Professional Documents
Culture Documents
SOFTWARE QUALITY
10-1
10-2 SWEBOK® Guide V3.0
use.” Stakeholder value is expressed in require- the many aspects of quality be formally defined
ments. For software products, stakeholders could and discussed.
value price (what they pay for the product), lead A software engineer should understand qual-
time (how fast they get the product), and software ity concepts, characteristics, values, and their
quality. application to the software under development or
This KA addresses definitions and provides an maintenance. The important concept is that the
overview of practices, tools, and techniques for software requirements define the required quality
defining software quality and for appraising the attributes of the software. Software requirements
state of software quality during development, influence the measurement methods and accep-
maintenance, and deployment. Cited references tance criteria for assessing the degree to which
provide additional details. the software and related documentation achieve
the desired quality levels.
BREAKDOWN OF TOPICS FOR
SOFTWARE QUALITY 1.1. Software Engineering Culture and Ethics
[3*, c1s4] [6*, c2s3.5]
The breakdown of topics for the Software Quality
KA is presented in Figure 10.1. Software engineers are expected to share a com-
mitment to software quality as part of their culture.
1. Software Quality Fundamentals A healthy software engineering culture includes
many characteristics, including the understanding
Reaching agreement on what constitutes quality that tradeoffs among cost, schedule, and quality
for all stakeholders and clearly communicating are a basic tenant of the engineering of any prod-
that agreement to software engineers require that uct. A strong software engineering ethic assumes
Software Quality 10-3
that engineers accurately report information, con- software product to the customer. External fail-
ditions, and outcomes related to quality. ure costs include activities to respond to software
Ethics also play a significant role in software problems discovered after delivery to the customer.
quality, the culture, and the attitudes of software Software engineers should be able to use CoSQ
engineers. The IEEE Computer Society and the methods to ascertain levels of software quality
ACM have developed a code of ethics and pro- and should also be able to present quality alter-
fessional practice (see Codes of Ethics and Pro- natives and their costs so that tradeoffs between
fessional Conduct in the Software Engineering cost, schedule, and delivery of stakeholder value
Professional Practice KA). can be made.
Defining and then achieving software quality is Terminology for software quality characteristics
not simple. Quality characteristics may or may differs from one taxonomy (or model of software
not be required, or they may be required to a quality) to another, each model perhaps having
greater or lesser degree, and tradeoffs may be a different number of hierarchical levels and a
made among them. To help determine the level different total number of characteristics. Various
of software quality, i.e., achieving stakeholder authors have produced models of software qual-
value, this section presents cost of software qual- ity characteristics or attributes that can be useful
ity (CoSQ): a set of measurements derived from for discussing, planning, and rating the quality
the economic assessment of software quality of software products. ISO/IEC 25010: 2011 [4]
development and maintenance processes. The defines product quality and quality in use as two
CoSQ measurements are examples of process related quality models. Appendix B in the SWE-
measurements that may be used to infer charac- BOK Guide provides a list of applicable standards
teristics of a product. for each KA. Standards for this KA cover various
The premise underlying the CoSQ is that the ways of characterizing software quality.
level of quality in a software product can be
inferred from the cost of activities related to deal- 1.3.1. Software Process Quality
ing with the consequences of poor quality. Poor
quality means that the software product does not Software quality management and software engi-
fully “satisfy stated and implied needs” or “estab- neering process quality have a direct bearing on
lished requirements.” There are four cost of qual- the quality of the software product.
ity categories: prevention, appraisal, internal fail- Models and criteria that evaluate the capabili-
ure, and external failure. ties of software organizations are primarily proj-
Prevention costs include investments in software ect organization and management considerations
process improvement efforts, quality infrastruc- and, as such, are covered in the Software Engi-
ture, quality tools, training, audits, and manage- neering Management and Software Engineering
ment reviews. These costs are usually not specific Process KAs.
