Professional Documents
Culture Documents
Chapter 4
Design Phase
Objective:
Structure:
! !181
DESIGN PHASE
4.7 Summary
! !182
DESIGN PHASE
The next phase and a crucial one in the Software Development Life Cycle is
the design phase. A software design is a meaningful engineering
representation of some software product that is to be built. The aim of
design is to move from the problem domain to the solution domain and to
produce a model that will provide a seamless transition to the coding
phase. Once requirements are analyzed and found to be satisfactory, a
design model is created which can be easily implemented. The design
phase is the intermediate language between requirements and code where
one proceeds from the abstract to more concrete representations. This is
the phase in which the customer's requirements are translated to enable a
finished software product or system.
The design activity begins with the set of requirements identified, reviewed
and approved in the requirements gathering and analysis phases. For each
requirement, a set of one or more design elements will be produced as a
result of interviews, workshops, and/or prototype efforts. Design elements
describe the desired software features in detail, and include functional
hierarchy diagrams, screen layout diagrams, business rules, business
process diagrams, pseudo-code, and entity-relationship diagram with a full
data dictionary. These design elements describe the software in sufficient
detail so that skilled programmers may develop the software with minimal
additional input design. Design is the "technical kernel" of software
engineering and is applied regardless of the process model used.
! !183
DESIGN PHASE
The main difference between the analysis and design phase is that the
output of "analysis" consist of smaller problems to solve. "Analysis" is not
different even if it is designed by different team members or groups.
"Design" focuses on the capabilities, and there can be multiple designs for
the same problem depending on the environment that solution will be
hosted. They can be operating systems, webpages, mobile or cloud
computing based systems. Sometimes the design depends on the
environment that it was developed for.
It must be emphasized here that design is not coding and coding is not
design. The level of abstraction of the design model is higher than source
code. Software design being an iterative process, initially the design will be
at a high level of abstraction. As design iterations occur, subsequent
refinement leads to design representations at much lower levels of
abstraction.
! !184
DESIGN PHASE
❖ The design process should not suffer from "tunnel vision." A good
designer should consider alternative approaches, judging each based on
the requirements of the problem, the resources available to do the job.
❖ The design should not reinvent the wheel. Systems are constructed using
a set of design patterns, many of which have likely been encountered
before. These patterns should always be chosen as an alternative to
reinvention.
❖ The structure of the software design should closely mimic the structure
of the problem domain.
! !185
DESIGN PHASE
❖ The design should be structured to be flexible and accommodate change.
Some desirable characteristics that every good software design for general
application must possess are listed below:
! !186
DESIGN PHASE
❖ Robustness (reliability): The software must be able to perform a
required function under stated conditions for a specified period of time.
The software must be able to operate under stress or tolerate
unpredictable or invalid input.
! !187
DESIGN PHASE
❖ Scalability - As the usage of any application grows there is an increase
in the number of users and the data. A good design should be able to
scale to meet the increasing data or number of users.
! !188
DESIGN PHASE
Data abstraction is the separation of the logical properties of data from the
details of how the data are represented. A data abstraction is a named
collection of data that describes a data object. In the context of the
procedural abstraction "open", one can define a "data" abstraction called
door. Data abstraction for door would encompass a set of attributes that
describe the door e.g. manufacturer, door type, door material, swing
direction, weight, lights coming on, pull or push, mechanisms, etc. In data
! !189
DESIGN PHASE
abstraction, the focus is on the problem's data rather than the tasks to be
carried out.
Architecture refers to the overall structure of the software and the ways in
which that structure provides conceptual integrity for a system. In its
simplest form, architecture is the hierarchical structure of program
modules, the manner in which these components interact and the structure
of data that are used by the components. Like any civil engineering
structure, software must have a solid foundation. Failing to consider key
scenarios, design for common problems or to predict the long term
consequence of a key decision can put the development work at risk. Poor
architecture can make the software unstable, produce more bugs during
coding phase and it is hard to support development for future business
requirements.
! !190
DESIGN PHASE
! !191
DESIGN PHASE
!
! !192
DESIGN PHASE
The car manufacturer may have a luxury version of the car and a standard
version. Luxury version has a more powerful engine than the standard one.
Engineers designing the two engines provide the same interface for both
engines. Both engines fit into the engine bay of the car, fit the same
transmission, the same engine mounts and the same controls. The
differences are that the more powerful luxury version has a larger
displacement with a fuel injection system that is programmed to provide
the fuel air mixture.
In addition the luxury version may also offer other options such as better
CD player, more comfortable seats, a better suspension system with wider
tires, and different paint colors. The radio with CD player is a module which
replaces the standard radio, more comfortable seats get installed into the
same seat mounts, whether the seats are leather or plastic, or offer lumbar
support or not, doesn't matter.
! !193
DESIGN PHASE
Engineers design the car by dividing the task up into pieces of work which
are assigned to teams who design their component to a particular standard
or interface. Such a "platform" also provides an example of information
hiding, since the floor-plan can be built without knowing whether it is to be
used in a sedan or a hatchback.
Suppose one wants to reserve ranges of IDs for special purposes (trainees,
contractors)? Or if one wants to reuse the IDs of objects (left the
organization) that have been destroyed? If there are several statements
where ID is used in the code in a program each of them need to be
changed for these new requirements.
! !194
DESIGN PHASE
❖ Scope of reuse: Since each module does some well-defined and precise
function, and the interaction of the module with the other modules is
simple and minimal a cohesive module can be easily taken out and
reused in a different program.
! !195
DESIGN PHASE
❖ If two modules interchange large amounts of data, then they are highly
interdependent.
There are five types of coupling can occur between any two modules.
! !196
DESIGN PHASE
! !197
DESIGN PHASE
❖ Communicational cohesion: A module is said to have communicational
cohesion, if all functions of the module refer to or update the same data
structure, e.g. the set of functions defined on an array or a stack.
In practice both coupling and cohesion are used; cohesion and coupling are
interrelated. Greater the cohesion of modules, lower is the coupling
between modules. Low coupling is often a sign of a well-structured
computer system and a good design, and when combined with high
cohesion, supports the general goals of high readability and maintainability.
The mantra is "Low coupling, high cohesion".
! !198
DESIGN PHASE
Open
• Walk to Door
• Reach for knob Repeat until Door Opens
• Open Door Turn Knob Clockwise
• Walk thru Door If Knob does not turn, then
• Close Door Take Key out;
Find correct key;
Insert in Lock
endif
Push/Pull door move out of way
End repeat
!
! !199
DESIGN PHASE
The system state is centralized and shared among different functions, e.g.
data such as member-records is available for reference and updates to
several functions such as "create- new-member", "delete-member",
"update-member-record", etc.
! !200
DESIGN PHASE
In OOD, the basic abstraction are not real-world functions such as sort,
display, track, etc., but real-world entities such as employee, picture,
machine, radar system, etc. For example in OOD, an employee pay-roll
software is not developed by designing functions such as update-
employee-record, get-employee-address, etc. but by designing objects
such as employees, departments, etc. Grady Booch explains the difference
as "identify verbs if one uses procedural design and identify nouns if one
uses object-oriented design"
! !201
DESIGN PHASE
OOD. The functions are usually associated with specific real-world entities
(objects); they directly access only part of the system state information.
❖ Scope
❖ Data Design
❖ Architectural Design
❖ Interface Design
❖ Procedural Design
❖ Requirements Cross Reference
❖ Test Provisions
❖ Special Notes
❖ Appendices
! !202
DESIGN PHASE
4.7 SUMMARY
! !203
DESIGN PHASE
! !204
DESIGN PHASE
18.What are the different types of coupling? Briefly explain each of them.
19.What are the different types of cohesion? Briefly explain each of them.
! !205
DESIGN PHASE
REFERENCE MATERIAL
Click on the links below to view additional reference material for this
chapter
Summary
PPT
MCQ
Video Lecture
! !206
USER INTERFACE DESIGN
Chapter 5
User Interface Design
Objective:
Structure:
5.4. Summary
! !207
USER INTERFACE DESIGN
User in Control: Users are most comfortable when they feel in control of
themselves and their environment. Programmers sometimes create
software that forces people into unplanned interactions, confusing
navigations and surprising outcomes. A good interface design should let
the user be in control by regularly displaying system status, describing the
effect of any action and highlighting what to expect at every turn. Even the
obvious need to be stated - one knows very well that the obvious almost
never IS.
! !208
USER INTERFACE DESIGN
Meaningful defaults: For example a user need not remember and type a
15 character account number every time he pays an electricity bill online.
The system should have some logic to show the last entries made and
reduce the demand on short term memory. Such features are evident in
several applications like Facebook, LinkedIn, MS Office, etc. When entering
dates for any transaction or data on a screen the current date is shown as
default in many applications. Or if someone has entered "Mrs." for "Title" in
an online application form the gender by default can be shown as "F" for
female. While booking an airline return ticket the system can display the
onward travel date as the default travel date for the return journey.
Graphical User Interface: Today with excellent graphics cards and visual
design tools being available, design the interface with objects on screen is
a given. Visual layout is far easier to interpret and use. The visuals should
be based on a real world. In a GUI multiple windows with different
information can simultaneously be displayed on the user screen. This is
perhaps one of the biggest advantages of GUI over text-based interfaces
since the user has the flexibility to simultaneously interact with several
related items at any time and can have access to different system
information displayed in different windows. Symbolic information
manipulation such as dragging an icon representing an image or file to a
trash can be deleting is intuitively very appealing and the user can
instantly remember it. Usage of metaphors i.e. the abstractions of real-life
objects or concepts used in user interface design is highly recommended
and effective. For example if the user interface of a text editor uses
concepts such as cutting lines and paragraphs and pasting it at other
places, users can immediately relate to it. Another commonly seen
metaphor is a shopping cart on online shopping sites where the cart is used
to make choices while purchasing items in a supermarket.
! !209
USER INTERFACE DESIGN
! !210
USER INTERFACE DESIGN
! !211
USER INTERFACE DESIGN
Multiple skill levels: A good user interface should support multiple levels
of sophistication of command issue procedure for different categories of
users. Many applications today are not designed for handicapped persons
or visually impaired persons although several standards exist for
developing such applications. Designing an interface for different skill levels
is necessary because users with different levels of experience in using an
application prefer different types of user interfaces. Experienced users are
more concerned about the efficiency of the command issue procedure,
whereas beginners look for usability aspects. Cryptic and complex
commands discourage a novice, whereas elaborate command sequences
make the command issue procedure very slow and therefore put off
experienced users. As users become more and more familiar with an
interface their focus shifts from usability aspects to speed of command
issue aspects. Experienced users look for options such as "hot-keys",
"macros", etc. Providing both keyboard and mouse interfaces offers users
flexibility and allows users of different skill levels or physical handicaps to
use input devices in whatever ways they feel comfortable.
! !212
USER INTERFACE DESIGN
might have saved many users time and effort apart from the stress of
recovering lost data or information.
On-line help: Users seek guidance and on-line help when they either
forget a command or are unaware of some features of the software. Users
should be provided with the appropriate guidance and help any time while
using the software. This is different from the guidance and error messages
which are flashed automatically without the user asking for them. The
guidance messages prompt the user regarding the options he has
regarding the next command, and the status of the last command, etc. A
good on-line help system should keep track of what a user is doing while
invoking the help system and provide the output message in a context-
dependent way. Here again MS products are excellent examples of how
online help can be provided - some are so exhaustive that one wonders
who reads them!
❖ Are users' experts in the subject matter that is addressed by the system?
❖ How does the user learn to interact with a new computer based system?
❖ Can users learn from written materials or do they need class room
training?
! !213
USER INTERFACE DESIGN
❖ What would the user want the system to do?
❖ How would the system fit in with the user's normal workflow or daily
activities?
❖ How technically savvy is the user and what similar systems does the user
already use?
❖ What are the tasks and sub-tasks that end-users must perform to do
their work?
❖ What are the consequences if a user makes a mistake using the system?
❖ How does a work process get completed when several people (and roles)
are involved? And many more....
There are several modes for gathering inputs for designing the user
interface
❖ Observation: Watch users as they attempt to perform tasks with the user
interface.
❖ Sales input - sales people help designers categorize users and better
understand their needs
! !214
USER INTERFACE DESIGN
❖ Marketing input - marketing analysis can help define market segments
and help understand how each segment might use the software
❖ Support input - support staff can provide good input what works and
does not, what users like, what features generate questions, and what
features are easy to use
Menu-based Interface
For persons not familiar with programming languages or people wary of
technology command language-based interfaces are either intimidating,
difficult to learn or complex to remember. A menu-based interface is
preferred over a command language-based interface which does not
require the users to remember the exact syntax of the commands. A
menu-based interface is based on recognition of the command names,
! !215
USER INTERFACE DESIGN
rather than recollection. For example one would right-click on a file, select
the "Rename" option which will then allow the user to type the new name
for the file directly or make necessary changes by use of keyboard and
mouse. Typing effort is minimal as most interactions are carried out
through menu selections using a pointing device. One major challenge in
the design of a menu-based interface is structuring large number of menu
choices into manageable forms.
! !216
USER INTERFACE DESIGN
5.4 SUMMARY
! !217
USER INTERFACE DESIGN
2. Consider any application you have been using for more than 1 year,
however simple it may be. Explain how the characteristics of the user
interface has been implemented for that application?
3. What are the simple rules to keep in mind while designing user
interfaces?
7. What are the modes of collecting user inputs for designing the user
interface?
8. State and explain the three different categories of user interface design?
! !218
USER INTERFACE DESIGN
REFERENCE MATERIAL
Click on the links below to view additional reference material for this
chapter
Summary
PPT
MCQ
Video Lecture
! !219
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
Chapter 6
Code Construction - Standards and
Guidelines
Objective:
Structure
6.6 Summary
! !220
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
Many a software has not seen the light of day or has remained unusable.
Coding errors and quality issues either delay the development process or
result in the projects being shelved. Coding the next phase in the SDLC life
cycle after design is a key phase where all ideas, customer requirements
and design get converted into more a concrete entity i.e. code. Coding is
the phase of a software development project where developer's actually
input the source code into a computer that will be compiled into the final
software program.
Source code is the high level language (i.e. C#, Java, Python, etc.) that is
typed into an IDE (interactive development environment) and stored in a
text file on the computer. This text file is compiled into machine code,
which are the instructions actually understood by the computer. Code
construction includes multitudes of algorithms, operating systems,
languages and databases - covering them is beyond the scope of this book.
However irrespective of the platform there are certain rules and guidelines
which need to be adhered to in the coding phase.
! !221
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
❖ Programmers can go into any code and figure out what's going on, so
maintainability, readability and reusability are increased
❖ People new to a language can adapt to an existing style & get to speed
quickly
❖ People new to a language can avoid making the same mistakes over and
over again, so reliability is increased
! !222
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
❖ A coding standard gives a uniform appearance to the codes written by
different engineers.
One comes across terms like policy, standard, procedure and guidelines
and generally confuses people using them. Policy is a high level statement
uniform across the organization; business rules for fair and consistent staff
treatment and ensures compliance. Example: Dress code policy, e-mail and
internet policy. A Standard is the lowest level control that cannot be
changed; acceptable level of quality or attainment. Example: standard of
living, standard size. A procedure tells us step by step what to do to
accomplish the end. Example: Standard operating procedures (SOP's), a
medical procedure. Guideline is simply to give an overview of how to
perform a task; a piece of advice on how to act in a given situation.
Example: Employment discrimination guidelines, screening guideline
! !223
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
!
Standard: It is a mandatory action or rules designed to support and
conform to a defined policy; a standard makes a policy more meaningful
and effective. Standards are rules which programmers are expected to
follow. The goal of the coding standard is to increase reliability by
promulgating intelligent coding practices.
For example, a coding standard may contain rules that help developers
avoid complicated language constructs, limit complexity of functions, and
use a consistent syntactical and commenting style. These rules can
drastically reduce the occurrence of flaws, make software easier to test,
and improve long term maintainability.
! !224
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
There are three parts to Coding Standards viz. General Coding Standards,
Language Specific Standards and Project Specific Standards
Also one must avoid obscure side effects. An obscure side effect is one that
is not obvious from a casual examination of the code. Obscure side effects
make it difficult to understand a piece of code. For example if some file
Input/Output is performed which is difficult to infer from the function's
name and header information, it becomes difficult for anybody trying to
understand the code.
Coding for Efficiency vs.. Coding for Readability - Writing software that
runs efficiently and writing software that is easy to maintain. Programmer
must carefully weigh efficiency gains Vs. program complexity and
readability
! !225
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
❖ Avoid using one identifier for multiple purposes. Programmers often use
the same identifier to denote several temporary entities. For example,
some programmers use a temporary loop variable for memory efficiency
while computing and a storing the final result. There are several things
wrong with this approach and hence should be avoided. Use of variables
for multiple purposes usually makes future enhancements more difficult.
