ALGORITHM FOR IDENTIFICATION, PRIORITIZATION AND HIERARCHICAL CLASSIFICATION OF SOFTWARE QUALITY ASSURANCE RISKS, TAKING INTO ACCOUNT THE TYPE OF IT PRODUCT

Abstract

The paper addresses the problem of formalized risk management in software quality assurance under the increasing complexity of modern IT products that integrate cloud services, artificial intelligence components, data-centric subsystems, and DevSecOps processes. A mathematical model of an algorithm for risk identification, multi-criteria prioritization, and hierarchical classification is proposed, taking into account the type of IT product and the software development lifecycle phase. The model represents risks as multidimensional feature vectors including defect probability, aggregated impact on quality attributes, contextual criticality coefficients, and product-specific parameters. An integral priority index is introduced to enable quantitative comparison of heterogeneous risks within a unified metric space. Hierarchical classification is implemented using agglomerative clustering, allowing the construction of an adaptive risk taxonomy based on empirical metric data. To validate the proposed model, a decision support system prototype was developed in Python, implementing the full computational workflow: defect risk prediction, risk vector construction, multi-criteria prioritization, and hierarchical risk structuring. The empirical basis of the study is the NASA Metrics Data Program dataset containing static code metrics and binary defect labels. The results demonstrate the feasibility of constructing a reproducible hierarchical risk structure and quantitatively ranking software modules by criticality. It is shown that even with moderate defect prediction performance, the multi-criteria approach provides a preventive risk assessment and improves the informativeness of decision-making compared to expert-based methods. The scientific novelty lies in the integration of risk identification, prioritization, and classification into a single formalized procedure sensitive to IT product type and grounded in metric-driven adaptive hierarchies. The practical significance of the results is associated with the applicability of the proposed algorithm in software quality and risk management systems for strategic test planning, technical debt management, and resource optimization under multi-criteria constraints.