Software systems have an increasing value in our lives, as our society relies on them for the numerous services they provide. However, as our need for larger and more complex software systems grows, the risks involved in their operation also grows, with possible consequences in terms of significant material and social losses. The rational management of software defects and possible failures is a fundamental requirement for a mature software industry. Standards, professional guides and capability models directly emphasize how important it is for an organization to know and to have a well-established history of failures, errors and defects as they occur in software activities. The problem is that each of these reference models employs its own vocabulary to deal with these phenomena, which can lead to a deficiency in the understanding of these notions by software engineers, causing potential interoperability problems between supporting tools, and, consequently, a poorer adoption of these standards and tools in practice. In this paper, we address this problem of the lack of a consensual conceptualization in this area by proposing two reference conceptual models: an Ontology of Software Defects, Errors and Failures (OSDEF), which takes into account an ecosystem of software artifacts, and a Reference Ontology of Software Systems (ROSS), which characterizes software systems and related artifacts at different levels of abstraction. Moreover, we use OSDEF and ROSS to perform an ontological analysis of the impact of defects, errors and failures of software systems from a risk analysis perspective. To do that, we employee an existing core ontology, namely, the Common Ontology of Value and Risk (COVR). The ontologies presented here are grounded on the Unified Foundational Ontology (UFO) and based on well-known and widely-accepted standards, professional and scientific guides and capability models. We demonstrate how this approach can suitably promote conceptual clarification and terminological harmonization in this area.

软件系统在我们的生活中具有越来越高的价值，因为我们的社会依赖于它们提供的众多服务。但是，随着我们对更大，更复杂的软件系统的需求不断增长，其运行中涉及的风险也越来越大，可能造成重大的物质和社会损失。合理管理软件缺陷和可能的故障是成熟的软件行业的基本要求。标准，专业指南和能力模型直接强调了对于组织而言，了解并拥有在软件活动中发生的故障，错误和缺陷的完善历史非常重要。问题在于这些参考模型中的每一个都使用自己的词汇表来处理这些现象，这可能会导致软件工程师对这些概念的理解不足，从而在支持工具之间造成潜在的互操作性问题，因此，在实践中对这些标准和工具的采用会较差。在本文中，我们通过提出两个参考概念模型来解决这一领域缺乏共识概念化的问题：软件缺陷，错误和失败的本体论（OSDEF），其中考虑了软件工件的生态系统；以及软件系统参考本体（ROSS），用于表征不同抽象级别的软件系统和相关工件。此外，我们使用OSDEF和ROSS从风险分析的角度对软件系统的缺陷，错误和故障的影响进行了本体分析。要做到这一点，我们采用现有的核心本体，即价值与风险通用本体（COVR）。此处介绍的本体基于统一基础本体（UFO），并基于众所周知且广为接受的标准，专业和科学指南以及功能模型。我们演示了这种方法如何在此领域中适当地促进概念的澄清和术语的统一。