! !226
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
❖ Inline comments - where appropriate, Inline comments adding important
information is recommended. E.g. int gStateFlag; /* This state variable is
defined here, initialized in Main */.
As the name suggests, inline comments appear in the body of the source
code itself. Inline comments promote program readability, allows a person
not familiar with the code to more quickly understand and reduce the
amount of time required to perform maintenance tasks. A rule of thumb is
that inline comments should make up 20% of the total lines of code in a
program.
❖ The name of the source file or script shall represent its function. All of
the routines in a file shall have a common purpose. All folder and file
names shall begin with a 3 character prefix indicating the company
name. Or folder names shall indicate what the contents are e.g.
SUV_HIREaTEMPO_DesignDiagrams.
❖ The length of any function should not exceed 10 source lines: A function
that is very lengthy is usually very difficult to understand as it probably
carries out many different functions. For the same reason, lengthy
functions are likely to have disproportionately larger number of bugs.
❖ Wrapping Lines - When an expression will not fit on a single line, break it
e.g. break after a comma break after an operator etc.
! !227
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
❖ Use of Parentheses - Better to use parentheses liberally. Even in cases
where operator precedence unambiguously dictates order of evaluation of
any expression, include parentheses to improve readability
There are universal language specific coding standards for every language.
C++ is standardized by an ISO working group; one of the major revisions
of the C++ standard, C++11 was released on the 12 August 2011. Some
coding standard examples are
❖ Rules for limiting the use of "global". These rules list what types of data
can be declared global and what cannot. In C++ global variables should
always be referred to using the :: operator e.g. ::
mainWindow.open(), ::applicationContext.getName(). In general, the use
of global variables should be avoided and using singleton objects need to
be considered.
! !228
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
❖ Classes: Classes should be named using "CamelCase." e.g. abstract class
DatabaseConnection extends PDO; Class methods and properties should
use "lowerCamelCase": public $lastStatement;.
These standards are based on the general coding standards & language
standards. They apply to the specific project for future ease of
maintenance. The language & Project standards supplement, rather than
override, the General Coding standards. Coding and Language Standards
are generally customized for each project based on
! !229
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
6.6 SUMMARY
Lack of standards and guidelines for coding has resulted in many software
applications not seeing the light of day or remaining unstable. The coding
phase follows the design phases where all ideas, customer requirements
and design get converted into more a concrete entity i.e. code. This is the
phase where developer's actually input the source code into a computer
that will be compiled into the final software program. It must be
emphasized that code is read much more often than it is written. Code
construction includes multitudes of algorithms, operating systems,
languages and databases. Irrespective of the platform there are certain
rules and guidelines which need to be adhered to in the coding phase. A
coding standard lists several rules to be followed during coding with the
goal being improvement of the productivity of all software development.
The benefits of enforcing a standard style of coding is not just for the
programmer coding the program but for future maintenance, learning
speed for new programmers assigned to the projects, improving
productivity and quality of deliverables. Guidelines often confused as
standards are different and stem from best practices. They are general
statements, recommendations, or administrative instructions designed to
achieve the policy's objectives by providing a framework within which to
implement procedures. Standards are mandatory actions or rules designed
to support and conform to a defined policy; a standard makes a policy
more meaningful and effective. Standards are rules which programmers
are expected to follow. There are general coding standards, language
specific standards and project specific standards. It is important to
remember that when one codes for efficiency it must be also easy to
maintain i.e. code for readability.
! !230
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
2. What is meant by the word "standard"? Give some real life examples of
a "standard" and its usage.
9. What is a coding standard? Identify the problems that might occur if the
engineers of an organization do not adhere to any coding standard.
! !231
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
! !232
CODE CONSTRUCTION - STANDARDS AND GUIDELINES
REFERENCE MATERIAL
Click on the links below to view additional reference material for this
chapter
Summary
PPT
MCQ
Video Lecture
! !233
TESTING PHASE
Chapter 7
Testing Phase
Objective:
❖ Objectives of testing
❖ What is testing?
❖ Static Testing, what code review is, code inspection is, etc.
! !234
TESTING PHASE
❖ Experience Based, Error Guessing and Cause-Effect Graphing Testing
❖ Defect Management
Structure:
7.6 Debugging
! !235
TESTING PHASE
7.13. Summary
! !236
TESTING PHASE
Software testing is the next phase after completion of design and code
construction. Testing is an investigation conducted to provide stakeholders
with information about the quality of the product or service under test.
Software testing also provides an objective, independent view of the
software to allow the business to appreciate and understand the risks of
software implementation
❖ Between January 4th and May 24th, 2000, 158 women had been told
that they had very little reason to worry about having a child with Down
syndrome, when four were carrying fetuses with the abnormality. An
investigation into the incident had revealed that the software
automatically assumed that patients weighed zero pounds if an actual
weight was not known.
❖ Knight Capital's $440 million loss. (The Register) Knight Capital, a firm
that specializes in executing trades for retail brokers, took $440m in cash
losses in 2012 due to a faulty test of new trading software.
Unfortunately, the trading algorithm the program was using was a bit
eccentric as well. Knight Capital's software went out and bought at the
"market" price and then sold at the bid price-instantly - over and over
and over again. Knight's fast buys and sells moved prices up and
attracted more action from other trading programs. This only increased
the amount of losses resulting from their trades to the point where, at
the end of the debacle 45 minutes later, Knight Capital had lost $440m
and was teetering on the brink of insolvency.
! !237
TESTING PHASE
! !238
TESTING PHASE
!
The list is endless…
! !239
TESTING PHASE
Of course, IT projects rarely fail for just one or two reasons. Most failures,
in fact, can be traced to a combination of technical, project management,
and business decisions. Testing becomes all the more important to avoid
project failures.
! !240
TESTING PHASE
Software testing has its share of myths just as every other field arising due
to lack of authoritative facts, evolving nature of the industry and general
flaws in human logic. Though common-sense tells that testing is part of a
learning it is being challenged by myths. Some of the prevalent myths are:
! !241
TESTING PHASE
❖ Testers are second-class citizens
Too many people assume that testing can't be that hard if a general user
finds bugs all the time. Therefore testers are "second-class-citizens"
compared to designers and developers. In fact, that is a totally unfair
assessment since testing is a complex craft which is not the "cup-of-tea"
for average professionals. According to Google's Patrick Copeland, what
makes a great tester:-
Quote: "From the 100s of interviews I've done "great" boils down to: 1) a
special predisposition to finding problems and 2) a passion for testing to go
along with that predisposition. In other words, they love testing and they
are good at it. They also appreciate that the challenges of testing are,
more often than not, equal or greater than the challenges of programming.
A great "career" tester with the testing gene and the right attitude will
always be able to find a job. They are gold."- Unquote
! !242
TESTING PHASE
❖ There's no challenge in testing
Ask any programmer the time that he/she will take to complete a simple
login screen from design till working module. The requirements of a login
screen are pretty standard and universal. 80% of the programmers will
exclude the testing time from their estimates. The assumption is that
development is more challenging and time consuming. Reality is that
testing can be difficult, time consuming and challenging more so than
coding. Creativity is essential to be applied when formulating test
approaches, when designing tests, writing test scripts, creating test data
and more importantly putting themselves in the "customer's shoes" to
simulate live working conditions during testing. A skilled tester is often an
expert of the product or application being tested. Programmers spend most
of their time working on a very specific area, function or component of the
application whereas a tester analyzes and understands how the entire
system works from an end-to-end standpoint. Testers need to demonstrate
their understanding of the product in a way that adds value to the product.
There are many more myths but in summary these are misplaced beliefs
and reality of testing is different. The subsequent sections will provide
some insight into the challenges of the testing phase.
! !243
TESTING PHASE
Verification and validation are not the same things, although they are often
confused. Boehm clarified the difference between them with a play on
English words as follow:
Software verification is ensuring that the product has been built according
to the requirements and design specifications, while software validation
ensures that the product actually meets the user's needs, and that the
specifications were correct in the first place.
! !244
TESTING PHASE
Planning
❖ Verification of contract
❖ Review and evaluation of concept document
❖ Review of Test plans and Strategy
❖ Performing risk analysis
Requirement phase
❖ Review and evaluation of software requirements
❖ Review and evaluation of the interfaces
❖ Review of Software Requirement Specifications
❖ Generation of systems test plan
❖ Generation of acceptance test plan
Design Phase
❖ Review and evaluation of software design
❖ Review of diagrams and documents
❖ Review and evaluation of the Interfaces (UI)
❖ Generation of Integration test plan
❖ Generation of Component test plan
❖ Generation of Test design
Testing Phase
❖ Execution White Box and Black Box testing
❖ Execution of Functional and Non-Functional Tests
❖ Execution of unit test cases
❖ Execution of integration test cases
❖ Execution of systems test cases
❖ Execution of acceptance test cases
❖ Capturing Defects and Generating Metrics for testing phase
• Updating of traceability metrics
• Risk analysis
! !245
TESTING PHASE
❖ Implementation phase
• Review of Installation documents
• Review of installation and configuration
• Final test of the installation candidate build
The activities listed above looks daunting for one individual to complete.
Verification and Validation are performed by different groups of people
during the development life cycle. The table given below gives some
examples of the verification activities and people performing them
! !246
TESTING PHASE
The table given below gives some examples of the validation activities and
people performing them
! !247
TESTING PHASE
Testing can show the defects are present, but cannot prove that there are
no defects. Even after thoroughly testing the application and the
application may be in use for more than 10 years, one can never claim that
the software is 100% defect free. Testing reduces the number of
undiscovered defects remaining in the software but even if no defects are
found, it is not a proof of correctness. Therefore, it is important to design
test cases which find as many defects as possible.
It is quite common for the testing phase to get squeezed at the end of the
development lifecycle, i.e. when development has finished and surprises
! !248
TESTING PHASE
An analogy can be taken from the need for "polio" vaccination to kids
before they reach schooling stages. Failure to "vaccinate" so may result in
"defects" surfacing much later in life when it is too late.
In software development too when defects are found earlier in the lifecycle,
they are much easier and cheaper to fix. Right from the time of
requirement gathering till design, testing and implementation - testing
goes hand in hand. The sooner testing activities are started the better the
quality of the deliverables and lesser delays in projects. It is much cheaper
to change an incorrect requirement than having to change functionality in a
large system that is not working as specified by the customer.
! !249
TESTING PHASE
5. Pesticide paradox
Boris Beizer wrote:
"Every method you use to prevent or find bugs leaves a residue of subtler
bugs against which those methods are ineffectual."
In simple terms not every method or technique will find or prevent all
bugs, so one must use a variety of approaches, techniques, and methods
in testing. In software testing, if the same kinds of tests are repeated again
and again, eventually the same set of test cases will no longer be able to
find any new bugs. After certain number of iterations of testing most bugs
get be fixed & the 'Clustered Defect' area gets cleaned up. Developers will
focus on these areas and ignore other potential defect-ridden areas. To
overcome this "Pesticide Paradox" it is important to review the test cases
regularly and new and different tests need to be written to exercise
different parts of the software or system to potentially find more defects.
! !250
TESTING PHASE
❖ Were the executed tests well designed to catch the most defects?
❖ Were the test cases sufficient?
❖ Were the test cases designed to match user's requirements?
❖ Was the execution done properly?
In other words, a test that finds no errors is different than concluding that
the software is error-free. It should be assumed that all software contains
some faults, even if they are hidden.
❖ One must assign the best personnel to the task. Because testing requires
high creativity and responsibility only the best personnel must be
assigned to design, implement, and analyze test cases, test data and test
results.
❖ Testing must be done for invalid and unexpected input conditions as well
as valid conditions. The program should generate correct messages when
! !251
TESTING PHASE
❖ The software must be kept static during test. The program must not be
modified during the implementation of the set of designed test cases
❖ Bug: This has become generic usage. A software bug is a flaw or mistake
in a computer program that prevents it from working as intended, or
produces an incorrect result.
! !252
TESTING PHASE
❖ Failure: If, as a result of the defect/error, the system performs an
undesired action or fails to perform a desired action, then this is referred
to as a failure. It is a deviation of the software from its expected delivery
or services. A system may be reliable but not correct, i.e. it may contain
faults but if those faults are never executed the system is considered
reliable.
❖ Test Case: Set of test inputs, execution conditions & expected results
developed for a particular objective, such as to exercise a particular
program path or to verify compliance with a specific requirement. It is
referred as a triplet "I S O", where "I" is the data input to the system, S
is the state of the system at which the data is input, and O is the
expected output of the system.
❖ Test Data: Inputs devised to test the system. Both Live Data as well as
Test Data can be used to test the system. Live Data is mostly valid but
Test data must include both valid as well as invalid data.
Reading the terminologies in the reverse order gives the perspective of the
process of testing where one starts with a test strategy, determine the test
cycles, create test suites for individual test scenarios, write scripts, devise
! !253
TESTING PHASE
appropriate test data, create set of test cases for all scenarios and execute
them to detect bugs which could be an error, defect or result in failures.
Most programmers believe that testing is done to prove that the software
works or that the software does what the customer wanted. Although a
program may perform all of its intended functions, it may still contain
errors in that it also performs unintended functions. If the testing attitude
is to show that no errors are present, the likelihood of finding an error is
greatly decreased.
The "blood tests" recommended by doctors is usually not to find out if the
patient is healthy. The aim of the tests is to find defects in the patient's
body to determine physiological states, biochemical states, such as
disease, mineral content, pharmaceutical drug effectiveness, and organ
functions.
! !254
TESTING PHASE
Having talked about Test Cases, one would like to know how one writes a
test case. This is more of an art than a science. Every domain brings its
own challenges for writing test cases to cover maximum possible scenarios.
Reiterating that a test case is a set of conditions under which a tester will
determine whether an application or program is working as it was originally
established for it to do.
The topic of test cases is by itself a book. This book will give a brief idea
with an example of a typical test case for an ATM application.
❖ Test Suite ID - The ID of the test suite to which this test case belongs.
! !255
TESTING PHASE
❖ Test Case Summary -The summary / objective of the test case.
❖ Test Data- The test data, or links to the test data, that are to be used
while conducting the test.
❖ Actual Result- The actual result of the test; to be filled after executing
the test.
! !256
TESTING PHASE
! !257
TESTING PHASE
! !258
TESTING PHASE
! !259
TESTING PHASE
! !260
TESTING PHASE
! !261
TESTING PHASE
The example given was one of the simplest but one can see the effort and
time required to create them. The task obviously is daunting. Most Indian
programmers or project teams develop test cases after testing is
completed! Japanese clients are very particular and insistent on writing
test cases before coding starts. Unless they approve the test cases that can
run to more than 20,000 test cases for an ATM application the coding
phase cannot start. Meticulous checking and giving 100% feedback on the
total test-cases is part of their commitment; they also hire professional
testers to cover all possible test cases.
Static Testing focuses on the range of methods that are used to determine
or estimate software quality without reference to actual executions.
! !262
TESTING PHASE
Code review
Code review for a model is carried out after the module is successfully
compiled and the all the syntax errors have been eliminated. Code reviews
are extremely cost-effective strategies for reduction in coding errors and to
produce high quality code. Normally, two types of reviews are carried out
on the code of a module. These two code review techniques are "code
inspection" and "code walk through".
Code Inspection
It is a formal analysis of the program source code done by a team of
developers and subject matter experts to find defects as define by meeting
computer system design. In contrast to code walk through, the aim of code
inspection is to discover some common types of errors caused due to
oversight and improper programming. In other words, during code
inspection the code is examined for the presence of certain kinds of errors.
In addition to the commonly made errors, adherence to coding standards is
also checked during code inspection. It is a good practice to collect
statistics regarding different types of errors commonly committed by the
developers and identify the type of errors most frequently committed. Such
! !263
TESTING PHASE
Checklists are a great tool in code reviews - they ensure that reviews are
consistently performed by all teams - even if globally located. They are a
handy way to ensure that common issues are identified and resolved.
! !264
TESTING PHASE
❖ Does the code work? Does it perform its intended function, the logic is
correct etc.
❖ Are all variables properly defined with meaningful, consistent, and clear
names?
! !265
TESTING PHASE
❖ Are all assigned variables consist
❖ Are all data inputs checked (for the correct type, length, format, and
range) and encoded?
❖ Where third-party utilities are used, are returning errors being caught?
! !266
TESTING PHASE
Dynamic Testing
Under Dynamic Testing code is executed. As the name implies it checks for
functional behavior of software system, memory usage, CPU usage and
overall performance of the system. This tests the dynamic behavior of
code. Dynamic Testing is performed to confirm that the software product
works in conformance with the business requirements. This testing is also
called as validation testing.
