Summary Chapter 7 Software Development

Strategies to Engineer Quality Software

High-quality software systems are systems that are easy to learn and use because they perform
quickly and efficiently; they meet their users’ needs; and they operate safely and reliably so
that system downtime is kept to a minimum.
Such software has long been required to support the fields of:
• Air traffic control
• Nuclear power
• Automobile safety
• Health care
• Military and defense
• Space exploration
More and more users are demanding high quality software
A software defect is any error that, if not removed, could cause a software system to fail to
meet its users’ needs. The impact of these defects can be trivial;
Software quality is the degree to which a software product meets the needs of its users.
Quality management focuses on defining, measuring, and refining the quality of the
development process and the products.
The objective of quality management is to help developers deliver high-quality systems
that meet the needs of their users.
Primary cause for poor software quality is that many
– Developers do not know how to design quality into software
– Or do not take the time to do so
Developers must
– Define and follow a set of rigorous engineering principles
– Learn from past mistakes
– Understand the environment in which systems operate
– Design systems relatively immune to human error
Summary Chapter 7 Software Development

• Programmers make mistakes in turning design specifications into code

– About one defect for every 10 lines of code
• Pressure to reduce time-to-market
• First release
– Organizations avoid buying the first release
– Or prohibit its use in critical systems
– Usually has many defects
The Importance of Software Quality
A business information system is a set of interrelated components—including hardware,
software, databases, networks, people, and procedures—that collects and processes data and
disseminates the output.
• Business information system examples
– Order-processing system
– Electronic-funds transfer system
– Airline’s online ticket reservation system
• Decision support system (DSS)
– Used to improve decision making
• Software for industrial use
• Software controls the operation of many industrial and consumer products
Legal Overview: Software Product Liability
• Product liability
– Liability of manufacturers, sellers, lessors, and others for injuries caused by defective
products
– There is no federal product liability law
• Mainly state law
• Article 2 of the Uniform Commercial Code
• Strict liability
– Defendant held responsible for the injury -- Regardless of negligence or intent
Summary Chapter 7 Software Development

– Plaintiff must prove only that the software product is defective or unreasonably
dangerous and that the defect caused the injury
– No requirement to prove that the manufacturer was careless or negligent
• Or to prove who caused the defect
– All parties in the chain of distribution are liable
• Legal defenses used against strict liability
– Doctrine of supervening event
– Government contractor defense
– Expired statute of limitations
• Negligence
– A supplier is not held responsible for every product defect that causes a customer or
third-party loss
– Responsibility is limited to defects that could have been detected and corrected through
“reasonable” software development practices
– Area of great risk for software manufacturers
– Defense of negligence may include
• Legal justification for the alleged misconduct
• Demonstrate that the plaintiffs’ own actions contributed to injuries
• Warranty
– Assures buyers or lessees that a product meets certain standards of quality
 A warranty of quality may be either
– Expressly stated
– Implied by law
• Breach of warranty claim
– Plaintiff must have a valid contract that the supplier did not fulfill
– Can be extremely difficult to prove
• Because the software supplier writes the warranty
Summary Chapter 7 Software Development

Software Development Process

Developing information system software is not a simple process; it requires completing
many complex activities, with many dependencies among the various activities.
• Large software project roles
– System analysts
– Programmers
– Architects
– Database specialists
– Project managers
– Documentation specialists
– Trainers
– Testers
• Software development methodology
– Work process
– Controlled and orderly progress
– Defines activities and individual and group responsibilities
– Recommends specific techniques for accomplishing various activities
– Offers guidelines for managing the quality of software during various stages of
development
• Effective methodology
– Reduces the number of software errors that might occur
– If an organization follows widely accepted development methods, negligence on its part
is harder to prove
• Software quality assurance (QA) refers to methods within the development cycle
– Guarantee reliable operation of product
– Ideally applied at each stage throughout the development cycle
Summary Chapter 7 Software Development

