1. Technical Field
The present disclosure relates to software development and more specifically to identifying high risk areas of code and proposing actions to mitigate or reduce the risk in those high risk areas.
2. Introduction
Software development is a complex process. As software projects expand, the teams working on the software projects also expand, and often include globally distributed teams of developers. Further, the source code itself is often divided, so that often very few developers have a complete picture of the entire software package under development. As the development of software products frequently transitions among globally distributed teams, the knowledge about the source code, design decisions, original requirements, and the history of troublesome areas can be lost or forgotten. A new team taking over development of a software project faces tremendous challenges to regain that knowledge. Loss of such knowledge is one source of introducing defects into software projects. Software defects can come from many other sources, as well.
Empirical data show that approximately 1% of project source code files are involved in more than 60% of customer reported defects. Because risk is omnipresent in software development, many development strategies are explicitly or implicitly designed to minimize risk. Existing solutions to mitigate risk do not correctly identify files with the highest risk. For example, static analysis warnings have only a weak relationship to customer reported software defects. Defect prediction algorithms can predict defects within individual files in a limited fashion, but do not operate on groups of files that account for the most defects. Each of these existing approaches has deficiencies in identifying and reducing risk in software development projects.