The following table highlights some of the difference between static and
dynamic testing
Testing done without executing the Testing done by executing the program
program
Covers the structural and Covers the executable items of the code
statement coverage testing
Cost of finding defects and fixing is Cost of finding and fixing defects is high
less
More reviews and feedback ensure More defects and coverage ensures good
good quality quality.
! !267
TESTING PHASE
7.6 DEBUGGING
Debugging approaches
The following are some of the approaches popularly adopted by
programmers for debugging.
Backtracking
This is also a fairly common approach. In this approach, beginning from
the statement at which an error symptom has been observed, the source
code is traced backwards until the error is discovered. Unfortunately, as the
number of source lines to be traced back increases, the number of
potential backward paths increases and may become unmanageably large
thus limiting the use of this approach.
! !268
TESTING PHASE
Program Slicing
This technique is similar to back tracking. Here the search space is reduced
by defining slices. A slice of a program for a particular variable at a
particular statement is the set of source lines preceding this statement that
can influence the value of that variable.
! !269
TESTING PHASE
Testing Debugging
Starts with known conditions, uses Starts from possibly unknown initial
predefined procedures, and has conditions, and the end cannot be
predictable outcomes predicted
Testing can and should be planned, The procedures for, and duration of,
designed, and scheduled debugging cannot be so constrained
Much of test execution and design can Automated debugging is still a dream.
be automated
There are some distinct test phases that take place in each of the software
life cycle activity. It is easier to visualize these phases through the
Waterfall model of development and V- model of testing. The V proceeds
from left to right, depicting the basic sequence of development and testing
activities. Unlike the waterfall model instead of moving down in a linear
way, the process steps are bent upwards after the coding phase, to form
the typical V shape. The V-Model also called as the Verification and
Validation model, demonstrates the relationships between each phase of
the development life cycle and its associated phase of testing. The V-model
explicitly suggests that testing (quality assurance) should be considered
early on in the life of a project.
! !270
TESTING PHASE
Verification Phase
Requirements Specifications: In the Requirements analysis phase, the
first step in the verification process, the requirements of the system are
collected by analyzing the needs of the user(s). The user requirements
document will typically describe the system's functional, interface,
performance, data, security, etc. requirements as expected by the user. In
this phase, the user acceptance test planning and tests are also designed
in this phase.
! !271
TESTING PHASE
Validation Phase
In the V-model, each stage of verification phase has a corresponding stage
in the validation phase.
Unit testing: The unit test plans (UTPs) developed during module design
phase are executed to detect and eliminate defects at program code level
or unit level. A unit is the smallest entity which can independently exist,
e.g. a function, program or a module. Unit testing verifies that the smallest
entity can function correctly when isolated from the rest of the units.
Integration testing: Integration test plans that are developed during the
high Level design phase are executed in this stage. These tests verify that
units created and tested independently can coexist and communicate
among themselves.
System testing: System tests plans that are developed during system
design phase are executed in this stage. The System test plans are
generally composed by client's business team. Applications are tested for
! !272
TESTING PHASE
User acceptance testing: User acceptance test (UAT) plans that are
developed during the requirements analysis phase are composed by
business users. In this stage UAT is performed in a user environment that
resembles the production environment, using realistic data. UAT verifies
that delivered system meets user's requirement and system is ready for
use in real time.
The V-model has several advantages and criticism. It has been criticized by
Agile advocates and others as an inadequate model of software
development for numerous reasons.
Advantages
Criticism
! !273
TESTING PHASE
❖ Although it is easily understood by fresh programmers, early
understanding is useful only if the novice develops a deeper
understanding of the development process and how the V-model must be
adapted and extended in practice.
Software products are normally tested first at the individual component (or
unit) level. One begins by 'testing-in-the-small' and moves toward 'testing-
in-the-large'. After testing all the components individually, the components
are slowly integrated and tested at each level of integration (integration
testing). Finally, the fully integrated system is tested - called system
testing. Integration and system testing are known as testing in the large.
❖ Unit/Module testing
❖ Integration testing
✴ Non incremental
✴ Incremental
✴ Top-down approach
✴ Bottom-up approach
✴ Sandwich approach
! !274
TESTING PHASE
❖ System testing
❖ User acceptance testing
Unit testing is undertaken after a module has been coded and successfully
reviewed. Unit testing (or module testing) is the testing of different units
(or modules) of a system in isolation. In order to test a single module, a
complete environment is needed to provide all that is necessary for
execution of the module. For example to test the "SMS" module of a mobile
application, the "contacts" module should be developed or data of contacts
available for testing the SMS module. In this case "one function" of the
SMS module will undergo "UNIT" testing. The SMS module itself becomes a
"UNIT" once all its functions are tested and integrated.
! !275
TESTING PHASE
Stubs' are created for the modules at the lower level. Stubs are dummy
modules which will produce the same output as that of the called modules.
Once the calling module is tested, then the testing proceeds to test the
modules at the lower level and the 'stub' is replaced by the real module.
Developing the stub allows the programmer to call a method in the code
being developed, even if the method does not yet have the desired
behavior.
A 'Driver' is a piece of software that drives (invokes) the Unit being tested.
A driver creates necessary 'Inputs' required for the Unit and then invokes
! !276
TESTING PHASE
the Unit. A "Driver" passes test cases to another piece of code. "Test
Harness" or a "test driver" is supporting code and data used to provide an
environment for testing part of a system in isolation.
Both the "Driver" and the "Stub" must be kept at a minimum level of
complexity, so that they do not induce any errors while testing the Unit in
question. Once the real modules are developed for a Stub or a Driver they
are replaced with the real modules and the programs retested. The Stubs
and Drivers are often viewed as throwaway code.
This is also referred to as Link Testing. Interfaces are the means by which
data is passed to and from modules. A group of modules are tested
together to test the software for dependencies within modules & to test the
interfaces within modules. Integration testing tests interfaces between
components, interactions to different parts of a system, such as the
operating system, file system, hardware or interfaces between systems.
This behavior covers both functional & non-functional aspects of the
integrated system.
! !277
TESTING PHASE
However, this technique is practicable only for very small systems. The
main problem with this approach is that once an error is found during the
integration testing, it is very difficult to localize the error as the error may
potentially belong to any of the modules being integrated. Therefore,
debugging errors reported during big bang integration testing are very
expensive to fix.
! !278
TESTING PHASE
! !279
TESTING PHASE
In each of the two types of tests, various kinds of test cases are designed
by referring to the SRS document.
Example:
While testing a web application the network performance is checked for
Connection Speed vs. Latency. Latency is the time difference between the
! !280
TESTING PHASE
data to reach from source to destination. A 70kb page might take less than
15 seconds to load for a worst connection of 28.8kbps modem
(latency=1000 milliseconds), while the page of same size would appear
within 5 seconds, for the average connection of 256kbps DSL (latency=100
milliseconds).
! !281
TESTING PHASE
Stress Testing
Stress Testing is testing conducted to evaluate a system or component at
or beyond the limits of its specified requirements or normal operation.
Stress testing also known as endurance testing, determines the breaking
point or unacceptable performance point of a system. For example any
component used in high-voltage circuit breakers is subjected to a "stress"
test for power surges far beyond the normal working voltages. Most of us
have experienced the crashing of a desktop or laptop halfway through
some routine program without any reason or the system saying "Not
responding". Such errors indicate stress on the memory of the machine
and the operating system.
! !282
TESTING PHASE
the volume of traffic at different times of the day was much higher than
this.
Configuration Testing
This is used to analyze system behavior in various hardware and software
configurations specified in the requirements. Today applications are built
work on desktops, mobiles, Notepads, i-phones etc. These applications are
built in variable configurations for different users. The system is configured
in each of the required configurations and it is checked if the system
behaves correctly in all required configurations.
! !283
TESTING PHASE
Compatibility Testing
This type of testing is required when the system interfaces with other types
of systems. Compatibility aims to check whether the interface functions
perform as required. For instance, if the system needs to communicate
with a large database system to retrieve information, compatibility testing
is required to test the speed and accuracy of data retrieval.
Recovery Testing
Recovery testing tests the response of the system to the presence of
faults, or loss of power, devices, services, data, etc. The system is
subjected to the loss of the mentioned resources and it is checked if the
system recovers satisfactorily. For example, the printer can be
disconnected to check if the system hangs. Or, the power may be shut
down to check the extent of data loss and corruption.
! !284
TESTING PHASE
Documentation Testing
It is checked that the required user manual, maintenance manuals, and
technical manuals exist and are consistent. With the global reach today,
applications are used across the world by people with different languages,
culture and capabilities. In the Arabic world documentation must be such
that it can be read from right to left. If the requirements specify the types
of audience for which a specific manual should be designed, then the
manual is checked for compliance.
Usability Testing
Usability testing concerns checking the user interface to see if it meets all
user requirements concerning the user interfaces. One of the goals of
usability testing is to check its suitability for the user's current work-style,
culture and organization's existing employees. The tests also find out how
the end-users will react to the system. Obviously this test is very
subjective.
There are several areas that are covered during usability testing. These
include Ease of Learning
❖ Ease of understanding
❖ Ease of installation
❖ Screen display - formats, layout, look and feel
❖ Report formats
❖ Ease of using in terms of keystrokes, mouse navigation, short cuts or
memory-aids
❖ Difficulty of orientation and navigation
❖ Ease of completing a specific task using the system
❖ Information consistency and presentation
❖ Usage by different categories and skill levels of users
Security Testing
Security testing has become very crucial with the advent of technology, the
internet and cloud computing. The testing verifies that protection
mechanisms built into a system will protect it from illegal penetration,
logical access violators.
! !285
TESTING PHASE
Today more and more vital data is stored in web applications and the
number of transactions on the web has increased; proper security testing
of web applications is becoming very important. Some key terms used in
web application security testing are:
! !286
TESTING PHASE
❖ Spoofing: The creation of hoax look-alike websites or emails is called
spoofing. Cheats create dummy Urls to lure gullible users to reveal bank
account details and commit frauds.
Localization Testing
Localization Testing focuses on areas affected during localization viz. user
interface and content, culture, language specific & region specific areas.
For example any help message in English needs to be translated to French
or German for the benefit of users in their countries and translation of
some "list of strings" may be out of context or wrongly translated. In some
cases more words may be required in a particular language to explain the
same thing which is expressed in one or two words in English. The word
"commode" in French has a totally different connation from the similar
sounding word "commodity" in English. Testing must ensure that such
ambiguities are not existent and also that the translated content fits into
the same user interface areas on screen. Sometimes a keyboard shortcut
may have no function on the source language (English) but is used for
typing characters in the layout of the target language (Tamil).
Release Testing
Consider widely used applications like McAfee anti-virus, Google Chrome,
Skype and Several Gaming software. Changes happen in each of these
! !287
TESTING PHASE
Hence vendors select the bug fixes, new features, and documentation for a
particular release. The bugs are prioritized, the source files are retrieved
from the repository, changes made and recompiled, linked and a new build
is ready with a new version number. After successful testing an installable
media package is created and kept ready. At a specified timeline the
package is released to users who have an option to install the new upgrade
or defer it for a later date. Care is taken such that every release checks the
existing configuration, the current version of the application at the user site
and upgrades it to the latest version in a proper sequential manner to
ensure that all changes from the previous upgrade till the current release
are implemented.
A subject-matter expert (SME) from the client site is preferably made the
owner for these tests and the SME provides a summary of the findings for
review. Users of the system perform tests similar to what would occur in
real-life scenarios. The purpose of this testing is to validate the end to end
business flow. For example while testing a banking application the testers
will test for creating customer accounts, depositing money, withdrawing
money with no balance, printing statements, stopping cheques payments,
suspending accounts, changing customer details, assigning nominees,
closing accounts, transferring funds, calculating bank interest etc. - not
necessarily in any logical sequence. The system should work properly
! !288
TESTING PHASE
There are two types of acceptance testing: Alpha and Beta testing
Alpha testing takes place at developers' sites, and involves testing of the
operational system by client's internal staff, before it is released to external
customers. Alpha testing is a type of acceptance testing of a software
product which is not the final version. It is performed to identify all
possible issues/bugs before releasing the product to everyday users or
public. The focus of this testing is to simulate real users by using blackbox
techniques and carry out tasks that a typical user might perform. Alpha
testing is carried out in a controlled lab environment and usually the
testers are internal employees of the organization.
Beta testing also called as "field testing" takes place at customers' sites,
and involves testing by a group of customers who use the system and
provide feedback, before the system is released to other customers. Beta
testing is testing the application which is completed (100%). It is
performed by "real users" of the software application in a "real
environment" and can be considered as a form of external user acceptance
testing. Some vendors release the "Beta version" of their products
especially gaming software to some specified users and take their feedback
before releasing the product. Since it the final test before shipping a
product to the customers, direct feedback from customers is a major
advantage of beta testing. This is also the last stage of testing when a
product vendor offers the product outside the company for free trials.
Smoke Testing
Smoke testing refers to various classes of tests of systems, usually
intended to determine whether they are ready for more robust testing. The
expression was first used in plumbing in referring to tests for the detection
of cracks, leaks or breaks in closed systems of pipes. By metaphorical
extension the term was used in electronics. The phrase smoke test comes
from electronic hardware testing. One plugs in a new board and turns on
the power. If there is smoke seen coming from the board the power is
turned off. One does not need to do any more testing.
! !289
TESTING PHASE
Regression Testing
The objective of testing being finding defects, fixes are required to remove
these defects. Changes can occur in one unit or multiple units. It is
important to ensure that such changes are done only to fix the problems
detected and not adding further defects. Regression testing is the process
of testing changes to computer programs to make sure that the older
programming still works with the new changes. Regression testing seeks to
uncover new software bugs, or regressions, in existing functional and non-
functional areas of a system after changes such as enhancements, patches
or configuration changes, have been made to them. Common methods of
regression testing include rerunning previously completed tests and
checking whether program behavior has changed and checking whether
previously fixed faults have re-emerged.
! !290
TESTING PHASE
Exhaustive Testing
Exhaustive Testing, as the name suggests is very exhaustive but a big
myth. In this type of testing outputs given by an application for all possible
inputs are checked with maximum possible permutations and combinations
of the inputs. Exhaustive testing is feasible when the programs and the
scope of project are small. For bigger projects exhaustive testing is
impractical and not feasible. It has theoretical significance, useful to know
and learn but practice implies lot of effort and costs.
Refer the diagram below. Fig A shows the logical paths that is possible to
be executed for a simple program with five conditions to be checked, 10
decisions and 7 statements to be executed. The numbers of tests that need
! !291
TESTING PHASE
! !292
TESTING PHASE
Testers can find bugs in the software, but can't make it 100% bug free.
This is the truth and one has to live with it. There is no such thing like
exhaustive testing. It is very rare for products to completely pass
exhaustive testing. There are always a few things that fail, but it may be
for a very rare and unlikely scenario, so it is labeled as a low-priority bug
that is very unlikely to occur, and may occur for only a very small
population of users. One must design an optional test suite that is of
reasonable size and can uncover as many errors existing in the system as
possible.
White-box testing is also known as clear box testing, glass box testing,
transparent box testing, and structural testing. It is a method of testing
software that tests internal structures or workings of an application, as
opposed to its functionality i.e. black-box testing. In white- box testing an
internal perspective of the system, as well as programming skills, are used
to design test cases. In the white-box testing approach, designing test
cases requires thorough knowledge about the internal structure of
software, and therefore the white-box testing is called structural testing.
The tester chooses inputs to exercise paths through the code and
determine the appropriate outputs. White-box testing can be applied at the
unit, integration and system levels of the software testing process.
White box is logic driven testing and permits the test engineer to
examine the internal structure of the program. The different techniques
exercise every visible path of the source code to minimize errors and
create an error-free environment. The whole point of white-box testing is
the ability to know which line of the code is being executed and being able
to identify what the correct output should be. It uses explicit knowledge of
! !293
TESTING PHASE
the internal workings of the item being tested to select the test data. Input
documents required here will be program specifications.
tested
❖ Coverage is a way of defining how many of the paths were actually
Statement coverage measures the degree to which the test cases exercise
or cover the logic (source code) of the program. It is a %age of executable
statements exercised by a test suite
! !294
TESTING PHASE
!
{If (a>1) && (b==0)
{ x=x/a;}
If (a==2 || x>1)
{ x=x+1; }
}
Path = 1 - 3 - 4 - 5 - 7 is sufficient for statement coverage Possible input:
a = 2, b =0, x = 4
! !295
TESTING PHASE
Test cases must be such that each decision has a true and false outcome at
least once. Consider the same example as shown in the accompanying
diagram
Even if the test cases satisfy decision coverage, it still does not cover the
path ACD and path ABE, hence decision coverage though stronger than
statement coverage is still weak. For the same example, at least two test
cases are needed to execute the true and false outcome of the decisions at
least once.