to a project; they span the organization. Appraisal It is not possible to completely distinguish pro-
costs arise from project activities that find defects. cess quality from product quality because process
These appraisal activities can be categorized into outcomes include products. Determining whether
costs of reviews (design, peer) and costs of test- a process has the capability to consistently pro-
ing (software unit testing, software integration, duce products of desired quality is not simple.
system level testing, acceptance testing); appraisal The software engineering process, discussed
costs would be extended to subcontracted software in the Software Engineering Process KA, influ-
suppliers. Costs of internal failures are those that ences the quality characteristics of software prod-
are incurred to fix defects found during appraisal ucts, which in turn affect quality as perceived by
activities and discovered prior to delivery of the stakeholders.
10-4 SWEBOK® Guide V3.0
1.3.2. Software Product Quality in quality who have stated that the quality of a
product is directly linked to the quality of the
The software engineer, first of all, must determine process used to create it. Approaches such as the
the real purpose of the software. In this regard, Deming improvement cycle of Plan-Do-Check-
stakeholder requirements are paramount, and they Act (PDCA), evolutionary delivery, kaizen, and
include quality requirements in addition to func- quality function deployment (QFD) offer tech-
tional requirements. Thus, software engineers niques to specify quality objectives and determine
have a responsibility to elicit quality requirements whether they are met. The Software Engineering
that may not be explicit at the outset and to under- Institute’s IDEAL is another method [7*]. Qual-
stand their importance as well as the level of diffi- ity management is now recognized by the SWE-
culty in attaining them. All software development BOK Guide as an important discipline.
processes (e.g., eliciting requirements, designing, Management sponsorship supports process and
constructing, building, checking, improving qual- product evaluations and the resulting findings.
ity) are designed with these quality requirements Then an improvement program is developed
in mind and may carry additional development identifying detailed actions and improvement
costs if attributes such as safety, security, and projects to be addressed in a feasible time frame.
dependability are important. The additional devel- Management support implies that each improve-
opment costs help ensure that quality obtained can ment project has enough resources to achieve the
be traded off against the anticipated benefits. goal defined for it. Management sponsorship is
The term work-product means any artifact that solicited frequently by implementing proactive
is the outcome of a process used to create the communication activities.
final software product. Examples of a work-prod-
uct include a system/subsystem specification, a 1.5. Software Safety
software requirements specification for a soft- [9*, c11s3]
ware component of a system, a software design
description, source code, software test documen- Safety-critical systems are those in which a sys-
tation, or reports. While some treatments of qual- tem failure could harm human life, other living
ity are described in terms of final software and things, physical structures, or the environment.
system performance, sound engineering practice The software in these systems is safety-critical.
requires that intermediate work-products relevant There are increasing numbers of applications
to quality be evaluated throughout the software of safety-critical software in a growing number
engineering process. of industries. Examples of systems with safety-
critical software include mass transit systems,
1.4. Software Quality Improvement chemical manufacturing plants, and medical
[3*, c1s4] [9*, c24] [10*, c11s2.4] devices. The failure of software in these systems
could have catastrophic effects. There are indus-
The quality of software products can be improved try standards, such as DO-178C [11], and emerg-
through preventative processes or an itera- ing processes, tools, and techniques for develop-
tive process of continual improvement, which ing safetycritical software. The intent of these
requires management control, coordination, and standards, tools, and techniques is to reduce the
feedback from many concurrent processes: (1) risk of injecting faults into the software and thus
the software life cycle processes, (2) the process improve software reliability.
of fault/defect detection, removal, and preven- Safety-critical software can be categorized as
tion, and (3) the quality improvement process. direct or indirect. Direct is that software embed-
The theory and concepts behind qual- ded in a safety-critical system, such as the flight
ity improvement—such as building in quality control computer of an aircraft. Indirect includes
through the prevention and early detection of software applications used to develop safety-
defects, continual improvement, and stakeholder critical software. Indirect software is included in
focus—are pertinent to software engineering. software engineering environments and software
These concepts are based on the work of experts test environments.
