Professional Documents
Culture Documents
Quality Concept
and Perspectives
Introduction
This chapter as the title implies deals with the conceptual aspects of
software quality. There are four parts in this chapter: Part 1 defines
the basic concepts of quality, the importance and necessity of software
quality, and the integration of test, security, and audit as a primary
part of quality.
Part 2 of this chapter introduces the characteristics of software
quality, based on IEEE 9126 Standard, control objectives for infor-
mation and related technology (COBIT), and capability maturity
model integration (CMMI). This section also tries to find the connec-
tion among these three major standards when they meet each other.
Part 3 discusses the validation and verification, based on IEEE
Standard 1012 and IEEE Standard for Software Verification and
Validation.
Part 4 discusses the types and processes of review and audit.
* IEEE Std 610.12-1990 (Revision and redesignation of IEEE Std 792–1983), p. 60.
Q ua lit y C o n c e p t a n d P ers p ec ti v e s 5
V&V
SDLC
Audit
ROI
SQA System
Testing
Functiona
l Integrat Automat
ion ion
rit y
e cu Perform
S Incident ance
mgt.
Reliability
Defect
mgt.
Risk mgt
.
Figure 1.1 Software quality, information security, audit, risk management, and defect manage-
ment as they are related to each other.
6 S o f t wa re Q ua lit y A s sur a n c e
every incident, either small or big, seems serious or simple and must
be considered important and well managed. Managing and docu-
menting all defects professionally may help to achieve reliability in
the software.
As per risk management, it should not be limited to visual or
obvious dimensions of software risks. Risk management should also
include genius and serious thought process, for example, what could
be a possible risk for this product 20 years later, or what kind of risk
the user may face using this product even in the middle of an ocean.
* See, http://techcrunch.com/2013/07/1s5/forrester-2-1-trillion-will-go-into-it-spend-
in-2013-apps-and-the-u-s-lead-the-charge/
Q ua lit y C o n c e p t a n d P ers p ec ti v e s 7
* The Standish Group 1995. The Standish Group Report CHAOS©. Reprinted here for
sole academic purposes.
† Capers Jone and Olivier Bonsignour. The Economics of Software Quality, Addison-
the returns for the quality product are high. Everyone appreciates best
quality. Also quality provides:
• The potential for an increased profitability
• Consumers expect and deserve quality in return for the
money they pay
• Quality builds up the brand and makes the product more
profitable
The winner of the quality game gets the attention and the sales.
• Better quality leads to
• Increased production
• Lower warranty costs
• Lower marketing costs
• Fewer surprises
• Positive customer experiences delight the consumer and lead
to additional sales.
Failure Factors
There is a famous saying about the importance of planning “If you fail
to plan you plan to fail.”
Certainly, planning plays the most important role in the success
and failure of a project; either in a project level or in a testing level or
any other part of software quality, if there is a lack of plan or it is an
issue.
In many cases, the fundamental cause of project failure or chal-
lenges is due to time and cost overruns, as well as percentage of fea-
tures delivered. According to a CHAOS research from 2004 to 2012,
in 2012, 74% of the projects failed or challenged due to time overruns,
59% due to cost, and 69% due to features.
Q ua lit y C o n c e p t a n d P ers p ec ti v e s 9
1. Incomplete requirements
2. Lack of user involvement
3. Lack of resources, unrealistic expectations
4. Lack of executive support
5. Changing requirements
computer software. The standard ISO/IEC 9126 is used for the qual-
ity of software product that has to be used in conjunction with the
ISO/IEC 14598 for the evaluation of software products.
Standards in the ISO 9000 family include
• ISO 9001:2008—sets out the requirements of a quality man-
agement system
• ISO 9000:2005—covers the basic concepts and language
• ISO 9004:2009—focuses on how to make a quality manage-
ment system more efficient and effective
• ISO 19011:2011—sets out guidance on internal and external
audits of quality management systems
Other standards related to or that can be used in conjunction with
ISO/IEC 9126 and ISO/IEC 14598 are as follows:
• ISO/IEC 12119—Quality requirements for software
packages
• ISO/IEC 12207—Software life cycle processes
• ISO/IEC 14143—Software measurement
• ISO/IEC 15271—Guide for ISO/IEC 12207
• ISO/IEC 15504—Software process assessment (also known
as Spice)
• ISO/IEC 15939—Software measurement process
Quality Characteristics
1. Functionality
2. Reliability
3. Usability
4. Efficiency
5. Maintainability
6. Portability
These characteristics are then decomposed into subcharacteristics
and metrics. Each one of these six characteristics also suggests sub-
characteristics of software quality model displayed in Table 1.1.
12 S o f t wa re Q ua lit y A s sur a n c e
Functionality Reliability
Quality
Portability characteristics Usability
Maintainability Efficiency
Functionality
Reliability
Usability
Portability
Introduction
Separating
governance Meeting
from stakeholder
management needs
COBIT
Enabling a Five principles
Covering the
holistic enterprise end-
approach to-end
Applying a
single
integrated
framework
Figure 1.3 Five principles of control objectives for information and related technology (COBIT).
Q ua lit y C o n c e p t a n d P ers p ec ti v e s 17
3. Fiduciary requirements
• Effectiveness and efficiency of operations
• Reliability of information
• Compliance with laws and regulations
These aforementioned three meta-requirements can be factored
into seven distinct end qualities (Figure 1.4) as follows:
1. Effective
2. Available
3. Efficient
4. Compliant
5. Confidential
6. Reliable
7. Having integrity
These are the universally desirable characteristics.