! !296
TESTING PHASE
! !297
TESTING PHASE
! !298
TESTING PHASE
A control flow graph can be derived from a simple flow chart of a program.
An example is given in the diagram given below.
! !299
TESTING PHASE
❖ Each circle, called a flow graph node, represents one or more procedural
statements. A sequence of process boxes and a decision diamond can
map into single node.
❖ The arrows on the flow graph, called edges or links, represents flow of
control and are analogous to flowchart arrows.
❖ An edge must terminate at a node, even if node does not represents any
procedural statements.
❖ Area bounded by edges and nodes are called Regions. When counting
Regions, include the area outside the graph as region.
! !300
TESTING PHASE
In order to draw the control flow graph of a program, all the statements of
a program must be numbered first. The different numbered statements
serve as nodes of the control flow graph. An edge from one node to
another node exists if the execution of the statement representing the first
node can result in the transfer of control to the other node.
Writing test cases to cover all the paths of a typical program is impractical.
For this reason, the path-coverage testing does not require coverage of all
paths but only coverage of "linearly independent paths". A linearly
independent path is any path through the program that introduces at least
one new edge that is not included in any other linearly independent paths.
If a path has one new node compared to all other linearly independent
paths, then the path is also linearly independent.
There are three different ways to compute the cyclomatic complexity V(G).
The answers computed by the three methods are the same and guaranteed
to agree.
! !301
TESTING PHASE
The selected threshold for Cyclomatic Complexity & Reliability Risk based
on categories established by the Software Engineering Institute is
! !302
TESTING PHASE
Drawbacks
❖ CC is a measure of the program's control complexity and not the data
complexity
❖ The same weight is placed on nested and non-nested loops. However,
Simple Loops
❖ loops whose loop bodies contain no other loops
❖ Innermost'' loops if any loops are nested
Nested Loop
❖ They are combinations of loops such that each is contained inside the
innermost loop and then work outward, conducting tests for the next
loop but keeping all other loops at minimum
Concatenated Loop
❖ In such constructs, one loop is dependent on the other
❖ They are loops such that each follows the next in the code
❖ Execution of the next loop begins after the previous terminates.
! !303
TESTING PHASE
Loop Testing
Spaghetti Loop: Such loops are not desirable. One must redesign using
structured constructs
! !304
TESTING PHASE
In this example, the memory leak occurs if the floor number requested is
the same floor that the lift is on; the condition for releasing the memory
would be skipped. Each time this case occurs, more memory is leaked. The
probability that the user presses the same floor is low and the error not
detected during testing but the memory will leak over a long period of
usage of the lift. The consequences would be unpleasant; at the very least,
the lift would stop responding to requests to move to another floor.
Passengers being stuck in the lift in such cases apart from being a crisis
can be a big embarrassment for a big reputed hotel. The memory leak can
be reset by restarting the application or by power resets.
! !305
TESTING PHASE
In this context, mutation testing was pioneered in the 1970s to locate and
expose weaknesses in test suites. In mutation testing, the software is first
tested by using an initial test suite built up from the different white box
testing strategies. After the initial testing is complete, mutation testing is
taken up. The idea behind mutation testing is to make few arbitrary
changes to a program at a time. Each time the program is changed, it is
called as a mutated program and the change effected is called as a mutant.
A mutated program is tested against the full test suite of the program. If at
least one test case exists in the test suite for which a mutant gives an
incorrect result, then the mutant is said to be dead.
If a mutant remains alive even after all the test cases have been
exhausted, the test data is enhanced to kill the mutant. The process of
generation and killing of mutants can be automated by predefining a set of
primitive changes that can be applied to the program. These primitive
changes can be alterations such as changing an arithmetic operator,
changing the value of a constant, changing a data type, etc. A major
disadvantage of the mutation-based testing approach is that it is
computationally very expensive, since a large number of possible mutants
can be generated.
This problem of the expense of mutation testing had reduced its practical
use as a method of software testing, but the increased use of object
oriented programming languages and unit testing frameworks has led to
the creation of mutation testing tools for many programming languages as
a way to test individual portions of an application.
! !306
TESTING PHASE
Advantages
Disadvantages:
❖ It is nearly impossible to look into every bit of code to find out hidden
errors, which may create problems, resulting in failure of the application.
! !307
TESTING PHASE
These tests are best carried out by testers not by the developers.
Programmers are logical thinkers, so they catch many of the "logical'
defects. But they also get possessive of the code they write and tend to
ignore functional features while testing. Real users are not necessarily
logical and in the real environmental circumstances are often illogical.
There are two main approaches to designing black box test cases.
! !308
TESTING PHASE
Example 1:
! !309
TESTING PHASE
Assuming only numeric partitions, in the above example there are five
partitions, even though the specification mentioned only four.
An inexperienced tester will take the easy way out with testing for every
Rs. 500 increments. That would give: Rs. 500.00, 1000.00, 1500.00,
2000.00, 2500.00, and so on up to Rs. 9000.00. This will cover only two
out of five partitions. Obviously this approach is less effective than
equivalence partitioning. At the same time there are four times more tests
as against the five partitions and still less. The invalid partition implies that
it is not one of the expected inputs for this particular field.
It can be seen that equivalence partitioning uses fewest test cases to cover
maximum requirements
! !310
TESTING PHASE
Example: If an input condition specifies that a variable, say count, can take
range of values (1 - 999) one has
❖ one valid equivalence class (1 < count < 999)
❖ two invalid equivalence classes (count < 1) & (count >999)
Error guessing is a test method in which test cases used to find bugs in
programs are established based on experience in prior testing.
Among a large group of programmers there are always one or two persons
who are approached to solve problems when someone is stuck for a
solution. The "expert" sometimes may not even move from his desk but
ask simple questions to diagnose the problem or sometimes may suggest a
solution seemingly "out of the hat".
Experienced testers just guess where the errors are based on their intuition
and experience to determine what situations commonly cause software
failure. This testing is very ad-hoc and not a technique; more of an art to
guess where the errors could be lurking. Some people seem to be naturally
good at testing and others are good testers because they have a lot of
experience either as a tester or working with a particular system and so
are able to find out its weaknesses.
Error guessing has no explicit rules for testing; test cases can be designed
depending on the situation, either drawing from functional documents or
! !311
TESTING PHASE
The basis behind this approach is in general people have the knack of
"smelling out" errors
! !312
TESTING PHASE
❖ Cause: Got caught in rain; Effect: Cold and cough
❖ Cause: Hours of Dance practice; Effect: First Prize in the competition
❖ If age<=30 & No claims made, premium increase will be 200 else 500
❖ For any age if claims made are 1 to 4, premium increase will be 1000
❖ If one or more claims made then warning letter
❖ If 5 or more claims made then cancel policy
! !313
TESTING PHASE
The diagram shows the cause-effect diagram. The decision tables derived
for the norms specified is given below.
Advantages
! !314
TESTING PHASE
❖ Test cases can be designed along with functional specifications
Disadvantages
❖ Difficult to identify tricky inputs if the test cases are not developed with
Functional specifications
One wishes that there was a magic tool that would automate all of the
testing. There are a number of very useful tools for many different aspects
of software testing. Success with tools is not guaranteed, even if an
appropriate tool is acquired - there are also risks in using tools. It is a good
idea to use computers to do things that computers are really good at
compared to people. Tool support is useful for repetitive tasks; a computer
doesn't get bored and will be able to exactly repeat what was done before.
Handling large volumes of data (comparison) etc. would be easier.
! !315
TESTING PHASE
Why automate?
❖ Manual testing of all work flows, all fields, all negative scenarios is time
and cost consuming
❖ They are repeatable. One can Test how the application reacts after
repeated execution of the same operation.
❖ They are comprehensive. One can build a suite of tests that covers every
feature in the application.
! !316
TESTING PHASE
❖ Test cases that need to be executed for every build of the application i.e.
test cases that are part of Regression Testing
❖ Data driven test cases i.e. those test cases that need to be executed for
multiple data values
❖ Test Cases that are newly designed and not executed manually at least
once
The table below gives a comparing between manual testing and automated
testing.
! !317
TESTING PHASE
No special skills required to write Special skills are required to write the
test cases scripts/codes.
Manual Testing has a high risk of Automated Tests have zero risk of
missing out on something. missing out a pre-decided test.
No tool required so cost is less. Cost of automation tool is high. But gets
nullified on long run.
Color related issues can be identified With automation testing color related
issue cannot be detected.
! !318
TESTING PHASE
Some of the test execution automation tools used for testing are
❖ WinRunner (HP)
❖ SilkTest (Borland)
❖ TestComplete (AutomatedQA)
❖ QAWizard (Seapine)
❖ TestPartner (Compuware)
❖ QEngine (AdventNet)
! !319
TESTING PHASE
WinRunner
HP WinRunner was originally written by Mercury Interactive. Mercury
Interactive was acquired by Hewlett Packard (HP) in 2006. In Feb 2008, HP
announced the end of support for WinRunner suggesting migration to HP
Functional Testing software as a replacement. It is still worthwhile to
understand the features of WinRunner for automated testing.
! !320
TESTING PHASE
and entering keyboard input-but WinRunner does this faster than any
human user.
❖ Record/Playback Tool
! !321
TESTING PHASE
❖ Generate new records populated with pseudo-random data, or data set
up according to some guidelines
Testing is a never ending process and since one can never assume that 100
% testing has been done, one can only minimize the risk of shipping the
product to client with X testing done. Testing can be stopped
❖ When the test cases have been completed with some prescribed pass
percentage.
! !322
TESTING PHASE
❖ The risk in the project is under acceptable limits
Testing metrics can help the testers to take better and accurate decisions
for stopping testing. One method is to have a fixed number of test cases
ready well before the beginning of test execution cycle. Subsequently
measure the testing progress by recording the total number of test cases
executed using the following metrics which are quite helpful in measuring
the quality of the software product
! !323
TESTING PHASE
Whatever be the method used to decide, words like 'Good', 'Large', 'Low'
and 'High' are subjective terms and depend on the type of product being
tested. Ultimately, the risk associated with moving the application into
production, as well as the risk of not moving forward, must be taken into
consideration before ceasing testing.
What is a defect?
It is a product anomaly or error reported by the tester. The possibilities
could be that
! !324
TESTING PHASE
Severity and Priority are the two key parameters to measure the impact
and nature of the defect. Defects found during testing are classified based
on their severity.
Defect Severity means, how critical is the bug for an application? The
severities are usually pre-defined by the organization and are assigned by
"tester". Consistency is important since it helps test teams avoid
disagreement with development teams about the criticality of a defect.
Testers must assign the severity of the defect objectively and avoid
"personality" and "ego" clashes with the development teams. Severity
describes the bug in terms of functionality and how bad or critical is the
bug.
! !325
TESTING PHASE
❖ Very High - Immediate fix needed. Blocks further testing. Is very evident
❖ Low: Good to be fixed. But software can be released with the defect
! !326
TESTING PHASE
❖ Low Severity and Low Priority
Example: The color combinations on the home page are not consistent
with other pages of the website. There are no functional impacts due to
this defect.
Defect life cycle is the stages through which a defect goes through during
its lifetime. The states include:
❖ New: When a defect or bug is logged and posted for the first time.
❖ Open: The bug is now under analysis and remediation. The developer has
started analyzing and working on the defect fix. The defect status stays
as "open" till it is “closed"
! !327
TESTING PHASE
NEW
OPEN
REJECTED
ASSIGN
DEFERRED
REOPENED TEST
VERIFIED
CLOSED
!
❖ Assign: Once a tester has found a defect, he posts it in the system (could
be a tool or just an MS Excel sheet). The test-lead reviews the bug
reported and once it is found genuine assigned to a developer and the
developer team.
❖ Test: When the developer makes the necessary code changes the code is
retested. In case the defect persists the bug status is changed to
"reopen" and goes through the cycle of assign & test,
❖ Verified: If no defects are found after the necessary code changes are
completed and testing is done, the bug status is changed to fixed or
verified.
❖ Closed: Once the bug is fixed, tested and approved the status of the bug
is changed to "closed".
! !328
TESTING PHASE
❖ Rejected: If the developer feels that the bug is not genuine the bug is
marked as rejected.
❖ Deferred: The bug, changed to deferred state means the bug is expected
to be fixed in next releases.
❖ Closed: Once the bug is fixed, tested and approved the status of the bug
is changed to "closed".
! !329
TESTING PHASE
8 Test case name The Test Case and condition which was being
executed when the defect occurred.
13 Priority Code Indicates the urgency of fixing the defect Very high,
High, Medium, Low, etc.
15 Date Sent to The defect detection date can be different from this
Developer date. The bug report is reviewed before being sent
to the developer team.
Defect Reports are generally written by test engineers after finding defects
during testing of an Application-Under-Test (AUT).
! !330
TESTING PHASE
Can one predict the number of defects in a program which is still not
written? Sounds an impossible and ridiculous question? Well, reality is that
it is possible. If one works with any Japanese organization like Hitachi,
Toshiba or Toyota their approach to software development is not much
different from their manufacturing domain. Planning for defect prevention
includes prediction of defects. The logic is quite simple. If any organization
has collected metrics for defects, the Japanese company reviews this data
and sets the "targets" for each delivery and expects the vendors to
improve their processes to reduce the defects compared to their "own"
benchmarks. For example: If the known metrics for defects in ONE page of
a WORD document is 8 defects/page, this is the starting point and the
defect management process should aim to bring this to say 4 defects/page
in the first 6 months and later to 2 defects/ page in the long term.
! !331
TESTING PHASE
All these questions require some type of measurements and record keeping
for resolving.
and quantifiable.
❖ Easy to collect: The information collection process must not take too
purposes
testing.
❖ Focus on different key metrics helps create a better business design.
! !332
TESTING PHASE
Defect Age
Defect age analysis provides good feedback on the effectiveness of the
testing and the defect removal activities. E.g. if the majority of older,
unresolved defects are in a pending state, it probably means that not
enough resources are applied to the re-testing effort. Time from when a
defect is introduced TO when it is detected (or fixed).
Defect Age = (Defect Detected - Defect Introduced)/ Number of defects
! !333
TESTING PHASE
❖ Defect Prevention
❖ Establishing Milestones
❖ Defect Discovery
❖ Defect Resolution
❖ Process Improvement and
❖ Management Reporting
Defect Prevention
❖ Understand the critical risks that could largely affect project or system.
❖ For each risk make an assessment of the financial impact if the risk
becomes a problem.
❖ Once the most important risks are identified try to eliminate each risk
and minimize the expected impact
Establishment of milestones
❖ Defects in the baselined product are such where the given set of
requirements are not satisfied.
❖ Set the requirements for each deliverable and the criteria that must be
met before the deliverable can be baselined.
! !334
TESTING PHASE
Defect Discovery
Defect Resolution:
❖ Developers notify all relevant parties how and when the defect was
repaired
Process Improvement
❖ Back tracing of validation process, where defect may have caught earlier.
The process gets strengthened to prevent defects
❖ The process also helps to find defects that have been created, but not yet
discovered
! !335
TESTING PHASE
Management Reporting
❖ Provide insight into areas where the process could be improved to either
prevent defects or minimize their impact.
! !336
TESTING PHASE
7.13 SUMMARY
The important objective of testing is not to prove that the software works
but to show presence of defects. Exhaustive testing is a myth and not
possible and hence planning for testing is an important activity. It is also a
myth that testing begins after coding. The fact that 30-40% of efforts are
spent on testing indicates that testing starts quite early at the requirement
stage itself. Costs of fixing defects are much less if testing is successful in
the early stages. Many organizations have an independent testing team to
avoid the risk of missing out defect detection in products by the teams that
created the product.
Testing starts with a strategy i.e. a road map to ensure quality deliverables
throughout the development cycle. Several test cycles may be involved,
some using test scripts and one needs to prepare test cases, test data with
! !337
TESTING PHASE
both valid and invalid data to detect failures, defects and errors. Writing
test cases even for simple modules is an arduous task - more an art than a
science. A good "Test Case" is one that has a high probability of detecting
an as yet undiscovered error and it is successful only if it finds the
undiscovered defect. Checklists are one of the effective tools used for
testing that can minimize errors due to oversight. Applying the V-model of
SDLC in testing gives a good perspective of the test activities and test
plans that need to be in place at each of the phases of the SDLC for
efficient and successful testing. Based on whether the actual execution of
software under evaluation is needed or not, there are two major categories
of quality assurance activities - Static and Dynamic Testing. Static testing
covers inspection, code walkthrough, reviews and desk checking. Dynamic
Testing includes White Box Testing and Black box testing each of them with
their own advantages and disadvantages. White box testing done by the
programmers is where the internals like statements, loops, decisions,
conditions, memory leaks etc. are covered while Black Box Testing
generally done by testers focuses on tests from the user perspective.