Software Quality 10-5
Three complementary techniques for reduc- comply with standards established for the project
ing the risk of failure are avoidance, detection (including requirements, constraints, designs,
and removal, and damage limitation. These contracts, and plans). SQC evaluates intermedi-
techniques impact software functional require- ate products as well as the final products.
ments, software performance requirements, and The fourth SQM category dealing with improve-
development processes. Increasing levels of risk ment has various names within the software indus-
imply increasing levels of software quality assur- try, including SPI, software quality improvement,
ance and control techniques such as inspections. and software corrective and preventive action. The
Higher risk levels may necessitate more thorough activities in this category seek to improve process
inspections of requirements, design, and code effectiveness, efficiency, and other characteris-
or the use of more formal analytical techniques. tics with the ultimate goal of improving software
Another technique for managing and control- quality. Although SPI could be included in any of
ling software risk is building assurance cases. An the first three categories, an increasing number
assurance case is a reasoned, auditable artifact of organizations organize SPI into a separate cat-
created to support the contention that its claim egory that may span across many projects (see the
or claims are satisfied. It contains the following Software Engineering Process KA).
and their relationships: one or more claims about Software quality processes consist of tasks
properties; arguments that logically link the evi- and techniques to indicate how software plans
dence and any assumptions to the claims; and a (e.g., software management, development, qual-
body of evidence and assumptions supporting ity management, or configuration management
these arguments [12]. plans) are being implemented and how well the
intermediate and final products are meeting their
2. Software Quality Management Processes specified requirements. Results from these tasks
are assembled in reports for management before
Software quality management is the collection of corrective action is taken. The management of
all processes that ensure that software products, an SQM process is tasked with ensuring that the
services, and life cycle process implementations results of these reports are accurate.
meet organizational software quality objectives Risk management can also play an important
and achieve stakeholder satisfaction [13, 14]. role in delivering quality software. Incorporating
SQM defines processes, process owners, require- disciplined risk analysis and management tech-
ments for the processes, measurements of the niques into the software life cycle processes can
processes and their outputs, and feedback chan- help improve product quality (see the Software
nels throughout the whole software life cycle. Engineering Management KA for related mate-
SQM comprises four subcategories: software rial on risk management).
quality planning, software quality assurance
(SQA), software quality control (SQC), and soft- 2.1. Software Quality Assurance
ware process improvement (SPI). Software qual- [7*, c4–c6, c11, c12, c26–27]
ity planning includes determining which quality
standards are to be used, defining specific quality To quell a widespread misunderstanding, soft-
goals, and estimating the effort and schedule of ware quality assurance is not testing. software
software quality activities. In some cases, soft- quality assurance (SQA) is a set of activities that
ware quality planning also includes defining the define and assess the adequacy of software pro-
software quality processes to be used. SQA activ- cesses to provide evidence that establishes confi-
ities define and assess the adequacy of software dence that the software processes are appropriate
processes to provide evidence that establishes and produce software products of suitable qual-
confidence that the software processes are appro- ity for their intended purposes. A key attribute of
priate for and produce software products of suit- SQA is the objectivity of the SQA function with
able quality for their intended purposes [5]. SQC respect to the project. The SQA function may
activities examine specific project artifacts (docu- also be organizationally independent of the proj-
ments and executables) to determine whether they ect; that is, free from technical, managerial, and
10-6 SWEBOK® Guide V3.0
financial pressures from the project [5]. SQA has life cycle. This assessment demonstrates
two aspects: product assurance and process assur- whether the requirements are correct, com-
ance, which are explained in section 2.3. plete, accurate, consistent, and testable.
