1 / 22

Metrics validation criteria: How do we know when a metric is worthwhile?

Metrics validation criteria: How do we know when a metric is worthwhile?. Ben Smith Andy Meneely Laurie Williams. Scenario.

alder
Download Presentation

Metrics validation criteria: How do we know when a metric is worthwhile?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Metrics validation criteria: How do we know when a metric is worthwhile? Ben Smith Andy Meneely Laurie Williams 1

  2. Scenario You and your team are asked to choose a set of metrics for your development company’s front-running application, iAwesome. The goal of this metrics project is to reduce post-release vulnerabilities by predicting them during the software lifecycle. How do you demonstrate to management that your metrics are meaningful and worthwhile? 2

  3. Metric Uses Metrics Research Quality Assessment Process Improvement Process Certification Task Planning Prediction 3

  4. Motivation Software System Component m=.15 Component m=.25 M < .2 Component m=.95 Prediction Component m=.05 Component m=.01 Component m=.21 4

  5. Well, the metric was predictive… …but may not be valid! How do we know when a metric is valid? 5

  6. Metrics Validation Criteria Metrics validation criteria: boolean statements about various aspects of the validity of a metric. Example: Underlying theory validity: Is there an underlying theory as to why the metric was chosen? 6

  7. Agenda • Motivation: what is validity? • Anatomy of a systematic literature review • Validating a security metric for prediction • Is prediction the only answer? 7

  8. Objective • Guide researchers in making • Sound contributions to the metrics field • Providing a practical summary • The “superset” of all proposed metrics validation criteria 8

  9. Foundation in the Literature 9

  10. Systematic literature review 10

  11. Results of the Review • Three major categories for metrics validation criteria: • Internal: the metric correctly measures the attribute it purports to measure. • External: the metric is related in some way with an external quality factor. • Construct: the gathering of a metric’s measurements is suitable for the definition of the targeted attribute. 11

  12. Two Competing Philosophies • Goal-driven: philosophy holds that the primary purpose of a metric is to apply it to a software process. • Theory-driven: views that the primary purpose of a metric is to gain understanding of the nature of software. 12

  13. Agenda • Motivation: what is validity? • Anatomy of a systematic literature review • Validating a security metric for prediction • Is prediction the only answer? 13

  14. Scenario You and your team are asked to choose a set of metrics for your development company’s front-running application, iAwesome. The goal of this metrics project is to reduce post-release vulnerabilities by predicting them during the software lifecycle. How do you demonstrate to management that your metrics are meaningful and worthwhile? 14

  15. Choosing the best criteria To succeed with this metrics project, you should chose validation criteria that: • Help with the accuracy of prediction • Prioritize business over knowledge for the sake of knowledge • Are absolutely necessary 15

  16. Metrics Validation Criteria A priori validity Actionability Appropriate Continuity Appropriate Granularity Association Attribute validity Causal model validity Causal relationship validity Content validity Construct validity Constructiveness Definition validity Discriminative power Dimensional consistency Economic productivity Empirical validity External validity Factor independence Improvement validity Instrument validity Increasing growth validity Interaction sensitivity Internal consistency Internal validity Monotonicity Metric Reliability Non-collinearity Non-exploitability Non-uniformity Notation validity Permutation validity Predictability Prediction system validity Process or Product Relevance Protocol validity Rank Consistency Renaming insensitivity Repeatability Representation condition Scale validity Stability Theoretical validity Trackability Transformation invariance Underlying theory validity Unit validity Usability 16

  17. Reduced Metrics Validation Criteria A priori validity Actionability Appropriate Continuity Appropriate Granularity Association Attribute validity Causal model validity Causal relationship validity Content validity Construct validity Constructiveness Definition validity Discriminative power Dimensional consistency Economic productivity Empirical validity External validity Factor independence Improvement validity Instrument validity Increasing growth validity Interaction sensitivity Internal consistency Internal validity Monotonicity Metric Reliability Non-collinearity Non-exploitability Non-uniformity Notation validity Permutation validity Predictability Prediction system validity Process or Product Relevance Protocol validity Rank Consistency Renaming insensitivity Repeatability Representation condition Scale validity Stability Theoretical validity Trackability Transformation invariance Underlying theory validity Unit validity Usability 17

  18. Rejected (and why) • A metric has improvement validity if the metric is an improvement over existing metrics. • A metric has increasing growth validity if the metric increases when concatenating two entities together. 18

  19. Accepted (and why) • A metric has usability if it can be cost-effectively implement in a quality assurance program. • A metric has instrument validity if the underlying measurement is valid and properly calibrated. 19

  20. Agenda • Motivation: what is validity? • Anatomy of a systematic literature review • Validating a security metric for prediction • Is prediction the only answer? 20

  21. Measurement Theory • Metrics can be used as the route to understanding the nature of software and the software development process • Rather than a list of components, we’d like a list of action items based on a set of theories: applied science • Reactive vs. Proactive 21

  22. Questions? 22

More Related