Usage of McCabe's cyclomatic complexity - a software quality metric - is a
practical way of determining the maximum number of linearly independent
paths in a program and helps in evaluating the complexity of the programs
and also in estimating the efforts required for white box testing. Testing
leads to finding the source of the defects or errors which requires good
debugging skills.
User Acceptance Testing is the proof of the pudding which happens in two
stages - alpha and beta - one in the presence of developers and the other
! !338
TESTING PHASE
by the customer alone. Fixes happen whenever defects are found and the
units, modules or the system need to be regression tested, usually by
using tools to ensure that the changes work and that the changes have not
impacted other parts of the system or programs. Software Test Automation
though not applicable for all situations, helps to avoid human errors and
also speed up the testing process & ensure high quality. A Project
Manager's nightmare is to decide "when to stop testing" and wide-spread
use of products of MicroSoft with bugs are a clear example that 100 %
testing can never be done.
Testing results in identifying defects and also minimize the impact of the
defect. The impact can be measured by using two important parameters -
severity and priority. Metrics like requirement stability index, defect
removal efficiency, mean time to failure, defect age - measurement should
be integrated into the software development process and be used to
improve the processes and assure quality of deliverables.
! !339
TESTING PHASE
6. Explain the flow of the testing phase from testing strategy till defect
detection and correction.
14.Why do professionals not prefer a testing career? How will you justify or
negate their beliefs?
! !340
TESTING PHASE
15.Given the many challenges facing a tester, what types of skills do you
believe should be required of a person being hired as a test specialist?
What is the testing phase?
20.Identify the type of errors that can be detected during code walk
throughs.
21.Identify the type of errors that can be detected during code inspection.
24.Is static testing sufficient to prove that the product works? If Not, why?
26.What is meant by the statement "Begin testing in the small and then
move to testing in the large"?
27.What are the different techniques of testing? Explain each of them with
examples.
! !341
TESTING PHASE
28.What are the differences between testing and debugging? What specific
tasks are involved in each? Which groups should have responsibility for
each of these processes?
33.Is it advantageous to do a Big Bang testing? Where would one use such
a method?
36.Why is it important to develop test cases for both valid and invalid Input
conditions?
! !342
TESTING PHASE
41.Why do we need the different types of White Box Testing i.e. Statement
Coverage, Decision Coverage, Condition Coverage? Why cannot only one
of these be sufficient for testing?
43.What is the meaning of the word "coverage"? Explain this for all the
types used in White Box Testing.
47.What are the differences between white box and black box testing
52.Derive a set of equivalence classes for the averaging unit using the
specification, and complement the classes using boundary value
analysis. Be sure to Identity valid and invalid classes.
! !343
TESTING PHASE
53.Identify and briefly explain two guidelines for the design of equivalence
classes for a problem.
55.From your own testing experiences and what you have learned from
this text, why do you think it Is important for a tester to use both white
and black box- based testing techniques to evaluate a given software
module?
57.What is a control flow graph? How is It used In white box test design
66.Discuss how severity and priority are assigned for defect management
with examples.
! !344
TESTING PHASE
69.When does one stop testing? Why? Suppose a test group was testing a
mission- critical software system. The group has found 85 out of the
100 seeded defects. If you were the test manager, would you stop
testing at this point? Explain your decision. If in addition you found 70
actual non-seeded defects, what would be your decision and why?
70.What are test metrics? Describe some of the metrics that are gathered
during testing and how they help in assuring quality of the deliverables.
! !345
TESTING PHASE
REFERENCE MATERIAL
Click on the links below to view additional reference material for this
chapter
Summary
PPT
MCQ
! !346
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
Chapter 8
Implementation, Maintenance, Change
Management, Risk Management
Objective:
❖ What Maintenance phase implies, what are the challenges and steps
❖ The types of Risks in Software development projects and how they can
be addressed
Structure:
8.5 Summary
! !347
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
! !348
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
! !349
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Hostility or non-cooperation
! !350
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Monetary - Less overtime, less importance and hence impact on salary
rise
Inspite of all the problems stated, the implementation phase is the most
rewarding for both the vendor and customer. The fruits of the entire SDLC
effort are seen in this phase where a wish list of requirements gets
translated to some concrete application which works and users can use it.
In the 1970's automatic printing of a statement in a passbook was a big
event in banking. Today online systems and mobile applications are
launched every day which are lapped up without batting an eyelid. For the
youth, a new mobile game is "manna from heaven" - one can imagine the
pride and happiness of the producers who made it happen and see it
through till deployment.
! !351
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
! !352
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Preventive maintenance: Done to prevent occurring of some new defect,
which might not have been foreseen earlier. This deals with updating
documentation and making the software more maintainable.
! !353
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Software systems are typically evolved from a complex set of
requirements, and are based on an overall design Maintenance
professionals must understand the requirements and design, but this
information is rarely available.
There are four major problems that can slow down the maintenance
process: unstructured code, insufficient knowledge of the system,
documentation being absent, out of date, or at best insufficient, mental
blocks on maintenance tasks.
! !354
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
No matter where you are in the system life cycle, the system will change,
and the desire to change it will persist throughout the life cycle.
Bersoff, et al, 1980
! !355
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
! !356
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Problem reports that identify bugs that must be fixed, which forms the
most common source
! !357
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Events in the development of other systems
All change history is logged with the change request, including all state
changes along with dates and reasons for the change. The Change
Management System ensures that every change request is received,
analyzed and either approved or rejected. If it is approved, all other project
constraints will also be analyzed for any possible impact due to this
implementation of change.
Baselines
One important aspect of change management is to keep track of the
changes and control them before they control the project. Baselining is a
software change management concept that helps practitioners to control
change without seriously impeding justifiable change.
! !358
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
The configuration items include any artifacts that are created during the
project and controlled. Examples are All Plans, SRS documents, UML
Diagrams, Design documents, Interface Designs, Test Cases, Code, Test
Results, Implementation Manuals, User Manuals and many other items.
Even Minutes of meetings are configuration items. Items are created,
formally reviewed, approved and "checked in" through a "toll" gate to a
project database. Once baselining of these artifacts is done, any change of
any of the items needs to go through a change control mechanism. The
items are "checked out" through another toll gate, the required changes
and its impact is reviewed, the item taken up for changes, and then follow
through the same cycle of formal review, approval and "check-in".
The significance of the toll gate is that once an item is "checked out" or in
WIP, it cannot be "checked out" by another person till such time the
previous version is "checked in". This avoids inadvertent overwriting of any
changes by a made in a code by one programmer.
The Software Change Management (SCM) Process addresses the following
questions
! !359
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ How does an organization manage the many existing versions of a
program (and its documentation) in a manner that will enable change to
be accommodated efficiently?
❖ How does an organization control the changes before and after software
is released to a customer?
Recording Changes
In practice, the basic details of a change request from the business are
recorded to initiate the change process, including references to documents
that describe and authorize the change. Well-run change management
programs use a uniform means to communicate the request for change,
and work to ensure that all constituencies are trained and empowered to
request changes to the infrastructure.
! !360
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
Verify change
The implementation of the change in the new SYSTEM RELEASE is verified
for the last time, now by the project manager. Maybe this has to happen
before the release, but due to conflicting literature sources and diagram
complexity considerations it was chosen to model it this way and include
this issue.
! !361
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
As the above process makes clear, true change management differs from
change control in the depth of its overall process scope and in the range of
inputs it uses. Where change control ensures that changes are recorded
and approved, change management considers overall business impact and
justification, and focuses not only on the decision to make or not make a
given change, but on the implementation of the change and the impact of
that implementation as well.
Version Control
Version control combines procedures & tools to manage different versions
of configuration objects that are created during a s/w process. A version
control system implements or is directly integrated with four major
capabilities:
❖ A make facility that enables the software engineer to collect all relevant
configuration objects and construct a specific version of the software
❖ An issues tracking (also called bug tracking) capability that enables the
team to record and track the status of all outstanding issues associated
with each configuration object
❖ Assurance that only changes that provide true business benefit are
approved
! !362
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Improved ability to smoothly regress to a previous state in the event of
change failure or unanticipated results
! !363
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
! !364
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Performance risk-the degree of uncertainty that the product will meet its
requirements and be fit for its intended use.
! !365
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
Customer Risks
❖ Will the customer resist looking over your shoulder during technically
detailed work?
❖ Are CASE tools used for analysis, design and testing? Integrated tools?
Technology Risks
! !366
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
Staff/People Risks
Can one foresee and prevent all risks? Take the example of the floods in
July 2005 in Maharashtra floods. Unprecedented torrential rain flooded of
many parts of the state of Maharashtra including large areas of Mumbai
city located in which at least 5,000 people died. The term 26 July, now is,
in context always used for the day when the city of Mumbai came to a
standstill. The "threat" was always there, "likelihood" was high during
monsoons, the "vulnerability" was exposed, the "attack" happened and
"consequence" was for all to see. Large numbers of people were stranded
on the road, lost their homes, and many walked for long distances back
home from work that evening. Transport services were at a standstill, with
the state government declaring a holiday on 27th and 28th of July.
Statisticians quoted this as the eighth heaviest ever recorded 24-hour
rainfall figure of 994 mm (39.1 inches). IT companies had a major problem
of maintaining continuity of their services, adhering to schedules or
responding to any crisis calls from their customers or clients; they could
not respond to this "attack" effectively. However the crisis led to a
thorough review of their disaster recovery and business continuity plans
and coverage of risks in the contracts and service level agreements.
❖ Avoiding the risk by deciding not to start or continue with the activity
that gives rise to the risk
! !367
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
❖ Removing the risk source
❖ Sharing the risk with another party or parties (including contracts and
risk financing)
! !368
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
An effective strategy for dealing with risk must consider three issues
The big challenge is estimating or knowing the two quantities potential loss
and probability of occurrence. Going back in time, in 1995 time frame
users and owners of the applications of mega applications running on
multiple mainframes and chugging along happily for 15 years realized the
huge risks of using their software beyond 1999 without making them Y2K
! !369
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
compliant. When it dawned that the programs would collapse on 1st Jan
2000 the risk analysts were all out with their calculators and pens to
address this gigantic software menace. The users and the IT team in these
organizations had a difficult time to put together a road map for the
conversion of the large applications. Identifying which source code was
required to be changed was sometimes decided by a toss of a coin in some
cases; performing magic was easier than calculating the loss and
probability of occurrence of a project failure. For example, an IT project
could be delayed by a few weeks and result in a loss of revenue for the
outsourcing partner of a few thousands of dollars but if Y2K applications
were not rolled out on before the crossover of the millennium (from Year
1999 to Year 2000) the consequences for the business could be enormous.
The principles, framework and processes for Risk Management are depicted
in the diagram shown here.
! !370
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
!
Good Risk Management helps in
❖ Focusing efforts -helps prioritize. Top 10, Top 3, least priority etc.
❖ Is proactive not reactive - Prepare for risks before they happen.
❖ Identifying risks and develop appropriate risk mitigating strategies
❖ Improve outcomes - achievement of objectives
❖ Enables accountability, transparency and responsibility
❖ Sometimes assuring survival
! !371
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
Risk management is not a "snap-shot" process. Risks are alive all the time
and changing. They need to be reviewed periodically and the parameters of
risk clearly confirmed. The probability of the risks, the impact of risks, the
severity etc. can change as the project progresses or as the organization
matures. Standards once established can promote continuous improvement
by being periodically reviewed and updated.
! !372
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
8.5 SUMMARY
! !373
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
3. What are the differences in the deployment activities like release, install
and activate and upgrade?
5. Why is the implementation phase the most rewarding phase for vendor
and customer?
6. What does maintenance phase imply? What are the challenges and
steps followed for maintenance?
! !374
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
10.What are the different types of maintenance? Give examples for each of
them.
13.How does one control the changes that arise after deployment? Explain
a logical process flow that can be implemented to track and control the
changes from its inception till implementation including exceptions.
17.In any project changes may impact only some of the configuration
items. For example the test case document can change with no change
to code or design. Will the version numbers be changed for all
configuration items if the test case document version number is
changed? How is it possible to correlate different items with different
version numbers?
18.Explain the sentence "Manage the Change or Change will manage you"
19.Using the analogy of the risks in a cricket match, discuss the various
risks, the impact, etc. that can arise in a project. As a project leader
how will you address each of the identified risks?
! !375
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
22.What are the steps in Risk assessment? Give examples of the steps as
applicable to a project.
28.Risks are not passive but active. What does this statement imply? What
must be done to handle such risks?
! !376
IMPLEMENTATION, MAINTENANCE, CHANGE MANAGEMENT, RISK MANAGEMENT
REFERENCE MATERIAL
Click on the links below to view additional reference material for this
chapter
Summary
PPT
MCQ
Video Lecture
! !377
QUALITY MANAGEMENT AND METRICS
Chapter 9
Quality Management and Metrics
Objective:
Structure:
! !378
QUALITY MANAGEMENT AND METRICS
9.7 Metrics
9.7.1 Measurement
9.9 Summary
! !379
QUALITY MANAGEMENT AND METRICS
! !380
QUALITY MANAGEMENT AND METRICS
Training, etc.)
❖ Doing it right the first time and every time (Emphasis on prevention,
Working smarter)
❖ Clear Communication with Customer
❖ Better Work-life Balance
Quality has been with us since time immemorial; after Second World War it
has been used more and more as a competitive weapon or competitive
advantage. Japan is a classic example of how a nation used quality to
become a world player in trade and industry. After World War II as Japan
was rebuilding from the war, many business executive went through
training in quality, which was conducted by Dr. Deming and Dr. Juran.
These executives took the quality message to heart and one can see the
results today, which are too obvious to mention. One associates Japan with
"quality" as "fish to water". Other countries like Taiwan, Singapore and
South Korea adopted similar models and became very successful in the
global market. Customers all over the world have become so demanding
and expecting good quality that quality is no longer a competitive
advantage, but is a sheer necessity to survive. Therefore quality cannot be
left to "inspection" and "rejection"; it has to be designed and built into the
processes and the products.
! !381
QUALITY MANAGEMENT AND METRICS
To quote Robert Pirsig in a best seller book entitled "Zen and The Art of
Motorcycle Maintenance.
"If we can show that a world without "Quality" functions abnormally, then
we have shown that Quality exists, whether it is defined or not" - Unquote.
❖ In 1986, two hospital patients died after receiving fatal doses of radiation
from a Therac 25 machine after a software problem caused the machine
to ignore calibration data
❖ In August 2008, the Privacy Rights Clearinghouse stated that more than
236 million data records of U.S. residents have been exposed due to
security breaches since January 2005
There are many more such examples where quality has been compromised
and fatal results have occurred. The importance of quality is well
emphasized in the following quote:
! !382
QUALITY MANAGEMENT AND METRICS
❖ Kaizen - Japanese for change for the better; the common English term is
continuous improvement.
! !383
QUALITY MANAGEMENT AND METRICS
❖ Zero Defect Program - created by NEC Corporation of Japan, based upon
statistical process control and one of the inputs for the inventors of Six
Sigma.
❖ PDCA - plan, do, check, act cycle for quality control purposes.
! !384
QUALITY MANAGEMENT AND METRICS
! !385
QUALITY MANAGEMENT AND METRICS
Quality Control defines and implements processes which ensure that the
project quality procedures and standards are followed by the software
development team. It is a process by which product quality is compared
against standards and action is taken if there is nonconformance.
❖ Rework: Describes the action taken to bring the rejected items into
compliance with product requirement or specification or other
stakeholder expectation.
! !386
QUALITY MANAGEMENT AND METRICS
2. Check sheet
3. Control chart
4. Histogram
5. Pareto chart
6. Scatter diagram
7. Run Chart
Other useful tools are Testing and Six Sigma. Testing has already been
covered in detail earlier. Six Sigma topics will be covered later in this
chapter. Some of the tools mentioned above are explained below.
Ishikawa Diagrams
Ishikawa diagrams are also called fishbone diagrams, herringbone
diagrams and cause-and- effect diagrams. They are causal diagrams
created by Kaoru Ishikawa (1968) that show the causes of a specific event.
Common uses of the Ishikawa diagram are product design and quality
defect prevention, to identify potential factors causing an overall effect.
Each cause or reason for imperfection is a source of variation. Causes are
usually grouped into major categories to identify these sources of variation.