The software quality plan (in some industry The V&V processes determine whether
sectors it is termed the software quality assurance the development products of a given activ-
plan) defines the activities and tasks employed ity conform to the requirements of that
to ensure that software developed for a specific activity and whether the product satisfies
product satisfies the project’s established require- its intended use and user needs.
ments and user needs within project cost and
schedule constraints and is commensurate with Verification is an attempt to ensure that the
project risks. The SQAP first ensures that quality product is built correctly, in the sense that the
targets are clearly defined and understood. output products of an activity meet the specifi-
The SQA plan’s quality activities and tasks are cations imposed on them in previous activities.
specified with their costs, resource requirements, Validation is an attempt to ensure that the right
objectives, and schedule in relation to related product is built—that is, the product fulfills its
objectives in the software engineering manage- specific intended purpose. Both the verification
ment, software development, and software main- process and the validation process begin early
tenance plans. The SQA plan should be consis- in the development or maintenance phase. They
tent with the software configuration management provide an examination of key product features
plan (see the Software Configuration Manage- in relation to both the product’s immediate prede-
ment KA). The SQA plan identifies documents, cessor and the specifications to be met.
standards, practices, and conventions governing The purpose of planning V&V is to ensure that
the project and how these items are checked and each resource, role, and responsibility is clearly
monitored to ensure adequacy and compliance. assigned. The resulting V&V plan documents
The SQA plan also identifies measures; statistical describe the various resources and their roles and
techniques; procedures for problem reporting and activities, as well as the techniques and tools to be
corrective action; resources such as tools, tech- used. An understanding of the different purposes of
niques, and methodologies; security for physical each V&V activity helps in the careful planning of
media; training; and SQA reporting and docu- the techniques and resources needed to fulfill their
mentation. Moreover, the SQA plan addresses purposes. The plan also addresses the manage-
the software quality assurance activities of any ment, communication, policies, and procedures of
other type of activity described in the software the V&V activities and their interaction, as well as
plans—such as procurement of supplier software defect reporting and documentation requirements.
for the project, commercial off-the-shelf software
(COTS) installation, and service after delivery of 2.3. Reviews and Audits
the software. It can also contain acceptance crite- [9*, c24s3] [16*]
ria as well as reporting and management activi-
ties that are critical to software quality. Reviews and audit processes are broadly defined
as static—meaning that no software programs or
2.2. Verification & Validation models are executed—examination of software
[9*, c2s2.3, c8, c15s1.1, c21s3.3] engineering artifacts with respect to standards that
have been established by the organization or proj-
As stated in [15], ect for those artifacts. Different types of reviews
and audits are distinguished by their purpose, lev-
The purpose of V&V is to help the devel- els of independence, tools and techniques, roles,
opment organization build quality into the and by the subject of the activity. Product assur-
system during the life cycle. V&V pro- ance and process assurance audits are typically
cesses provide an objective assessment conducted by software quality assurance (SQA)
of products and processes throughout the personnel who are independent of development
Software Quality 10-7
Inputs to management reviews may include The team follows the documented review pro-
audit reports, progress reports, V&V reports, and cedure. The technical review is completed once
plans of many types, including risk management, all the activities listed in the examination have
project management, software configuration been completed.
management, software safety, and risk assess- Technical reviews of source code may include a
ment, among others. (Refer to the Software Engi- wide variety of concerns such as analysis of algo-
neering Management and the Software Configu- rithms, utilization of critical computer resources,
ration Management KAs for related material.) adherence to coding standards, structure and
10-8 SWEBOK® Guide V3.0
organization of code for testability, and safety- small section of the product at a time (samples).
