ABSTRACT
In recent years, the software production industry has experienced significant changes largely caused by extensive growth of globalisation, outsourcing, and competitive pressure. With these changes, risks in the software supply chain (SSC) have become a growing concern. Such risks include product tampering during development or delivery, potential compromises in quality and assurance due to software defects, production delays, and increased production costs. In this context, this study is aimed at evaluating the primary risks in the software supply chain using Bayesian belief networks combined with the analytic hierarchy process and noisy-OR (a generalisation of the logical OR) techniques to reduce the number of queries required of a given decision maker. A numerical example was presented to illustrate the application in which software suppliers were ranked according to their level of risk. The results indicated that, by using the proposed model, decision makers would be able to select a low-risk supplier by evaluating the probability of system failure caused by tampering or the introduction of defective code in the software. In addition, the proposed approach contributes to a better understanding of the risk main factors in an SSC and could be used to support managerial decision-making related to software products.
Acknowledgements
The authors would like to thank the UNINOVE for its financial support.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Additional information
Notes on contributors
![](/cms/asset/16ae8d87-b698-4469-b193-8f76a96ed46b/tprs_a_1825860_ilg0001.gif)
André Felipe Henriques Librantz
André Felipe Henriques Librantz is currently a professor and researcher in the Informatics and Knowledge management graduate Program at Universidade Nove de Julho in Sao Paulo, Brazil. He received the Ph.D and M.Sc. degrees in Applied Physics from the Universidade de São Paulo. His research interests include modelling and optimisation of processes and multicriteria decision methods.
![](/cms/asset/fd409ebc-5834-4dbb-890b-5a98c1c3cc49/tprs_a_1825860_ilg0002.gif)
Ivanir Costa
Ivanir Costa is currently a professor and researcher in the Informatics and Knowledge management graduate Program at Universidade Nove de Julho in Sao Paulo, Brazil. He received the Ph.D degree in Production Engineering by Universidade de São Paulo (USP). His research interests include the Information Technology to support decision making in organisations.
![](/cms/asset/7e0fe59a-dc17-484c-8dc4-6ebc34ba0063/tprs_a_1825860_ilg0003.gif)
Mauro de Mesquita Spinola
Mauro de Mesquita Spinola is Associate Professor at Polytechnic School of the University of Sao Paulo, Brazil. He holds a degree in Electronics Engineering from the Technological Institute of Aeronautics (ITA), a Master in Applied Computing from the National Institute for Space Research (INPE) and a PhD in Electrical Engineering from the Polytechnic School of USP. His main research topics are Information Technology Management and Systems Development Platforms.
![](/cms/asset/045ab972-cf1d-4446-b8e2-9ae8b3628899/tprs_a_1825860_ilg0004.gif)
Geraldo Cardoso de Oliveira Neto
Geraldo Cardoso de Oliveira Neto is currently a professor and researcher in the Industrial Engineering post graduation program at Universidade Nove de Julho in Sao Paulo, Brazil, with research interests in logistics and supply chain management, eco-eficiency and cleaner production. He graduated with a Business Management degree, and with master’s and PhD degrees in Production Engineering.
![](/cms/asset/acd3d7eb-2f24-4507-b679-407421f89e69/tprs_a_1825860_ilg0005.gif)
Leandro Zerbinatti
Leandro Zerbinatti is currently a professor in the Graduate Program in Computing and Informatics at Mackenzie University in São Paulo, Brazil. He received his Ph.D. from the Polytechnic School of the University of São Paulo. His research interests include artificial intelligence and decision support systems.