The categories typically include
! !387
QUALITY MANAGEMENT AND METRICS
❖ People: Anyone involved with the process
❖ Methods: How the process is performed and the specific requirements for
doing it, such as policies, procedures, rules, regulations and laws
❖ Materials: Raw materials, parts, pens, paper, etc. used to produce the
final product
! !388
QUALITY MANAGEMENT AND METRICS
Control Charts
The control chart was invented by Walter A. Shewhart while working for
Bell Labs in the 1920s. The control chart is one of the seven basic tools of
quality control. Typically control charts are used for time-series data,
though they can be used for data that have logical comparability. A control
chart is a graphic display of data that illustrates the results of a process
over time. The main use of control charts is to prevent defects, rather than
to detect or reject them.
! !389
QUALITY MANAGEMENT AND METRICS
❖ Analyzing patterns of process variation from special causes or common
causes
Please refer the diagram given. Quality control charts are. in conjunction
with the "Seven run rule" to look for patterns in data. Seven run rule states
that if seven data points in a row are all below the mean, above the mean,
or are all increasing or decreasing, then the process needs to be examined
for non-random problems.
If analysis of the control chart indicates that the process is currently under
control (i.e., is stable, with variation only coming from sources common to
the process), then no corrections or changes to process control parameters
are needed or desired. In addition, data from the process can be used to
predict the future performance of the process. If the chart indicates that
the monitored process is not in control, analysis of the chart can help
determine the sources of variation, as this will result in degraded process
! !390
QUALITY MANAGEMENT AND METRICS
If analysis of the control chart indicates that the process is currently under
control (i.e., is stable, with variation only coming from sources common to
the process), then no corrections or changes to process control parameters
are needed or desired. In addition, data from the process can be used to
predict the future performance of the process. If the chart indicates that
the monitored process is not in control, analysis of the chart can help
determine the sources of variation, as this will result in degraded process
performance. A process that is stable but operating outside of desired
limits needs to be improved through a deliberate effort to understand the
causes of current performance and fundamentally improve the process.
Run Charts
!
! !391
QUALITY MANAGEMENT AND METRICS
Run charts are similar in some regards to the control charts used in
statistical process control, but do not show the control limits of the
process. They are therefore simpler to produce, but do not allow for the full
range of analytic techniques supported by control charts..
Scatter Diagrams
A scatter diagram is a tool for analyzing relationships between two
variables. One variable is plotted on the horizontal axis and the other is
plotted on the vertical axis. The pattern of their intersecting points can
graphically show relationship patterns. Most often a scatter diagram is used
to prove or disprove cause-and-effect relationships. While the diagram
shows relationships, it does not by itself prove that one variable causes the
other. In addition to showing possible cause and-effect relationships, a
scatter diagram can show that two variables are from a common cause
that is unknown or that one variable can be used as a surrogate for the
other. The closer data points are to a diagonal line, the more closely the
two variables are related. An example is given in the diagram above.
! !392
QUALITY MANAGEMENT AND METRICS
Histograms
A histogram is a graphical representation of the distribution of data. It is a
bar graph of a distribution of variables. It is an estimate of the probability
distribution of a continuous variable (quantitative variable) and was first
introduced by Karl Pearson. Histograms give an idea of the density of the
data, and often for density estimation: estimating the probability density
function of the underlying variable. Each bar represents an attribute or
characteristic of a problem or situation, and the height of the bar represent
its frequency. The adjacent diagram is a simple example.
Histograms are often confused with bar charts. A histogram is used for
continuous data, where the bins represent ranges of data, and the areas of
the rectangles are meaningful, while a bar chart is a plot of categorical
variables and the discontinuity should be indicated by having gaps between
the rectangles, from which only the length is meaningful. Often this is
neglected which may lead to a bar chart being confused for a histogram.
Pareto Chart
A Pareto chart, named after Vilfredo Pareto, is a type of chart that contains
both bars and a line graph, where individual values are represented in
descending order by bars, and the cumulative total is represented by the
line. It is a histogram that helps identify & prioritize problem areas. The
adjacent diagram is a simple example of a Pareto Chart.
! !393
QUALITY MANAGEMENT AND METRICS
The purpose of the Pareto chart is to highlight the most important among a
typically large set of factors. Pareto charts are extremely useful for
analyzing what problems need attention first because the taller bars on the
chart, which represent frequency, clearly illustrate which variables have the
greatest cumulative effect on a given system.
Pareto analysis is also called the 80-20 rule, meaning that 80 percent of
problems are often due to 20 percent of the causes
The "cost of quality" is not just the price of creating a quality product or
service. It also includes the cost of NOT creating a quality product or
service. Every time work is redone, the cost of quality increases. Any cost
! !394
QUALITY MANAGEMENT AND METRICS
that would not have been expended if quality requirements are not met
contributes to the cost of quality.
A study reported that s/w bugs cost the U.S. economy $59.6 billion each
year; one third of the bugs could be eliminated by an improved testing
infrastructure.
External failure cost: cost that relates to all errors not detected and
corrected before delivery to the customer. These are failure costs occurring
after delivery or shipment of the product - and during or after furnishing of
a service - to the customer. Examples are processing customer complaints,
customer returns, warranty claims, product recalls, loss of client, loss of
other potential customers, etc.
! !395
QUALITY MANAGEMENT AND METRICS
! !396
QUALITY MANAGEMENT AND METRICS
❖ Higher customer satisfaction
The ISO certification as per an ISO Survey in 20011 shows that the
number of certificates has increased continuously from 457K+ certificates
in Dec 2000 to 1111K+ certificates in Dec 2011. In 2010, India ranked 8th
while China headed the top 10 countries for ISO 9001 certificates
accounting for approximately a quarter of the global certifications. The
ranking of top 10 countries in 2010 was 1-China (297,037) 2-Italy
(138,892), 3-Russian Federation
(62,265), 4-Spain (59,854), 5-Japan (59,287), 6-Germany (50,583), 7-UK
(44,849), 8-India (33,250), 9-USA (25,101) and 10-Republic of Korea
(24,778). ISO does not certify organizations.
! !397
QUALITY MANAGEMENT AND METRICS
! !398
QUALITY MANAGEMENT AND METRICS
! !399
QUALITY MANAGEMENT AND METRICS
! !400
QUALITY MANAGEMENT AND METRICS
! !401
QUALITY MANAGEMENT AND METRICS
❖ Process approach - Everything is a process. Everyone has a supplier and
a customer.
A common criticism of ISO 9000 and 9001 is the amount of money, time,
and paperwork required for registration. Some feel it is only for
documentation and the workplace becomes oppressive and quality is not
improved. Estimating the cost for certification, resource requirements for
implementation and sustaining an ISO culture is not easy. The other strong
criticism is that ISO systems merely focus whether the processes are being
followed but not how good the processes are or whether the correct
parameters are being measured and controlled to ensure quality.
! !402
QUALITY MANAGEMENT AND METRICS
! !403
QUALITY MANAGEMENT AND METRICS
!
! !404
QUALITY MANAGEMENT AND METRICS
The three critical dimensions that organizations must focus on are people,
procedures and methods, and tools and equipment. They are the major
determinants of product cost, schedule, and quality. Normally importance
of having a motivated, quality work force is realized but even the finest
people cannot perform at their best when the process is not understood or
process is not operating "at its best." What holds all of them together are
the processes; they allow addressing scalability and provide a way to
incorporate knowledge of how to do things better; allow leveraging the
resources; examine business trends and align the way to do the business.
Organizations and their project managers live with strong myths (wrongly
so). They believe that with advanced technology, the tools and with an
experienced manager and a good team, processes are not needed. They
believe that process hampers creativity, introduces bureaucracy, works
only for large projects, adds to the costs and is a hindrance in a
competitive market place. Fortunately these myths have been proven
wrong and organizations have benefited from a process driven approach.
The key words in the CMMI model are Maturity and Capability. Immature
organizations can be successful occasionally, but will ultimately run into
difficulties because they depend on "heroics" which cannot be guaranteed
to be repeated; their success depends on having the same people on the
team which is practically impossible. In immature organizations processes
are reactively introduced as crisis management, quality is compromised
and cost overruns are normal. Quality problems result in rework, incorrect
functions and customer complaints & dissatisfaction. Teams working on
such projects end up with low morale. A mature organization has processes
that are managed throughout the organization, quality can be
quantitatively assessed and estimating, scheduling or budgeting is based
on metrics from past historical data.
The SEI has taken the process management premise, that "the quality of
a system or product is highly influenced by the quality of the
process used to develop and maintain it". This helps organizations
improve their performance, improve capability to consistently and
predictably deliver the products and services that their customers want,
when they want them and at a price they're willing to pay. Internally CMMI
helps companies improve their operational performance by lower costs for
production, delivery and procurement.
! !405
QUALITY MANAGEMENT AND METRICS
CMMI addresses only "Process Areas (PAs)". CMMI practices can improve
existing work practices but does not define them and organizations need to
look elsewhere to define their own practices.
There are two types of representations in the CMMI models: Staged &
Continuous. The staged model groups process areas into 5 maturity
levels and is used to achieve a "CMMI Level Rating". The continuous
representation defines capability levels within each profile. The continuous
representation focuses on process area capability as measured by
capability levels and the staged representation focuses on overall maturity
as measured by maturity levels. The capability/maturity dimension of CMMI
is used for benchmarking and appraisal activities, as well as guiding an
organization's improvement efforts. The contents of both representations
are the same. Both CMMI representations contain all the model
components i.e. Process Areas, Specific Goals, Specific Practices, Generic
Goals and Generic practices. Also metrics are collected and used at all
levels of the CMMI, in both the staged and continuous representations.
! !406
QUALITY MANAGEMENT AND METRICS
❖ A "Maturity Level" is what one can be appraised to and rated as when the
organization uses the Staged Representation of the CMMI A maturity
level is a well-defined evolutionary stages of process improvement. There
are five maturity levels. Each level is a layer in the foundation for
continuous process improvement using a proven sequence of
improvements, beginning with basic management practices and
progressing through a predefined and proven path of successive levels.
The figures shown below illustrate the structures of the continuous and
staged representations.
Continuos Representation
! !407
QUALITY MANAGEMENT AND METRICS
Staged Representation
The differences between the structures are subtle but significant. The
staged representation uses maturity levels to characterize the overall state
of the organization's processes relative to the model as a whole, whereas
the continuous representation uses capability levels to characterize the
state of the organization's processes relative to an individual process area.
! !408
QUALITY MANAGEMENT AND METRICS
The Table given below depicts the Levels for both the
representations
Level Continuous Representation Staged Representation Maturity
Capability Levels Levels
Level 0 Incomplete NA
There are two types of specific There is only one type of specific
practices: base and advanced. All practice. The concept of base and
specific practices appear in the advanced practices is not used. All
continuous representation. specific practices appear in the staged
representation with some exceptions.
Capability levels are used to organize Common features are used to organize
the generic practices. generic practices.
All generic practices are included in Only the level 2 and level 3 generic
each process area. practices are included.
! !409
QUALITY MANAGEMENT AND METRICS
The stage model representation is based on the idea that with the
groupings of process areas made sense as building blocks with higher
blocks depending on the prior blocks on the way to maturing processes
towards higher and higher capabilities. (Refer diagrams given below). The
groupings resembled stair-steps, or "levels". The other view was to focus in
improving a specific process area to the point of optimization which can
have a high value to the business and then move on to other process
areas. For example, an organization well known for its expertise in the
Verification (VER) process area, may want to improve their processes to
run verification at a continually optimizing pace. The continuous
representation allows an organization to select the process area or areas
and the depth of capability they want to become in those process areas.
! !410
QUALITY MANAGEMENT AND METRICS
! !411
QUALITY MANAGEMENT AND METRICS
! !412
QUALITY MANAGEMENT AND METRICS
The key factor in this level is that processes are continually improved
based on a quantitative understanding of the common causes of variation
inherent in processes. The entire organization focuses on continually
improving process performance through both incremental and innovative
technological improvements. Objectives are continually revised to reflect
changing business objectives, and used as criteria in managing process
improvement. Optimizing processes that are agile and innovative depends
on the participation of an empowered workforce aligned with the objectives
and values of the organization. Improvement of the processes is inherently
part of everybody's role, resulting in a cycle of continual improvement. At
maturity level 5, processes are concerned with addressing common causes
of process variation and changing the process to improve process
performance to achieve the established quantitative process-improvement
objectives.
In the staged model the maturity levels should not be skipped: Each
maturity level provides a necessary foundation for effective implementation
of processes at the next level. Higher level processes have less chance of
success without the discipline provided by lower levels. Higher the level the
quality and productivity are increased; time-to-market & risks are reduced.
! !413
QUALITY MANAGEMENT AND METRICS
!
! !414
QUALITY MANAGEMENT AND METRICS
! !415
QUALITY MANAGEMENT AND METRICS
To give a simple example for the discussions above, let us assume that a
task-force formed by the management was assigned the responsibility of
identifying priority areas to fix a series of customer complaints regarding
quality, delays and incomplete work deliverables. The task force identified
that the Requirements Management was one of the areas of concern and
high risks.
! !416
QUALITY MANAGEMENT AND METRICS
❖ SG 1 Manage Requirements
✴ SP 1.1 Understand Requirements
✴ SP 1.2 Obtain Commitment to Requirements
✴ SP 1.3 Manage Requirements Changes
✴ SP 1.4 Maintain Bidirectional Traceability of Requirements
✴ SP 1.5 Ensure Alignment Between Project Work and Requirements
Another important word used across CMMI process areas (and many other
standards) is "institutionalization". It sounds like some magic wand to be
used to spread the good-practices across the organizations. What it
actually means is the extent to which processes have taken root within an
organization - with just one project or 100's. It is about how they're
performed, how they're managed, how they're defined, what is measured
and with what are the processes are controlled, and how continuous
improvement happens. This obviously is the most difficult part of CMMI
implementation and project managers have to play a big role and make the
biggest impact. It is important to build and reinforce a corporate culture
that supports methods, practices and procedures; so that they are the
ongoing way of business. Organizations adopting the SEI-CMMI model need
to be assessed for their compliance to the CMII framework. CMMI
! !417
QUALITY MANAGEMENT AND METRICS
The quote "In God we trust, all others bring data" is attributed to W.
Edwards Deming the famous statistician and management scientist, who
promoted the Shewhart "Plan-Do-Check- Act" Cycle. In problem solving,
data is so much more valuable than opinion is the underlying theory in this
statement. Everyone has opinions and beliefs, but to really solve problems
one needs to be objective and not rule out possibilities without proof. At
school tally charts, histograms or bar charts were taught for data
representation.
Data is collected for several reasons. Protests against colleting toll charges
at toll gates on roads in India led to counting of the vehicles using an
expressway or major arterial roads. The problem was that the tolls were
being collected way past the milestone dates or costs. The other problem
arose from the statistics presented to justify the collection. There was no
clear understanding and agreement on the process of counting, scope of
what was counted or clarity on how long the entire exercise should take.
How does one decide when to stop collecting toll? What are the variations
possible? Here's where science and statistical models come into play.
Collecting and analyzing the data to improve the processes and then
making "informed" decision was the key.
! !418
QUALITY MANAGEMENT AND METRICS
"Mean" is the average of a set of values; add up the values and divide by
the number of items. If one subtracts the mean from each value the result
is called the deviation from the mean. Dividing the sum of the squares of
each deviation of the mean by the number of items gives the variation in
data. Standard Deviation shows the variation in data. Variance is a
measure of how data points differ from the mean. The following table
shows the math test scores of two batches of five students each.
In spite of having different scores both batches have the same mean i.e.
76. Standard deviation shows the variation in the scores. With a standard
variation of 14.53 for the first class and 19.60 for the second class, the
conclusion one can make is that the scores from the second class would be
more distributed than the scores in the second class.
Batch Score Square of Variance Batch B Score Square Variance
A Deviation & of &
from Mean Standard Deviation Standard
Deviation from Deviation
for Batch Mean for Batch
A B
3 80 16 3 92 256
4 68 64 SD = 4 52 576 SD =
Ö211.2 Ö384=19
5 52 576 = 14.53 5 52 576 .60
19.60
Mean = Total = 1056 Mean = Total =
76 76 1920
! !419
QUALITY MANAGEMENT AND METRICS
shown in the figure) with Mean (µ=0) and Standard Deviation are
extremely important in statistics and are often used.
'Bell curve' refers to the shape that is created when a graph is plotted
using the data points for an item that meets the criteria of 'normal
distribution'. The mean identifies the position of the center and the
standard deviation determines the height and width of the bell. The center
contains the greatest number of a value and therefore would be the
highest point on the arc of the line. The important thing to note about a
normal distribution is the curve is concentrated in the center and decreases
on either side. The data has less of a tendency to produce unusually
extreme values, called outliers, as compared to other distributions. Also
the bell curve signifies that the data is symmetrical and hence there is a
high possibility that an outcome will lie within a range to the left or right of
the center the amount of deviation contained in the data can be measured.