critical considerations. Each team member examines the software prod-
Note that technical reviews of source code or uct and other review inputs prior to the review
design models such as UML are also termed static meeting, perhaps by applying an analytical tech-
analysis (see topic 3, Practical Considerations). nique (see section 3.3.3) to a small section of
the product or to the entire product with a focus
2.3.3. Inspections on only one aspect—e.g., interfaces. During the
inspection, the moderator conducts the session
“The purpose of an inspection is to detect and and verifies that everyone has prepared for the
identify software product anomalies” [16*]. inspection and conducts the session. The inspec-
Some important differentiators of inspections as tion recorder documents anomalies found. A set
compared to other types of technical reviews are of rules, with criteria and questions germane to
these: the issues of interest, is a common tool used in
inspections. The resulting list often classifies the
1. Rules. Inspections are based upon examining anomalies (see section 3.2, Defect Characteriza-
a work-product with respect to a defined set tion) and is reviewed for completeness and accu-
of criteria specified by the organization. Sets racy by the team. The inspection exit decision
of rules can be defined for different types of corresponds to one of the following options:
workproducts (e.g., rules for requirements,
architecture descriptions, source code). 1. Accept with no or, at most, minor reworking
2. Sampling. Rather that attempt to examine 2. Accept with rework verification
every word and figure in a document, the 3. Reinspect.
inspection process allows checkers to evalu-
ate defined subsets (samples) of the docu- 2.3.4. Walkthroughs
ments under review.
3. Peer. Individuals holding management posi- As stated in [16*],
tions over members of the inspection team
do not participate in the inspection. This is The purpose of a systematic walk-through
a key distinction between peer review and is to evaluate a software product. A walk-
management review. through may be conducted for the purpose
4. Led. An impartial moderator who is trained of educating an audience regarding a soft-
in inspection techniques leads inspection ware product.
meetings.
5. Meeting. The inspection process includes Walkthroughs are distinguished from inspec-
meetings (face to face or electronic) con- tions. The main difference is that the author pres-
ducted by a moderator according to a formal ents the work-product to the other participants in
procedure in which inspection team mem- a meeting (face to face or electronic). Unlike an
bers report the anomalies they have found inspection, the meeting participants may not have
and other issues. necessarily seen the material prior to the meet-
ing. The meetings may be conducted less for-
Software inspections always involve the author mally. The author takes the role of explaining and
of an intermediate or final product; other reviews showing the material to participants and solicits
might not. Inspections also include an inspection feedback. Like inspections, walkthroughs may be
leader, a recorder, a reader, and a few (two to five) conducted on any type of work-product including
checkers (inspectors). The members of an inspec- project plan, requirements, design, source code,
tion team may possess different expertise, such as and test reports.
domain expertise, software design method exper-
tise, or programming language expertise. Inspec-
tions are usually conducted on one relatively
Software Quality 10-9
2.3.5. Process Assurance and Product Assur- • the specific software engineering standards
ance Audits applicable
• the methods and software tools to be used for
As stated in [16*], development and maintenance and for qual-
ity evaluation and improvement
The purpose of a software audit is to pro- • the budget, staff, project organization, plans,
vide an independent evaluation of the con- and scheduling of all processes
formance of software products and pro- • the intended users and use of the system
cesses to applicable regulations, standards, • the integrity level of the system.
guidelines, plans, and procedures.
Information on these factors influences how
Process assurance audits determine the adequacy the SQM processes are organized and docu-
of plans, schedules, and requirements to achieve mented, how specific SQM activities are selected,
project objectives [5]. The audit is a formally what resources are needed, and which of those
organized activity with participants having spe- resources impose bounds on the efforts.
cific roles—such as lead auditor, another auditor, a
recorder, or an initiator—and including a represen- 3.1.2. Dependability
tative of the audited organization. Audits identify
instances of nonconformance and produce a report In cases where system failure may have extremely
requiring the team to take corrective action. severe consequences, overall dependability (hard-
While there may be many formal names for ware, software, and human or operational) is the
reviews and audits, such as those identified in the main quality requirement over and above basic
standard [16*], the important point is that they functionality. This is the case for the following
can occur on almost any product at any stage of reasons: system failures affect a large number of
the development or maintenance process. people; users often reject systems that are unre-
liable, unsafe, or insecure; system failure costs
3. Practical Considerations may be enormous; and undependable systems
may cause information loss. System and soft-
3.1. Software Quality Requirements ware dependability include such characteristics
[9*, c11s1] [18*, c12] as availability, reliability, safety, and security.