• Dynamic testing
– Black-box testing
• Tester has no knowledge of code
– White-box testing
• Testing all possible logic paths through the software unit
• With thorough knowledge of the logic
• Make each program statement execute at least once
• Static testing
– Static analyzers are run against the new code
– Looks for suspicious patterns in programs that might indicate a defect
• Integration testing
– After successful unit testing
– Software units are combined into an integrated subsystem
– Ensures that all linkages among various subsystems work successfully
• System testing
– After successful integration testing
– Various subsystems are combined
– Tests the entire system as a complete entity
• User acceptance testing
– Independent testing
– Performed by trained end users
– Ensures that the system operates as they expect
Capability Maturity Model Integration for Software
Capability Maturity Model Integration (CMMI)—developed by the Software Engineering
Institute at Carnegie Mellon—is a process-improvement approach that defines the essential
elements of effective processes.
• General enough to evaluate and improve almost any process
• Frequently used to assess software development practices
Summary Chapter 7 Software Development

• Defines five levels of software development maturity

• Identifies issues most critical to software quality and process improvement
• Organization conducts an assessment of its software development practices
– Determines where they fit in the capability model
– Identifies areas for improvement
• Action plans are needed to upgrade the development process
• Maturity level increases
– Organization improves its ability to deliver good software on time and on budget
Key Issues in Software Development
• Consequences of software defects in certain systems can be deadly
– Companies must take special precautions
Development of Safety-Critical Systems
A safety-critical system is one whose failure may cause human injury or death.
– Examples
• Automobile’s antilock brakes
• Nuclear power plant reactors
• Airplane navigation
• Roller coasters
• Elevators
• Medical devices
 Key assumption
– Safety will not automatically result from following the organization’s standard
development methodology
 Must go through a more rigorous and time-consuming development process than other
kinds of software
 All tasks require
– Additional steps
– More thorough documentation
Summary Chapter 7 Software Development

– More checking and rechecking

 Project safety engineer
– Explicit responsibility for the system’s safety
– Uses a logging and monitoring system
• To track hazards from the project’s start to finish
 Hazard log
– Used at each stage of the software development process
– Assesses how it has accounted for detected hazards
 Safety reviews
– Held throughout the development process
 Robust configuration management system
– Tracks all safety-related documentation
 Formal documentation required
– Including verification reviews and signatures
 Key issue
– Deciding when QA staff has performed enough testing
 Risk
– Probability of an undesirable event occurring times the magnitude of the event’s
consequences if it does happen
– Consequences include
• Damage to property
• Loss of money
• Injury to people
• Death
 Redundancy
– Provision of multiple interchangeable components to perform a single function
– In order to cope with failures and errors

 N-version programming
Summary Chapter 7 Software Development

– Form of redundancy
– Involves the execution of a series of program instructions simultaneously by two
different systems
– Uses different algorithms to execute instructions that accomplish the same result
– Results from the two systems are compared
– If a difference is found, another algorithm is executed to determine which system
yielded the correct result
– Instructions for the two systems are:
• Written by programmers from two different companies
• Run on different hardware devices
– Both systems are highly unlikely to fail at the same time under the same conditions
 Decide what level of risk is acceptable
– Controversial
– If the level of risk in a design is judged to be too great, make system modifications
 Mitigate the consequences of failure
– By devising emergency procedures and evacuation plans
 Recall product
– When data indicates a problem
 Reliability
– Probability of a component or system performing without failure over its product life
 Human interface
– Important and difficult area of safety-critical system design
– Leave the operator little room for erroneous judgment
Quality Management Standards
• ISO 9000 standard
– Guide to quality products, services, and management
– Organization must submit to an examination by an external assessor

– Requirements:
Summary Chapter 7 Software Development

• Written procedures for everything it does

• Follow those procedures
• Prove to the auditor the organization fulfilled the first two requirements
• Failure mode and effects analysis (FMEA)
– Used to evaluate reliability
– Determine the effect of system and equipment failures
– Goal:
• Identify potential design and process failures early in a project
– Failure mode
• Describes how a product or process could fail
– Effect
• Adverse consequence that a customer might experience
– Seldom is a one-to-one relationship between cause and effect
• DO-178B/EUROCCAE ED-128
– Evaluation standard for the international aviation community
– Developed by Radio Technical Commission for Aeronautics (RTCA)