!
The interesting thing about the Normal Distribution is that 68% of all
measurements fall within one sigma either side of the mean. If one takes
all measurements that fall within 3- sigma of the mean - that is between
(mean +3 sigma) to (mean -3 sigma), it will be 99.74% of all outcomes.
In practical terms - if one measures the shoe sizes of the entire population,
the plotted measurements will look like the Normal Distribution, with a
mean (M) and a sigma (S). Almost 100% of all people will have shoe sizes
from M-3S to M+3S, so if one makes shoes one can satisfy 99.74% of all
their customers with just this range of shoe sizes.
! !420
QUALITY MANAGEMENT AND METRICS
! !421
QUALITY MANAGEMENT AND METRICS
Humphrey "If you don't know where you are, a map won't help". One need
to understand the deep "quality philosophy" behind Six Sigma and the way
of improving performance by knowing where you are and where you could
be.
Variation means that a process (X) does not produce the same result (Y)
every time. Some variation will exist in all processes. Variation directly
affects customer experiences.
! !422
QUALITY MANAGEMENT AND METRICS
For a process, the sigma capability is a metric that indicates how well that
process is performing. The higher the sigma capability the better it is.
Sigma capability measures the capability of the process to produce defect-
free outputs. A defect is anything that results in customer dissatisfaction.
99% Good is 3.8 Sigma while 99.99966% Good is 6 Sigma. What does this
mean in practical terms?
! !423
QUALITY MANAGEMENT AND METRICS
20,000 lost articles of mail per hour Seven articles lost per hour
Unsafe drinking water for 15 minutes One unsafe minute every seven months
each day
Two short or long landings at most One short or long landing every five
major airports each day years
No electricity for almost seven hours One hour without electricity every 34
each month years
The DMAIC project methodology has five phases as shown in the figure
below.
! !424
QUALITY MANAGEMENT AND METRICS
Define
❖It is the initial stage of starting the project and the most significant step
❖ Define the system, the voice of the customer and their requirements, and
the project goals, specifically.
❖ Identify the projects that are measurable. Projects are defined including
the demands of the customer and process.
Measure
❖Measure key aspects of the current process and collect relevant data.
❖ Collect such data that can precisely pinpoints the areas causing
problems.
❖ Defects found must be well defined and possible + potential causes for
the problems must be identified
! !425
QUALITY MANAGEMENT AND METRICS
Analyse
❖ Projects are statistically analyzed and the problems are documented.
❖ Statistical analysis is carried out to reduce the potential causes into few
causes.
Improve
❖ Improvements for the potential causes identified in the 'Analysis' step is
❖ A trial run is carried out for a planned period of time to ensure the
revisions and improvements implemented in the process result in
achieving the targeted values.
Control
❖ Proper control and maintenance of the improved states are established in
this step.
❖ Control the future state process to ensure that any deviations from
target are corrected before they result in defects.
! !426
QUALITY MANAGEMENT AND METRICS
❖ There is continuous monitoring of whether the improved process is well
maintained.
❖ Define the goals of the design activity that are consistent with customer
demands and enterprise strategy.
❖ Design details, optimize the design, and plan for design verification. This
phase may require simulations.
❖ Verify the design, set up pilot runs, implement production process and
handover to process owners.
Six Sigma professionals exist at every level - each with a different role to
play. At the project level, there are black belts, master black belts, green
belts, yellow belts and white belts. These people conduct projects and
implement improvements.
❖ Master Black Belt: Develops key metrics and the strategic direction;
acts as an organization's Six Sigma technologist and internal consultant.
The master black belt will make sure everything continues running
smoothly and all the training the company learned stays in the company.
They train and coach Black Belts and Green Belts. They are there to
execute the practices throughout the company, not just within the
project.
❖ Black Belt: They work full time and lead problem-solving projects. They
train and coach project teams. Once the project is completed and
everything has been implemented, they will return to their regular
duties. The projects they head up typically are expected to save the
company at least $100,000.
! !427
QUALITY MANAGEMENT AND METRICS
❖ Green Belt: They assist with data collection and analysis for Black Belt
projects. People with this certification are often referred to as worker
bees because they do the majority of the work during projects. They also
conduct the experiments and tests throughout the project. The main
goals of a green belt are to ensure the success of the training techniques
and lead smaller improvement projects. People with green belts must
have a strong understanding of what the Six Sigma training is all about.
The success stories of implementing Six Sigma and benefiting are many,
GE being in the forefront. One example was about United Technologies
Automotive [UTA] which molds plastic into casings used for car side-view
mirrors. Environmental laws prevented UTA from making more casings
because they were limited by pollution caused by the painting. Using Six-
sigma, GE found a way to add a carbon-based conductor to plastic causing
far more paint to stick and cutting UTA's pollution by 35%. Now GE sells
more plastic to UTA.
A simpler case in India was when a leading IT company found during the
Y2K and e-Biz boom that their readiness to serve was hampered severely
by the time and effort spent on recruitment, hiring and training of fresh
talent. The stages in recruitment after the placement of advertisements for
fresh talent at that time were:
! !428
QUALITY MANAGEMENT AND METRICS
❖ Receiving physical applications and responses from candidates (30 days
lead time)
The final hit rates hovered around 15%; for selecting 100 successful
candidates one needed to select at least 695 candidates at the aptitude
test stage. The supply-demand ratio was such that 8000+ applications
would come in for 100 positions. Each stage required a panel of HR staff,
technical staff, interviewing staff and Senior Managers for the final
selection. HR (recruitment) had a challenging task of coordinating the
panel teams who had to juggle the schedules (and pressures) of project
responsibilities, weekends and interview schedules to finally get 100
candidates on board.
The company put a small task force to study the problem and applied Six
Sigma techniques to find a solution and reduce this cycle time. The task
force analyzed the steps in the recruitment process, the activities and
gathered data on the efforts and the time taken to recruit 100 candidates
in different business groups and locations of the organization. It was found
that the average effort spent was 13 person days per selected candidate.
Without getting into the nitty-gritty of numbers, in summary the task force
found two areas of risks and cascading effect of delays. The first one was
the physical resume scanning which could take as much as 5 days per
candidate and the final interview stage which took 3+ days per candidate.
The second bottleneck was the availability of the appropriate interview
panel (technology, role, seniority, etc.) during weekends or during office
hours when there is peak load of work.
Seniors were always found to be busy and candidates had to wait out
sometimes for hours and cancellation of interviews was not uncommon.
Though sounding too simple today the solutions were
! !429
QUALITY MANAGEMENT AND METRICS
The net result was that the recruitment time reduced to 5.6 days per
selected candidate after the Six Sigma based exercise.
! !430
QUALITY MANAGEMENT AND METRICS
Most of the carriers are illiterate; the dabbas have distinguishing marks on
them for identification, sorting, picking, transferring and delivery. These
include abbreviations for collection points, color code for starting station,
number for destination station and markings for the handling dabbawala at
destination, building and floor. Each dabbawala has a designated role,
takes his collected boxes to a designated sorting place, where the boxes
are sorted into groups or bundles. The grouped boxes are put in the
designated coaches of trains, with markings to identify the destination of
the box. The boxes could be traversing multiple rail routes before reaching
their destination addresses. The return process is identical in the return
direction.
The GE success story can be read in the article Why GE's Six Sigma
Success Story Is Still Relevant, March 31, 2011 by Mark Micheletti.
In recent years, some practitioners have combined Six Sigma ideas with
lean manufacturing to create a methodology named Lean Six Sigma. Lean
was developed by Toyota and is mainly focused on process flow and
eliminating waste issues. Six Sigma focuses on variation and design. These
two methodologies act as complementary disciplines aimed at promoting
! !431
QUALITY MANAGEMENT AND METRICS
Going further it was felt that even though one could achieve a good degree
of defect-free products using lowest cost production that is world class and
earns profit, one ingredient that was missing was the concept of "value".
Hence a new technique "Third Generation Six Sigma" came into force. It
was aimed to show companies how to deliver products or services that, in
the eyes of customers, have real value. Companies like Korean steel maker
Posco (3rd largest steel maker) and Electronics maker Samsung are two
examples while the Government of India has bought into the idea and has
begun promoting it both in private and government-owned industries
there. Gen III addresses issues or shortcomings in the past Six Sigma
programmes
Every good initiative comes with its share of criticism. Six Sigma also faces
some of them.
! !432
QUALITY MANAGEMENT AND METRICS
9.7 METRICS
Where do all these standards and their implementation lead to? How is it
relevant to Software Engineering?
The assumption is that the entire purpose of having the tools, methods and
processes was to produce "quality" products or deliver "quality" services to
meet and/or exceed customer expectations.
accuracy)
❖ Must be efficient.
❖ Must be consistent
❖ Must have easy to learn and easy to use
Suppose one collects metrics from everyday life. What would one measure?
! !433
QUALITY MANAGEMENT AND METRICS
College experience
❖ Grades received in class last semester
❖ Number of classes taken each semester
❖ Amount of time spent in class this week
❖ Amount of time spent on studying and homework this week
❖ Number of hours of sleep last night
Travel
❖ Time to drive from home to the airport
❖ Amount of miles traveled today
❖ Cost of meals and lodging for yesterday
There are several terms used when one talks of metrics i.e. Measures,
Metrics, and Indicators. These are terms often used interchangeably - but
have subtle differences.
9.7.1 Measurement
! !434
QUALITY MANAGEMENT AND METRICS
❖ Estimating the component costs for software for example design cost,
coding costs are rarely done
! !435
QUALITY MANAGEMENT AND METRICS
Tom DeMarco quotes: "You cannot control what you cannot measure.
You can neither predict nor control what you cannot measure" -
Unquote.
Metrics are used to drive improvements and help businesses focus their
people and resources on what's important. The range of metrics that
companies can employ vary from those that are mandatory - for legal,
safety or contractual purposes - to those that track increases in efficiency,
reductions in complaints, greater profits and better savings. Metrics
indicate the priorities of the company and provide a window on
performance, ethos and ambition.
products
❖ Understand what is happening during development and maintenance
❖ Control the projects
❖ Improving the processes and products of software projects
To control any activity, one must have the knowledge about the activity
inside the project. Each activity has some specific area of measure to
! !436
QUALITY MANAGEMENT AND METRICS
control. If one knows what is to be controlled i.e. if one knows the measure
then one can control any activity of that project. Measurement of particular
project or program leads to effective controlling of any problem
Product Metrics
Why do we need to measure size? Assume that software A has 120 defects
while software B has 1 defect. How does one compare A and B?
Additionally if software A has 10,000 lines of code and software B has 10
lines of code then what can be said about A and B? From the given fact one
can say that: Defect density (A) < Defect Density (B) It becomes clear
ONLY when the size of the code is examined and not just the number of
defects. Hence, it is important to measure the size.
! !437
QUALITY MANAGEMENT AND METRICS
! !438
QUALITY MANAGEMENT AND METRICS
❖ Estimate the cost or effort for design, coding & testing software
Once the basic Function points are calculated, one assigns a weighting
factor (complexity value) with each count based on criteria established by
the organization. The overall characteristics of a system must be assessed
! !439
QUALITY MANAGEMENT AND METRICS
and factored in to get the total number of Adjusted Function Points. This is
done by examining 14 general system characteristics of the system, such
as the transaction rate, performance, and installation ease. Each
characteristic is evaluated as to its degree of influence on the system..
There are 14 value adjustment factors with each ranging in value from 0
(not important) to 5 (absolutely essential). The Total Degree of Influence is
used in a formula to give the Adjusted Function Point Count, commonly
called the Function Point Count
Although FP is usually more realistic metric than LOC calculating FP's needs
training and sometimes LOC is a good enough metric.
Process Metrics
Most students are puzzled when one talks of measuring processes. How
does one measure "testing", "coding", "requirement gathering" or,
"estimating"? How does one improve such processes? The only rational
way to improve any process is oto measure specific attributes of the
process, develop a set of meaningful metrics based on these attributes and
use the metrics to provide indicators that will lead to a strategy for
improvement.
Process metrics gathered from projects over a long period of time are used
for making strategic decisions. The intent is to provide a set of process
indicators that lead to long-term software process improvements.
! !440
QUALITY MANAGEMENT AND METRICS
❖ Errors uncovered before release of the software
❖ %age of total errors uncovered in requirement, design, coding phase
❖ %age of total errors uncovered in testing phase
❖ Defects discovered after delivery to customer
❖ %age effort spent for each SDLC phase
❖ Effort/time per software engineering task
❖ Errors uncovered per review hour
❖ Changes (number) and their characteristics
❖ Propagation of errors from one process activity to another activity
❖ The number of components produced and their degree of reusability
Project Metrics
Management of the software development process requires the ability to
identify measures that characterize the underlying parameters to control
and aid continuous improvement of the project. Organizations make
several attempts and research inside and outside the company on
gathering metrics and end up with a huge set of proposed metrics. In the
initial stages any data collection for metric management is an uphill task.
One must start with some set of easy metrics that involves less additional
burden on the project teams and then incrementally add new metrics or
improve the data being gathered.
! !441
QUALITY MANAGEMENT AND METRICS
This applies for metrics compliance programs as well. Initially filling a form
for test cases looks tedious and arduous. Soon IT remains, the HABIT is
formed. Fresh joiners to an organization adapt to the process easily if the
HABIT is seen as a "culture" thing in the organization.
! !442
QUALITY MANAGEMENT AND METRICS
❖ Assess product quality on an ongoing basis
❖ Effort Variance: Difference between the planned outlined effort and the
effort required to actually undertake a task
❖ Size Variance: Difference between the estimated size of the project and
the actual size of the project (normally in KLOC or FP)
! !443
QUALITY MANAGEMENT AND METRICS
! !444
QUALITY MANAGEMENT AND METRICS
❖ Operational characteristics
❖ Ability to undergo change
❖ Adaptability to new environments
! !445
QUALITY MANAGEMENT AND METRICS
❖ Correctness: The extent to which a program satisfies its specs and fulfills
the customer's mission objectives.
! !446
QUALITY MANAGEMENT AND METRICS
Attributes
❖ Consistent and objective : The metric should always yield results that are
unambiguous
! !447
QUALITY MANAGEMENT AND METRICS
tool in hand the results can be error prone; thinking and overthinking is
not the answer.
❖ Work with practitioners and teams to set clear goals and metrics that will
be used to achieve them
There are several great minds who have given their views on quality and
some of their quotes are legendary.
❖ "Always do things right. This will gratify some people and astonish the
rest."- Mark Twain
! !448
QUALITY MANAGEMENT AND METRICS
❖ "People forget how fast you did a job - but they remember how well you
did it" - Howard Newton
❖ "If a thing's worth doing, it's worth doing well."- Chinese Proverb
! !449
QUALITY MANAGEMENT AND METRICS
! !450
QUALITY MANAGEMENT AND METRICS
9.9 SUMMARY
It is well known how after World War II Japan rebuilt itself and many
industries + executives went through training in quality conducted by Dr.
Deming and Dr. Juran. Poor software quality has resulted in several
financial and physical, security and other disasters. Software Quality
Management comprises of three principal activities of Quality Assurance,
Quality Planning and Quality Control. Assurance involves preventing defects
(management by inputs) while Control involves detecting and fixing defects
(management by outputs). The Seven Basic Tools of Quality along with
Testing and Six Sigma are most helpful in troubleshooting issues related to
quality. Obviously quality comes with its' associated costs which includes
the total cost of conformance and non-conformance. Ironically it also
includes the cost of NOT creating a quality product or service. External
failure costs are the most critical compared to the other costs of
prevention, appraisals, internal failures and measurement costs.
Six sigma aims to reduce process output variation and follows methodology
Define, Measure, Act, Improve and Control (DMAIC), which in 10+ years
after it was initiated by Motorola, GE and other companies, has become a
brand in large manufacturing corporations and adapted in IT too.
! !451
QUALITY MANAGEMENT AND METRICS
1. What is the meaning of the word "Quality"? Explain briefly the different
views of Quality.
7. Six Sigma
! !452
QUALITY MANAGEMENT AND METRICS
14.What does capability and maturity mean? What are Capability and
Maturity Levels?
20.What does institutionalization mean? What are the challenges for this?
! !453
QUALITY MANAGEMENT AND METRICS
28.Briefly indicate some of the examples of metrics that one can collect in
our everyday life (other than given in the book).
31.Tom DeMarco quote was - "You cannot control what you cannot
measure. You can neither predict nor control what you cannot
measure". Discuss this quote with some practical example. For example
a patient in a hospital recovering after surgery.
36.Explain the use of the size metric - lines of code, how it can be
measured and used? What kind of benefits can follow by using the LOC
metric?