[17*, c15s3.2.2, c15s3.3.1, c16s9.10] When developing dependable software, tools and
techniques can be applied to reduce the risk of
3.1.1. Influence Factors injecting faults into the intermediate deliverables
or the final software product. Verification, valida-
Various factors influence planning, management, tion, and testing processes, techniques, methods,
and selection of SQM activities and techniques, and tools identify faults that impact dependability
including as early as possible in the life cycle. Addition-
ally, mechanisms may need to be in place in the
• the domain of the system in which the soft- software to guard against external attacks and to
ware resides; the system functions could be tolerate faults.
safety-critical, mission-critical, business-
critical, security-critical 3.1.3. Integrity Levels of Software
• the physical environment in which the soft-
ware system resides Defining integrity levels is a method of risk
• system and software functional (what the management.
system does) and quality (how well the sys-
tem performs its functions) requirements Software integrity levels are a range of
• the commercial (external) or standard (inter- values that represent software complexity,
nal) components to be used in the system criticality, risk, safety level, security level,
10-10 SWEBOK® Guide V3.0
the causes of the defects—for example, root cause also Formal Methods in the Software Engineer-
analysis (RCA). RCA activities include analyzing ing Models and Methods KA.)
and summarizing the findings to find root causes
and using measurement techniques to improve 3.3.2. Dynamic Techniques
the product and the process as well as to track the
defects and their removal. Process improvement Dynamic techniques involve executing the soft-
is primarily discussed in the Software Engineer- ware code. Different kinds of dynamic techniques
ing Process KA, with the SQM process being a are performed throughout the development and
source of information. maintenance of software. Generally, these are
Data on inadequacies and defects found by testing techniques, but techniques such as simu-
software quality control techniques may be lost lation and model analysis may be considered
unless they are recorded. For some techniques dynamic (see the Software Engineering Models
(e.g., technical reviews, audits, inspections), and Methods KA). Code reading is considered a
recorders are present to set down such informa- static technique, but experienced software engi-
tion, along with issues and decisions. When auto- neers may execute the code as they read through
mated tools are used (see topic 4, Software Qual- it. Code reading may utilize dynamic techniques.
ity Tools), the tool output may provide the defect This discrepancy in categorizing indicates that
information. Reports about defects are provided people with different roles and experience in the
to the management of the organization. organization may consider and apply these tech-
niques differently.
3.3. Software Quality Management Techniques Different groups may perform testing during
[7*, c7s3] [8*, c17] [9*, c12s5, c15s1, p417] software development, including groups inde-
[16*] pendent of the development team. The Software
Testing KA is devoted entirely to this subject.
Software quality control techniques can be cat-
egorized in many ways, but a straightforward 3.3.3. Testing
approach uses just two categories: static and
dynamic. Dynamic techniques involve executing Two types of testing may fall under V&V because
the software; static techniques involve analyzing of their responsibility for the quality of the mate-
documents and source code but not executing the rials used in the project:
software.
• Evaluation and tests of tools to be used on
3.3.1. Static Techniques the project
• Conformance tests (or review of confor-
Static techniques examine software documenta- mance tests) of components and COTS prod-
tion (including requirements, interface specifica- ucts to be used in the product.
tions, designs, and models) and software source
code without executing the code. There are many Sometimes an independent (third-party or
tools and techniques for statically examining soft- IV&V) organization may be tasked to perform
ware work-products (see section 2.3.2). In addi- testing or to monitor the test process V&V may
tion, tools that analyze source code control flow be called upon to evaluate the testing itself: ade-
and search for dead code are considered to be quacy of plans, processes, and procedures, and
static analysis tools because they do not involve adequacy and accuracy of results.
executing the software code. The third party is not the developer, nor is it
Other, more formal, types of analytical tech- associated with the development of the product.
niques are known as formal methods. They are Instead, the third party is an independent facil-
notably used to verify software requirements and ity, usually accredited by some body of authority.
designs. They have mostly been used in the veri- Their purpose is to test a product for conformance
fication of crucial parts of critical systems, such to a specific set of requirements (see the Software
as specific security and safety requirements. (See Testing KA).
