A METHOD OF RISK-BASED QUALITY MANAGEMENT OF AN IT PRODUCT BASED ON DATA ANALYSIS AND MACHINE LEARNING WITHIN SDLC
DOI:
https://doi.org/10.32689/maup.it.2026.1.4Keywords:
risk-based quality management, SDLC, machine learning, defect prediction, DSS, software metrics, data-drivenAbstract
The article is devoted to the development of a risk-oriented quality management method for IT products within the software development life cycle. The object of the study is the process of ensuring software quality under conditions of uncertainty and limited resources, while the problem addressed is the lack of an integrated mechanism for quantitative assessment, prediction, and prioritization of quality risks based on SDLC data. The paper proposes a formalized mathematical model in which risk is interpreted as a probabilistic characteristic of software component defectiveness, as well as a mechanism for integrating risk assessments into quality assurance processes in the form of adaptive quality gates and a decision support system prototype. The obtained results made it possible to solve the identified problem due to the combination of probabilistic modeling, machine learning methods, and risk-oriented test prioritization, which ensures the transition from static control to data-driven quality management. The results are explained by establishing relationships between software metrics and defect probability, enabling component ranking by risk level, formation of a risk register, and optimization of verification resource allocation. Experimental validation on the open NASA Metrics Data Program dataset demonstrated that the model achieves ROC-AUC = 0.669 and PR-AUC = 0.382, and in scenario analysis provides recall@top-k ≈ 0.38 compared to ≈ 0.37 for the LOC-based approach and ≈ 0.18 for random selection. Practical application of the results is advisable in software quality management systems, DevOps analytics, CI/CD environments, and test prioritization processes, provided that historical data on code metrics, testing outcomes, module characteristics, and defectiveness are available under resource constraints.
References
Olusanya, O. O., Jimoh, R. G., Misra, S., & Awotunde, J. B. (2024). A neuro-fuzzy security risk assessment system for software development life cycle. Heliyon, 10(13), e33495. https://doi.org/10.1016/j.heliyon.2024.e33495
Saeed, H., Shafi, I., Ahmad, J., Khan, A. A., Khurshaid, T., & Ashraf, I. (2025). Review of Techniques for Integrating Security in Software Development Lifecycle. Computers, Materials & Continua, 82(1), 139–172. https://doi.org/10.32604/cmc.2024.057587
Humayun, M., Jhanjhi, N., Fahhad Almufareh, M., & Ibrahim Khalil, M. (2022). Security Threat and Vulnerability Assessment and Measurement in Secure Software Development. Computers, Materials & Continua, 71(3), 5039–5059. https://doi.org/10.32604/cmc.2022.019289
Basile, C., De Sutter, B., Canavese, D., Regano, L., & Coppens, B. (2023). Design, implementation, and automation of a risk management approach for man-at-the-End software protection. Computers & Security, 132, 103321. https://doi.org/10.1016/j.cose.2023.103321
M, A. Z., & J, C. (2024). Prioritization of Risks in Agile Software Projects Through an Analytic Hierarchy Process Approach. Procedia Computer Science, 233, 713–722. https://doi.org/10.1016/j.procs.2024.03.260
Dewi, R. S., & Dharmawan, Y. S. (2024). A Proposed Model for Embedding Risk Proportion in Software Development Effort Estimation. Procedia Computer Science, 234, 1777–1784. https://doi.org/10.1016/j.procs.2024.03.185
Mothanna, Y., ElMedany, W., Hammad, M., Ksantini, R., & Sharif, M. S. (2024). Adopting security practices in software development process: Security testing framework for sustainable smart cities. Computers & Security, 144, 103985. https://doi.org/10.1016/j.cose.2024.103985
Del-Real, C., De Busser, E., & van den Berg, B. (2024). Shielding software systems: A comparison of security by design and privacy by design based on a systematic literature review. Computer Law & Security Review, 52, 105933. https://doi.org/10.1016/j.clsr.2023.105933
Kosenkov, O., Elahidoost, P., Gorschek, T., Fischbach, J., Mendez, D., Unterkalmsteiner, M., Fucci, D., & Mohanani, R. (2025). Systematic mapping study on requirements engineering for regulatory compliance of software systems. Information and Software Technology, 178, 107622. https://doi.org/10.1016/j.infsof.2024.107622
Faustino, J., Pereira, R., Mira da Silva, M., Adriano, D., & Camargo, V. (2025). The Impact of DevOps in IT Service Management. Journal of Global Information Management, 33(1), 1–49. https://doi.org/10.4018/jgim.392902
Software defect prediction nasa. (б. д.). Kaggle: Your Machine Learning and Data Science Community. https://www.kaggle.com/datasets/aczy156/software-defect-prediction-nasa
Semenov, S., Tsukur, V., Molokanova, V., Muchacki, M., Litawa, G., Mozhaiev, M., & Petrovska, I. (2025). Mathematical Model of the Software Development Process with Hybrid Management Elements. Applied Sciences, 15(21), 11667. https://doi.org/10.3390/app152111667
Sabau, A.R., Hacks, S. & Steffens, A. Implementation of a continuous delivery pipeline for enterprise architecture model evolution. Softw Syst Model 20, 117–145 (2021). https://doi.org/10.1007/s10270-020-00828-z
Hnatushenko, V. V., Hnatushenko, Vik. V., Dorosh, N. L., Solodka, N. O., & Liashenko, O. A. (2022). Non-relational approach to developing knowledge bases of expert system prototype. Naukovyi Visnyk Natsionalnoho Hirnychoho Universytetu, (2), 112–117. https://doi.org/10.33271/nvngu/2022-2/112
Çarka, J., Esposito, M. & Falessi, D. On effort-aware metrics for defect prediction. Empir Software Eng 27, 152 (2022). https://doi.org/10.1007/s10664-022-10186-7
