MSc Research Internship (Thesis 2026)

*Estimating the risk and value of software qualities =====================================================

SIG supervisor: Lodewijk Bergmans [lodewijk.bergmans@softwareimprovementgroup.com]

Problem Statement -----------------

Decisions in software engineering are in general determined by three main factors: technology, people and process, and economics. Software quality has proven to be an increasingly important factor in the success or failure of software systems. But for development organizations to invest in software quality, they must understand what the potential risks and benefits are, and what the costs are of improving software quality. As of today, there are no integrated methodologies to tackle this issue for a wide range of software qualities.

At SIG, the Cost Estimation Model [Nuhogro 2011] assesses the impact of maintainability on development effort and serves as a key technique for reporting and decision support. However, this is currently lacking for other software quality characteristics.

The FAIR methodology [FAIR, Open-FAIR, Freund 2015] provides a method for quantifying (the monetary value of) risk and impact, primarily focused on cyber-security risks. It uses a structured approach for quantifying and combining multiple factors that determine overall risk, and presents results based on ranges of likely outcomes.

Research Question -----------------

The main research question of this proposal is: can the FAIR approach -or perhaps an alternative- be adapted or applied to multiple quality models (maintainability, security, architecture quality, etc.), yielding an integrated cost estimation model for multiple software qualities?

If so, can the risk models for multiple qualities be combined into a single, combined, software economics model for software quality?

If not, can we apply the FAIR approach at least to software security, based on the software security analysis results from SIG’s Sigrid platform?

Tentative Approach ------------------

We foresee several stages to come to the overall goal, although not all of them may/need to be achieved in a single thesis project:

• Use the FAIR model to derive a quantitative security risk profile of a software system, given the input from SIG’s software security analysis (part of the Sigrid platform).

• Explore the ability to determine the quantitative difference (in risk) when going from one security level to another.

• Apply the FAIR model to e.g. Maintainability and Architecture Quality of a software system

• Develop a model to estimate the costs of improving the security level of a software system.

• Define an overall integrated approach for the software economics of (multiple) software qualities.

SIG colleagues will be involved to help in providing the domain information needed to construct the various risk assessment models.

Relevant Literature -------------------

[FAIR] https://www.fairinstitute.org/what-is-fair

[Open-FAIR] https://www.opengroup.org/open-fair

[Freund 2015] Freund, J. & Jones, J. (2015). Measuring and managing information risk: A FAIR approach. Butterworth-Heinemann.

[Nuhogro 2011] Nugroho, A., Visser, J., & Kuipers, T. (2011). An empirical model of technical debt and interest. Proceedings - International Conference on Software Engineering, 1–8. https://doi.org/10.1145/1985362.1985364

About this proposal -------------------

Note that all thesis proposals are preliminary suggestions; their scope, research questions and research approach may be adapted depending on student interests, experience and/or insights–in collaboration with the supervisors from SIG and the university.

Working environment -------------------

You will be embedded in the Research team of the Software Improvement Group, with close proximity to other stakeholders of the topic. One of SIG's researchers will be appointed as your daily supervisor. SIG has a lot of experience with hosting and supervising interns during their Master thesis project. Each year between 5 and 10 interns do their projects with us. The grade average of Master projects has been well over 8 for many years.

SIG is a dynamic and demanding working environment that rewards autonomy and curiosity. As part of the internships, interns follow a company onboarding program and we offer the opportunity to observe various (customer) projects/activities inside SIG.

MSc thesis interns receive a renumeration and will be provided a laptop during their internship for conducting their research and accessing SIG infrastructure.

Expectations ------------

Students are expected to perform solid scientific work that is at the same time relevant for practitioners. You will get ample support and supervision and in return we expect you to learn fast and take responsibility for obtaining excellent results. We assume a pro-active approach in signaling opportunities and stumble-blocks, and in involving SIG colleagues in your research, which will be both rewarding and enhance your results.

You are in the graduation phase of a Master program Computer Science, Artificial Intelligence, Software Engineering, Information Science, or similar.

• Strong motivation for doing research in an applied environment.

• Able to communicate well in English, both verbally and in writing.

• Strong analytical skills and academic abilities to become an expert in your topic.

• Programming and data analysis skills are needed for most topics.