10-12 SWEBOK® Guide V3.0
can be applied to artifacts including models, in • Tools that support tracking of software prob-
addition to source code. (See the Software Con- lems provide for entry of anomalies discov-
struction, Software Testing, and Software Main- ered during software testing and subsequent
tenance KAs for descriptions of dynamic analysis analysis, disposition, and resolution. Some
tools.) tools include support for workflow and for
Categories of static analysis tools include the tracking the status of problem resolution.
following: • Tools that analyze data captured from soft-
ware engineering environments and soft-
• Tools that facilitate and partially automate ware test environments and produce visual
reviews and inspections of documents and displays of quantified data in the form of
code. These tools can route work to differ- graphs, charts, and tables. These tools some-
ent participants in order to partially automate times include the functionality to perform
and control a review process. They allow statistical analysis on data sets (for the pur-
users to enter defects found during inspec- pose of discerning trends and making fore-
tions and reviews for later removal. casts). Some of these tools provide defect
• Some tools help organizations perform soft- and removal injection rates; defect densities;
ware safety hazard analysis. These tools yields; distribution of defect injection and
provide, e.g., automated support for failure removal for each of the life cycle phases.
mode and effects analysis (FMEA) and fault
tree analysis (FTA).
10-14 SWEBOK® Guide V3.0
Wiegers 2003
Voland 2003
Moore 2006
Galin 2004
Kan 2002
[10*]
[18*]
[16*]
[17*]
[8*]
[9*]
[7*]
[3*]
[6*]
1. Software
Quality
Fundamentals
1.1. Software
Engineering
c1s4 c2s3.5
Culture and
Ethics
1.2. Value and c17,
Cost of Quality c22
1.3. Models
and Quality c24s1 c2s4 c17
Characteristics
1.4. Software
c11
Quality c1s4 c24
s2.4
Improvement
1.5. Software
c11s3
Safety
2. Software
Quality
Management
Processes
2.1. Software c4–c6,
Quality c11,
Assurance c26–27
c2
s2.3,
2.2. Verification c8, c15
and Validation s1.1,
c21
s3.3
2.3. Reviews
c24s3 *
and Audits
Software Quality 10-15
Wiegers 2003
Voland 2003
Moore 2006
Galin 2004
Kan 2002
[10*]
[18*]
[16*]
[17*]
[8*]
[9*]
[7*]
[3*]
[6*]
3. Software
Quality Practical
Considerations
c15
s3.2.2,
3.1. Software
c15
Quality c11s1 c12
s3.3.1,
Requirements
c16
s9.10
c3s3,
3.2. Defect
c8s8,
Characterization
c10s2
c12s5,
3.3. SQM
c7s3 c17 c15s1, *
Techniques
p417
3.4. Software
Quality c4 c17 p90
Measurement
4. Software
Quality Tools
10-16 SWEBOK® Guide V3.0
FURTHER READINGS
N. Leveson, Safeware: System Safety and K.E. Wiegers, Peer Reviews in Software: A
Computers [20]. Practical Guide [23].
This book describes the importance of software This book provides clear, succinct explanations
safety practices and how these practices can be of different peer review methods distinguished by
incorporated into software development projects. level of formality and effectiveness. Pragmatic
guidance for implementing the methods and how
T. Gilb, Principles of Software Engineering to select which methods are appropriate for given
Management [21]. circumstances is provided.
This is one of the first books on iterative and N.R. Tague, The Quality Toolbox, 2nd ed., [24].
incremental development techniques. The Evo
Method defines quantified goals, frequent time- Provides a pragmatic how-to explanation of a
boxed iterations, measurements of progress comprehensive set of methods, tools, and tech-
toward goals, and adaptation of plans based on niques for solving quality improvement prob-
actual results. lems. Includes the seven basic quality control
tools and many others.