CMMI, Version 1.1, has defined the quality and process performance
attributes (Figure 1.5) as follows:*
1. Functionality
2. Reliability
3. Usability
Compliant Effective
Reliable Available
Integrity
Accuracy Functionality
CMMI
Timelines Seven quality Reliability
and process
performance
attributes
Predictable Usability
Duration
4. Duration
5. Predictability
6. Timelines
7. Accuracy
Functionality Reliability
Accuracy Functionality
Quality
Portability characteristics Usability Timelines CMMI Reliability
Seven quality
and process
performance
attributes
Maintainability Compliant Effective Predictable
Efficiency Usability
Duration
Confidential Efficient
COBIT
Seven distinct
end-qualities
Reliable Available
Integrity
Figure 1.6 Common areas and relationship in three major quality characteristics of ISO 9126,
COBIT, and CMMI.
* Ibid, p. 26.
† The IEEE Standard 610, Glossary of Software Engineering Technology, p. 81.
20 S o f t wa re Q ua lit y A s sur a n c e
The V&V processes shall address all those life cycle processes used by
the project. The V&V effort shall conform to the task descriptions,
inputs, and outputs.
Some V&V activities and tasks include analysis, evaluations, and
tests. The V&V effort performs these tasks to develop the supporting
basis of evidence showing whether the software product satisfies its
requirements.
V&V Task Reports The V&V effort shall document V&V task results
and status. Task reports include
1. Anomaly evaluation
2. Concept documentation evaluation
3. Configuration management assessment
4. Contract verification
5. Criticality analysis
6. Evaluation of new constraints
7. Hardware/software/user requirements allocation analysis
8. Hazard analysis
9. Installation checkout
* Ibid, p. 80.
Q ua lit y C o n c e p t a n d P ers p ec ti v e s 21
Unit Testing Plan IEEE Standard 1008 describes the following three
phases of the unit testing process:
1. Test planning
2. Creation of the test set
3. Measurement of the test unit
Each contains a hierarchy of activities and tasks.
The focus is on specifying a minimum set of tasks for each activity.
Design the Test Set This is the place where the actual technical work
is assigned including
• Inputs (exactly what will be tested)
• Tasks
Q ua lit y C o n c e p t a n d P ers p ec ti v e s 23
Implement the Test Plan Implement planning and input test case
specifications.
Implement tasks are as follows:
• Obtain test data
• Obtain any special resources
• Obtain test items (manuals, procedures, and data)
• Implement outputs (test data, resources, and array of test
items)
Management Reviews
• Statements of objectives
• The software product
• The project management plan
• Status (relative to plans) checks
• Anomalies
• Procedures
Resources, status reports, and (pertinent) regulations also have to be
considered.
When to Conduct a Management Review Management reviews should be
scheduled as part of initial project planning. These are usually tied to
* IEEE Standard for Software Reviews and Audits, IEEE Std1028™-2008 (Revision
of IEEE Std 1028–1997), pp. 6–11.
26 S o f t wa re Q ua lit y A s sur a n c e
milestones and terminal phases. This does not exclude ad hoc manage-
ment reviews, which can be scheduled and held for the following purposes:
• Software quality management
• Functional management
• The customer
Review Procedures
Planning Planning for review procedures is composed of the
following:
• Resourcing and funding assurance
• Scheduling
• Reporting and feedback procedure definition
• Formulation of team and assurance of competent personnel
• Assignment of roles and responsibilities
• Distribution of materials
• Training and orientation
Technical Reviews
Inspections
Different names could be used for the term inspection. Some call it
software inspection, which also could extend to the design and its
documentation. Some call it code inspection, which relates more to
the source code. Software testing is also a kind of inspection.
However, it must not be confused with the so called “code
review” or “walkthrough,” which is usually done in a single meet-
ing lasting for a couple of hours. A proper code inspection may take
* Ibid.
28 S o f t wa re Q ua lit y A s sur a n c e
several days and needs the help of tools to browse the symbols in
order to find the places where they are used. Proper inspections can
be applied for almost all work products in the software life cycle.
The purpose of the inspection is to detect and identify software
anomalies. They also
• Verify whether the product meets its specification
• Verify whether the product meets quality requirements and
conforms to regulations and standards
• Produce a list of deviations from standards and specifications
• Collect software engineering data
• Use the software engineering data to improve the inspection
process
Walkthroughs
team and other interested parties through a software product and the
participants ask questions and make comments about possible errors,
violation of development standards, and other problems.” (IEEE
Standard for Software Reviews and Audits, IEEE Std 1028™-2008
[Revision of IEEE Std 1028–1997]).
As indicated by the IEEE Standard 1028, a software design docu-
ment or code, test case specifications, and a variety of other technical
documentation may also be walked through. However, it should be
noted that a walkthrough is different than an inspection.
The purpose of a walkthrough is to evaluate a software product. A
walkthrough could also serve the purpose of educating an audience
regarding a software product. The major objectives are to find anoma-
lies, to improve the software product, to consider alternative imple-
mentations to valuate conformance to standards and specifications,
and to evaluate the usability and accessibility of the software product.
It also intends to include exchange of techniques, style variations, and
training of the participants.
• Walkthrough leader
• Recorder
• Producer
• Team member
Audits