2022-07-06 2022-08-05 湖南三湘银行股份有限公司 RPA-based automatic function testing method and system
CN114860618B (en) * 2022-07-06 2022-09-23 湖南三湘银行股份有限公司 RPA-based automatic function testing method and system

Similar Documents

Publication Publication Date Title
CN105404814A (en) Quality risk evaluation method and system of commercial bank software
Nakao et al. Relationship between environmental performance and financial performance: an empirical analysis of Japanese corporations
Rogers et al. Engineering project appraisal
Richardson Accounting for Sustainability: Measuring quantities or enhancing qualities?
CN109242664A (en) It is a kind of towards the tax risk prediction technique for newly setting up enterprise
CN103310353B (en) The data filtering of a kind of attack resistance optimizes system and method
Koohathongsumrit et al. Route selection in multimodal supply chains: A fuzzy risk assessment model-BWM-MARCOS framework
Chen et al. Design of experiments on neural network's parameters optimization for time series forecasting in stock markets
Khalili et al. Performance evaluation in green supply chain using BSC, DEA and data mining
CN107491877A (en) A kind of power network construction project Budget Performance method based on fuzzy overall evaluation
Van der Ploeg Macro-financial implications of climate change and the carbon transition
CN105354664A (en) Method for optimizing power transmission and transformation engineering project cost risk evaluation index system
lo Storto et al. Infrastructure efficiency, logistics quality and environmental impact of land logistics systems in the EU: A DEA-based dynamic mapping
CN110415125A (en) A kind of method, apparatus, equipment and computer storage medium carrying out credit rating to issuing subject online
Wang et al. Determine the optimal capital structure of BOT projects using interval numbers with Tianjin Binhai New District Metro Z4 line in China as an example
CN106447482A (en) Tax checking method combining tax credit rating and transaction relation network
Vogel Impact of privatisation on the financial and economic performance of European airports
Kristanti et al. Are Indonesian construction companies financially distressed? A prediction using artificial neural networks
Hein et al. Implementing NEPA in the age of climate change
Tripathi et al. Determinants of firm location choice in large cities in India: A binary logit model analysis
Sotirchos et al. Financial sustainability of the waste treatment projects that follow PPP contracts in Greece: a formula for the calculation of the profit rate
Bagui et al. Traffic and revenue forecast at risk for a BOT road project
Hyari A Procedure for Rebalancing Unbalanced Bidding in Unit Price Contracts
Roodposhti et al. Acquiring targets in balanced scorecard method by data envelopment analysis technique and its application in commercial banks
Mehdi et al. Efficiency of Green Supply Chain in the presence of non-discretionary and undesirable factors, using Data Envelopment Analysis

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160316