T. Gilb and D. Graham, Software Inspection
[22]. IEEE Std. P730-2013 Draft Standard for
Software Quality Assurance Processes [5].
This book introduces measurement and statisti-
cal sampling for reviews and defects. It presents This draft standard expands the SQA processes
techniques that produce quantified results for identified in IEEE/ISO/IEC 12207-2008. P730
reducing defects, improving productivity, track- establishes standards for initiating, planning,
ing projects, and creating documentation. controlling, and executing the software quality
assurance processes of a software development
or maintenance project. Approval of this draft
standard is expected in 2014.
Software Quality 10-17
REFERENCES
[1] P.B. Crosby, Quality Is Free, McGraw-Hill, [13] IEEE Std. 12207-2008 (a.k.a. ISO/IEC
1979. 12207:2008) Standard for Systems and
Software Engineering—Software Life Cycle
[2] W. Humphrey, Managing the Software Processes, IEEE, 2008.
Process, Addison-Wesley, 1989.
[14] ISO 9000:2005 Quality Management
[3*] S.H. Kan, Metrics and Models in Software Systems—Fundamentals and Vocabulary,
Quality Engineering, 2nd ed., Addison- ISO, 2005.
Wesley, 2002.
[15] IEEE Std. 1012-2012 Standard for System
[4] ISO/IEC 25010:2011 Systems and Software and Software Verification and Validation,
Engineering—Systems and Software IEEE, 2012.
Quality Requirements and Evaluation
(SQuaRE)—Systems and Software Quality [16*] IEEE Std. 1028-2008, Software Reviews
Models, ISO/IEC, 2011. and Audits, IEEE, 2008.
[5] IEEE P730™/D8 Draft Standard for [17*] J.W. Moore, The Road Map to Software
Software Quality Assurance Processes, Engineering: A Standards-Based Guide,
IEEE, 2012. Wiley-IEEE Computer Society Press, 2006.
[6*] F. Bott et al., Professional Issues in [18*] K.E. Wiegers, Software Requirements, 2nd
Software Engineering, 3rd ed., Taylor & ed., Microsoft Press, 2003.
Francis, 2000.
[19] ISO/IEC/IEEE 24765:2010 Systems and
[7*] D. Galin, Software Quality Assurance: Software Engineering—Vocabulary, ISO/
From Theory to Implementation, Pearson IEC/IEEE, 2010.
Education Limited, 2004.
[20] N. Leveson, Safeware: System Safety and
[8*] S. Naik and P. Tripathy, Software Testing Computers, Addison-Wesley Professional,
and Quality Assurance: Theory and 1995.
Practice, Wiley-Spektrum, 2008.
[21] T. Gilb, Principles of Software Engineering
[9*] P. Clements et al., Documenting Software Management, Addison-Wesley Professional,
Architectures: Views and Beyond, 2nd ed., 1988.
Pearson Education, 2010.
[22] T. Gilb and D. Graham, Software
[10*] G. Voland, Engineering by Design, 2nd Inspection, Addison-Wesley Professional,
ed., Prentice Hall, 2003. 1993.
[11] RTCA DO-178C, Software Considerations [23] K. Wiegers, Peer Reviews in Software: A
in Airborne Systems and Equipment Practical Guide, Addison-Wesley
Certification, Radio Technical Commission Professional, 2001.
for Aeronautics, 2011.
[24] N.R. Tague, The Quality Toolbox, 2nd ed.,
[12] IEEE Std. 15026.1-2011 Trial-Use Standard ASQ Quality Press, 2010.
Adoption of ISO/IEC TR 15026-1:2010
Systems and Software Engineering—
Systems and Software Assurance—Part 1:
Concepts and Vocabulary, IEEE, 2011.