Software trustworthiness is the ability of software to satisfy user expectation with its behaviors and results and to still provide continuous services by disturbances [
1]. It can be characterized by many software attributes [
1,
2,
3,
4,
5,
6,
7], which are called trustworthy attributes. Software trustworthiness measurement depicts how to calculate the trustworthy degree of software based on the given trustworthy attributes’ values and their weight values. It can provide a basis for guiding and improving the trustworthiness of design and implementation of software. Therefore, software trustworthiness measurement becomes one of the core scientific problems in researching software trustworthiness [
1]. Many measures based on trustworthy attributes are established. In view of the use of more rigorous methods to evaluate software trustworthiness and theoretical validation of models, Tao et al. apply axiomatic approaches to assess software trustworthiness, present the desirable properties of software trustworthiness measures and establish a series of measures complying with these properties [
8,
9,
10,
11,
12,
13,
14]. Ding et al. combine utility theory and evidence theory to measure software trustworthiness [
15]. They use the utility values of expert scoring to assess the trustworthy attributes, and merge these values according to the Dempster synthesis rule in the evidence theory as software trustworthiness measurement result [
15]. Hauke et al. present the requirements for robust probabilistic trust assessment by use of supervised learning, and apply a selection of estimators to a real-world data set to show the effectiveness of supervised methods [
16]. Muhammad et al. use the scoring upon the completion of system testing execution to rate software trustworthiness. The rating strategy is based on multiple level calculations that produce a final rating, including test strategies imposed, completeness of system test execution, test iterations, test case priority and test case result for each iteration [
17]. Based on trust theory in the field of humanities and sociology, Yang et al. propose a measurable Social-to-Software software trustworthiness framework, and present a whole metric solution for software trustworthiness, namely, the advanced J-M model based on power function, the time-loss rate for ability trustworthiness measurement and the fuzzy comprehensive evaluation model [
18]. Wang et al. design and implement TRUSTIE to balance the crowd wisdom and software trustworthiness in a well-controlled way, and evaluate the trustworthiness of software development activities by considering different kinds of software evidences, such as development evidences, sharing evidences and application evidences. These evidences can directly or indirectly reflect trustworthiness attributes which include not only objective quality attributes like correctness, security, but also subjective attributes for example user evaluations [
19]. The authors of Cho et al. propose a system-level trustworthiness metric framework that accommodates four submetrics, referred to as STRAM (Security, Trust, Resilience, and Agility Metrics), which gives a hierarchical ontology structure. Moreover, they proposes developing and incorporating metrics describing key assessment tools, including Vulnerability Assessment, Risk Assessment and Red Teaming, to provide additional evidence into the measurement and quality of trustworthy systems [
20]. The research on trustworthiness evaluation for specific types of software or intermediate software products by attributes has also achieved fruitful results. Davide et al. elicit the factors that affect the open source software (OSS) trustworthiness through carrying out a survey, collect the objective measures on a sample of 22 Java and 22 C/C++ OSS products by means of the self-developed tool MacXim and subjective evaluations by means of more than 500 questionnaires, and correlate the objective measures to subjective evaluations with a multivariate regression model [
21,
22]. Han constructs a formal model for the workflow management system trustworthiness measurement and proposes a measurement algorithm from the software behaviour entropy of calculus operators through the principle of maximum entropy and the data mining method [
23]. In consideration of the lack of the research on the trustworthiness measurement for software architecture, Jiang et al. establish a trustworthy attribute model of software architecture, and use the Principle of Maximum Entropy and Grey Decision-making Method as the trustworthiness evaluation method of a software architecture [
24]. Gene et al. lay out a heuristic systematic model for assessing trust in code. The proposed model describes a five step process of how programmers perceive trust in computer code, including (1) acquisition, (2) initial viewing, (3) in depth look, (4) incorporation, and (5) reevaluation [
25]. Wang et al. propose an updating model of software component trustworthiness, they compute the trustworthy degree of the software component based on users’ feedback, and determine the weight of updating by the number of users [
26].
Software trustworthiness allocation is the reverse of the software trustworthiness measurement, which refers to the process of determining the trustworthy attribute values according to the minimum trustworthy degree
that a given software must achieve, the minimum value
which the trustworthy attributes must reach, and the trustworthy attribute weight values of the software. Software trustworthiness allocation is useful to increase the software trustworthiness by adjusting the trustworthy attribute values at the same cost. We have investigated the software trustworthiness allocation approach based on trustworthy attributes which allocates software trustworthiness to trustworthy attributes [
27], and the software attribute trustworthiness allocation approach based on sub-attributes which allocates software attribute trustworthiness to sub-attributes [
28]. Due to actual needs, the minimum trustworthy degree
and the minimum value
may be increased, then the software trustworthiness needs to be reallocated to improve the original trustworthy attribute values. Since the trustworthy attribute value is positively correlated with the software research and development cost. Therefore, it is hoped that the software trustworthiness reallocation can minimize the sum of the increases of all the trustworthy attribute values when the trustworthy degree of software is greater than or equal to
and each trustworthy attribute value is more than or equal to
. In order to resolve the above problem, in this paper we build a mathematical programming (MP) model to reallocate the trustworthy degree of software to its attributes appropriately, present a trustworthy attribute value growth function, and propose a reallocation algorithm for solving this MP based on the growth function. Moreover, trustworthiness reallocation of 11 spacecraft softwares are taken as research objects to show the significance and effectiveness of our work. ISO/IEC DIS 30754 standard aims to provide a consensus specification for software trustworthiness by collating good practice from the five main facets of trustworthiness, namely safety, reliability, availability, resilience and security [
29]. They can enable an organization to improve operational effectiveness and efficiency. In addition to the trustworthy attributes mentioned in the ISO/IEC DIS 30754 standard, in our reallocation approach they can also contain other required facets; for example, maintainability. Our reallocation approach can determine the optimal degree of each trustworthy attribute value to be increased with the software trustworthiness improvement requirements satisfied, meanwhile, the trustworthy attribute value is positively correlated with the costs of R & D. Therefore, the adoption of our approach is beneficial to the improvement of enterprise efficiency and the reduction of cost, which is consistent with the goal of ISO/IEC DIS 30754 standard.