37.Explain the use of the Function points - FPs. How can it be measured
and used? What kind of benefits can follow by using the FP metrics?.
! !454
QUALITY MANAGEMENT AND METRICS
38.Briefly explain how Function Points are computed? What does the FP
indicate? And how can it be useful?
41.Explain some of the process metrics gathered for a software project and
indicate how it will help in assuring quality to the end customer?
43.A large construction company builds the sea-link bridge across a back-
water creek in Mumbai. List down some of the project metrics the
organization could have gathered to monitor the project. Explain each of
these metrics, how it can be measured and how the project can be
controlled.
44.Explain the transition from "A HABIT" to "IT" for a software organization
where employees adapt to a new process or rule e.g. wearing ties.
47.What are the 11 quality factors? Write a few lines for each of them.
50.It is said that "Quality is a journey". Why? Discuss your own journey of
quality in the organization you worked for.
! !455
QUALITY MANAGEMENT AND METRICS
Google Links
1. http://asq.org/learn-about-quality/cause-analysis-tools/overview/
scatter.html
2. http://asq.org/service/body-of-knowledge/tools-run-chart
3. http://blog.iesve.com/index.php/2010/01/26/the-architecture-design-
concept-of-software-engineering/
4. http://blog.lnsresearch.com/blog/bid/200624/A-Metric-Misused-or-
Misunderstood-Is-Worse-than-No-Metric-at-All
5. http://blog.proqc.com/quality-quotes/
6. http://bokardo.com/principles-of-user-interface-design/
7. http://c2.com/cgi/wiki?
SoftwareDevelopmentImprovementParadigmShift
8. http://codebetter.com/raymondlewallen/2005/07/19/4-major-principles-
of-object-oriented-programming/
9. http://computer-literacybase.blogspot.in/2011/03/performing-user-
interface-design-golden.html
11.http://en.wikibooks.org/wiki/C%2B%2B_Programming/
Exception_Handling
12.http://en.wikibooks.org/wiki/Introduction_to_Software_Engineering/
Architecture/Design_Patterns
13.http://en.wikibooks.org/wiki/Introduction_to_Software_Engineering/
Implementation/Code_Convention
! !456
QUALITY MANAGEMENT AND METRICS
14.http://en.wikipedia.org/wiki/Acceptance_testing
15.http://en.wikipedia.org/wiki/Agile_software_development
16.http://en.wikipedia.org/wiki/Alan_M._Davis
17.http://en.wikipedia.org/wiki/Black-box_testing
18.http://en.wikipedia.org/wiki/C%2B%2B
19.http://en.wikipedia.org/wiki/Change_management_%28engineering
%29
20.http://en.wikipedia.org/wiki/Change_request
21.http://en.wikipedia.org/wiki/Class_diagram
22.http://en.wikipedia.org/wiki/Class-responsibility-collaboration_card
23.http://en.wikipedia.org/wiki/Coding_conventions
24.http://en.wikipedia.org/wiki/Configuration_management
25.http://en.wikipedia.org/wiki/Control_chart
26.http://en.wikipedia.org/wiki/Custom_software
27.http://en.wikipedia.org/wiki/Cyclomatic_complexity
28.http://en.wikipedia.org/wiki/Dynamic_testing
29.http://en.wikipedia.org/wiki/Encapsulation_%28object-
oriented_programming%29
30.http://en.wikipedia.org/wiki/Entity%E2%80%93relationship_model
31.http://en.wikipedia.org/wiki/Equivalence_partitioning
32.http://en.wikipedia.org/wiki/Falkirk_Wheel
! !457
QUALITY MANAGEMENT AND METRICS
33.http://en.wikipedia.org/wiki/Function_point
34.http://en.wikipedia.org/wiki/Histogram
35.http://en.wikipedia.org/wiki/History_of_the_euro
36.http://en.wikipedia.org/wiki/HP_QuickTest_Professional
37.http://en.wikipedia.org/wiki/HP_WinRunner
38.http://en.wikipedia.org/wiki/Incremental_build_model
39.http://en.wikipedia.org/wiki/Information_hiding
40.http://en.wikipedia.org/wiki/Inheritance_%28object-
oriented_programming%29
41.http://en.wikipedia.org/wiki/Integration_testing
42.http://en.wikipedia.org/wiki/Ishikawa_diagram
43.http://en.wikipedia.org/wiki/
List_of_failed_and_overbudget_custom_software_projects
44.http://en.wikipedia.org/wiki/Memory_leak
45.http://en.wikipedia.org/wiki/Method_%28computer_programming%29
46.http://en.wikipedia.org/wiki/Modular_design
47.http://en.wikipedia.org/wiki/Modularity
48.http://en.wikipedia.org/wiki/Mutation_testing
49.http://en.wikipedia.org/wiki/Object-oriented_analysis_and_design
50.http://en.wikipedia.org/wiki/Open/closed_principle
51.http://en.wikipedia.org/wiki/Pareto_chart
! !458
QUALITY MANAGEMENT AND METRICS
52.http://en.wikipedia.org/wiki/Quality_costs
53.http://en.wikipedia.org/wiki/Rapid_application_development
54.http://en.wikipedia.org/wiki/Regression_testing
55.http://en.wikipedia.org/wiki/Reusability
56.http://en.wikipedia.org/wiki/Run_chart
57.http://en.wikipedia.org/wiki/Scatter_plot
58.http://en.wikipedia.org/wiki/Scrum_(software_development)
59.http://en.wikipedia.org/wiki/Security_testing
60.http://en.wikipedia.org/wiki/Seven_Basic_Tools_of_Quality
61.http://en.wikipedia.org/wiki/Smoke_testing_(software)
62.http://en.wikipedia.org/wiki/Software_configuration_management
63.http://en.wikipedia.org/wiki/Software_deployment
64.http://en.wikipedia.org/wiki/Software_design
65.http://en.wikipedia.org/wiki/Software_development_process
66.http://en.wikipedia.org/wiki/Software_engineering
67.http://en.wikipedia.org/wiki/Software_evolution
68.http://en.wikipedia.org/wiki/Software_maintenance
69.http://en.wikipedia.org/wiki/Software_portability
70.http://en.wikipedia.org/wiki/Software_prototyping
71.http://en.wikipedia.org/wiki/Software_testing
! !459
QUALITY MANAGEMENT AND METRICS
72.http://en.wikipedia.org/wiki/Software_verification_and_validation
73.http://en.wikipedia.org/wiki/Static_testing
74.http://en.wikipedia.org/wiki/Test_automation
75.http://en.wikipedia.org/wiki/Test_script
76.http://en.wikipedia.org/wiki/The_Chicken_and_the_Pig
77.http://en.wikipedia.org/wiki/Unified_Process
78.http://en.wikipedia.org/wiki/Value_object
79.http://en.wikipedia.org/wiki/Verification_and_validation
80.http://en.wikipedia.org/wiki/V-Model_%28software_development%29
81.http://en.wikipedia.org/wiki/White-box_testing
82.http://eras.readthedocs.org/en/latest/doc/guidelines.html
83.http://geosoft.no/development/cppstyle.html
84.http://infolab.stanford.edu/~burback/watersluice/node19.html
85.http://istqbexamcertification.com/what-is-a-defect-life-cycle/
86.http://istqbexamcertification.com/what-is-rad-model-advantages-
disadvantages-and-when-to-use-it/
87.http://istqbexamcertification.com/what-is-security-testing-in-software/
88.http://istqbexamcertification.com/what-is-v-model-advantages-
disadvantages-and-when-to-use-it/
89.http://istqbexamcertification.com/why-is-testing-necessary/
90.http://oer.nios.ac.in/wiki/index.php/
Phases_of_System_Development_Life_Cycle
! !460
QUALITY MANAGEMENT AND METRICS
91.http://pmstudycircle.com/2012/01/configuration-management-vs-
change-management/
92.http://programmers.stackexchange.com/questions/134256/what-is-
the-difference-between-a-software-process-model-and-software-
engineering
93.http://programmers.stackexchange.com/questions/173547/what-is-
the-difference-between-data-hiding-and-encapsulation
94.http://reqtest.com/testing-blog/differences-between-different-test-
levels/
95.http://scrummethodology.com/
96.http://searchsoftwarequality.techtarget.com/guides/Quality-metrics-A-
guide-to-measuring-software-quality
97.http://spectrum.ieee.org/computing/software/why-software-fails
98.http://stackoverflow.com/questions/359790/what-are-pitfalls-for-agile-
development-methodologies
99.http://testermindset.blogspot.in/2011_05_01_archive.html
100.http://testingbasicinterviewquestions.blogspot.in/2012/01/why-we-
use-stubs-and-drivers.html
101.http://testingbasicinterviewquestions.blogspot.in/search/labelSmoke
%20Testing%20Example.
102.http://users.csc.calpoly.edu/~jdalbey/206/Lectures/BasisPathTutorial/
103.http://www.3csoftware.com/to-build-or-to-buy-comparing-custom-
and-off-the-shelf-software-applications/
104.http://www.avionyx.com/publications/e-newsletter/issue-3/126-
demystifying-software-coupling-in-embedded-systems.html
! !461
QUALITY MANAGEMENT AND METRICS
105.http://www.cavehill.uwi.edu/staff/eportfolios/paulwalcott/courses/
comp2145/2010/design_-_concepts_and_principles.htm
106.http://www.cs.cornell.edu/courses/cs501/2005sp/syllabus.html
107.http://www.cs.olemiss.edu/~hcc/csci581oo/notes/
dataAbstraction.html
108.http://www.c-sharpcorner.com/Forums/Thread/175854/what-is-
inheritance-in-oops-with-example-why-we-are-using.aspx
109.http://www.defectmanagement.com/defectmanagement/index.htm
110.http://www.designyourway.net/blog/inspiration/menus-and-buttons-
in-mobile-design-45-examples/
111.http://www.engineeringtoolbox.com/pumping-water-horsepower-
d_753.html
112.http://www.etestinghub.com/v_model.php
113.http://www.freepatentsonline.com/article/International-Journal-
Business-Research/190463129.html(Object-orientedprogramming
(Analysis)
114.http://www.fsa.usda.gov/FSA/sdlcapp?
area=home&subject=dev&topic=req
115.http://www.geometrick.com/fv_wys_mis_metric.htm
116.http://www.guru99.com/static-dynamic-testing.html
117.http://www.guru99.com/user-acceptance-testing.html
118.h t t p : / / w w w. h a r m o n i c s s . c o. u k / i n d e x . p h p / t u t o r i a l s / s o f t wa r e -
engineering/56-the-death-of-the-v-model
119.http://www.informit.com/articles/article.aspx?p=19796&seqNum=3
! !462
QUALITY MANAGEMENT AND METRICS
120.http://www.infoworld.com/article/2623631/agile-development/an-
agile-pioneer-versus-an--agile-ruined-my-life--critic.html
121.http://www.isixsigma.com/methodology/metrics/importance-
implementing-effective-metrics/
122.http://www.isixsigma.com/methodology/metrics/tips-defining-and-
collecting-it-process-metrics/
123.http://www.math-cs.gordon.edu/courses/cs211/ATMExample/
InitialFunctionalTests.html
124.http://www.methodsandtools.com/archive/archive.php?id=32
125.http://www.methodsandtools.com/archive/archive.php?
id=32(Understanding the Unified Process (UP)
126.http://www.mindtools.com/pages/article/newTMC_03.htm
127.http://www.mountaingoatsoftware.com/blog/my-primary-criticism-of-
scrum
128. http://www.my-project-management-expert.com/the-advantages-
and-disadvantages-of- agile-software-development.html
129.http://www.nngroup.com/articles/first-rule-of-usability-dont-listen-to-
users/
130.http://www.nngroup.com/articles/ten-usability-heuristics/http://
www.cse.lehigh.edu/~gtan/bug/softwarebug.html
131.http://www.qcin.org/nbqp/qualityindia/Vol-1-No1/qualityjourney.php
132.http://www.slu.edu/its/policies-and-processes
133.http://www.softwaretestingclub.com/profiles/blogs/defect-clustering-
pesticide-paradox
134.http://www.softwaretestinghelp.com/security-testing-of-web-
applications/
! !463
QUALITY MANAGEMENT AND METRICS
135.http://www.softwaretestinghelp.com/static-testing-and-dynamic-
testing-difference/
136.http://www.softwaretestinghelp.com/test-case-template-examples/
137.http://www.softwaretestinghelp.com/what-is-performance-testing-
load-testing-stress-testing/
138.http://www.softwaretestinghelp.com/why-documentation-is-
important-in-software-testing/
139.http://www.softwaretestingstuff.com/2007/10/top-down-testing-vs-
bottom-up- testing.html
140.http://www.stevemcconnell.com/rdenum.htm
142.http://www.useoftechnology.com/5-ethical-challenges-information-
technology/
143.http://en.wikipedia.org/wiki/Cloud_computing
144.http://www.news24.com/Technology/News/Drone-delivers-beer-at-
Oppikoppi-20130808-Drone delivers beer at Oppikoppi
145.http://en.wikipedia.org/wiki/History_of_the_InternetHistory of the
Internet
146.http://en.wikipedia.org/wiki/Information_technology_controls-
Informationtechnologycontrols
147.http://www.risktec.co.uk/knowledge-bank/technical-articles/lessons-
learned-from-lehman-brothers.aspxLessonslearnedfromLehmanBrothers
148.http://www.aaxnet.com/design/where.html-
WhereisInformationTechnologyHeaded?
! !464
QUALITY MANAGEMENT AND METRICS
149.http://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration-
CapabilityMaturityModelIntegration
150.http://en.wikipedia.org/wiki/CMMI_Version_1.3CMMIVersion1.3
151.http://en.wikipedia.org/wiki/History_of_software_engineering-History
ofsoftwareengineering
152.http://hrsuccess.wordpress.com/2013/01/25/in-god-we-trust-all-
others-bring-data/InGodWeTrust,allothersbringdata
153.http://en.wikipedia.org/wiki/Quality_management-
Qualitymanagement
154.h t t p : / / w w w. t u t o r i a l s p o i n t . c o m / c m m i / c m m i - o v e r v i e w. h t m -
SEICMMIOverview
155.http://en.wikipedia.org/wiki/Six_Sigma-SixSigma
156.http://en.wikipedia.org/wiki/Software_crisis-Softwarecrisis
157.http://en.wikipedia.org/wiki/Software_quality-Software quality
158.http://en.wikipedia.org/wiki/W._Edwards_Deming-W.EdwardsDeming
159.http://www.response-uk.co.uk/blog/is-process-killing-
creativity.htmlbyAudreyFitzpatrick
160.http://en.wikipedia.org/wiki/Google_China-GoogleChina
161.http://www.sw-engineering-candies.com/blog-1/
top10thingseverysoftwareengineershouldknow
162.http://www.techiwarehouse.com/engine/18a41ffa/Software-
Engineering-Phases
163.http://www.technologyexecutivesclub.com/Articles/management/
artChangeControl.php
164.http://www.technotrice.com/rad-model-software-engineering/
! !465
QUALITY MANAGEMENT AND METRICS
165.http://www.uxdesignedge.com/2010/06/intuitive-ui-what-the-heck-is-
it/
166. https://danashby04.wordpress.com/2013/07/09/manual-testing-and-
automated-testing-the-myths-the-misconceptions-and-the-reality/
167.https://intensetesting.wordpress.com/2014/03/28/memory-leak-
testing-why-it-is-important-how-is-it-done/
168.https://users.csc.calpoly.edu/~djanzen/secsdiff.html
169.https://www.artima.com/weblogs/viewpost.jsp?thread=218013
(AgitatingThoughts&Ideas-SoftwareMetricsDon'tKillProjects,Moronic
ManagersKill Projects)
170.https://www.veracode.com/blog/2013/12/static-testing-vs-dynamic-
testing
2. Six Sigma Belts, Executives and Champions - What Does It All Mean?
! !466
QUALITY MANAGEMENT AND METRICS
13.People Capability Maturity Model (P-CMM) V 2.0, 2nd Edition - SEI, July
2009 Technical Report
! !467
QUALITY MANAGEMENT AND METRICS
30.A study of six sigma implementation and critical success factors Mr.
Obaidullah Hakeem Khan Kundi Pakistan Institute of Quality Control
! !468
QUALITY MANAGEMENT AND METRICS
! !469
QUALITY MANAGEMENT AND METRICS
57.Software Process and Product Metrics CIS 375, Bruce R. Maxim, UM-
Dearborn
! !470
QUALITY MANAGEMENT AND METRICS
! !471
QUALITY MANAGEMENT AND METRICS
REFERENCE MATERIAL
Click on the links below to view additional reference material for this
chapter
Summary
PPT
MCQ
! !472