Unit - 05

Software Quality Assurance and Security

 Basic Quality Concepts

1. Quality
2. Quality control
3. Quality assurance
4. Cost of quality
 Quality
We define quality as a characteristic or attributes of something.
eg. programs char include complexity, number of functions,
line of code etc.
Two kinds of quality are:-
Quality of design :- char. that designers specify for an item. It
encompasses requirements, specifications and design of the
system.
Quality of conformance:- the degree to which the design
specifications are followed during manufacturing. It is an issue
focused on implementation.
If implementation follows the design, resulting system meets its
requirements and performance goals, conformance quality will
be high.
User satisfaction = compliant product + good quality + delivery
within budget and schedule.
 Quality control
Quality control involves series of
inspections,reviews,tests used throughout the
process.
It includes a feedback loop to the process.
A key concept of quality control is that all work
product have defined,specifications are
compared and feedback loop is essential to
minimize the defects produced.
 Quality assurance
Quality assurance assess the effectiveness and
completeness of quality control activities. The
goal of Quality assurance is to provide
management with the data necessary about
product quality,gaining confidence that product
quality is meeting its goal.
If not ,its managements responsibility to address
the problem and apply the necessary
resources to resolve quality issues.
 Cost of quality
It is divided into:-
1. Prevention cost- includes quality planning, formal
technical reviews, test equipment and testing.
2. Appraisal cost- includes process inspection,
equipment calibration, maintenance.
3. Failure cost-
 Internal failure cost- when we detect a defect in our
product prior to shipment. It includes rework, repair
etc.
 External failure cost- Defects found after the product
has been shipped to the customer. It includes
resolution, replacement, help line support and
warranty work.
 Software Quality Assurance
 Software quality assurance is composed of a
variety of tasks associated with two different
aspects - the software engineers who do
technical work and an SQA group that has
responsibility for quality assurance planning,
oversight, record keeping, analysis, and
reporting.
 Software engineers address quality (and
perform quality assurance and quality control
activities) by applying solid technical methods
and measures, conducting formal technical
reviews, and performing well-planned software
testing.
 Activities of SQA
1) Prepare an SQA plan for a project:- The plan is
developed during project planning and is reviewed by
all interested parties. Quality assurance activities
performed by the software engineering team and the
SQA group are governed by the plan. The plan
identifies
> evaluations to be performed
> audits and reviews to be performed
> standards that are applicable to the project
> procedures for error reporting and tracking
> documents to be produced by the SQA group
> amount of feedback provided to the software project
team
2) Participate in the development of the project’s
software process description:- The software
team selects a process for the work to be
performed. The SQA group reviews the
process description for compliance with
organizational policy, internal software
standards, externally imposed standards (e.g.,
ISO-9001), and other parts of the software
project plan.
3) Review software engineering activities to
verify compliance with the defined software
process. The SQA group identifies, documents,
and tracks deviations from the process and
verifies that corrections have been made.
4) Audits are designed for s/w work products to
verify compliance with those defined as a part
of process. verify that corrections have been
made and periodically reports the results of its
work to the project manager.
5) Ensure that deviations in software work and
work products are documented and handled
according to a documented procedure.
Deviations may be encountered in the project
plan, process description, applicable
standards, or technical work products.
6) Records any noncompliance and reports to
senior management. Noncompliance items are
tracked until they are resolved.
 Concept of Statistical SQA
Statistical SQA reflects growing trend throughout
industry to become more quantitative about
quality.
1. information about s/w defects is collected and
categorized.
2. tracking fundamental causes of
defects.(design error,violation of standard,poor
communication, inaccurate documentation)
3. use of pareto principle.(80% of defects can be
traced to 20%of all possible causes)
4. once the causes have been identified,move to
correct the problem that have caused the
defects.
 Quality Evaluation Standards

1. Six Sigma for s/w engineering.

2. ISO:9000 for software
 Six sigma for software
 Six Sigma is the most widely used strategy for
statistical quality assurance in industry today.
Originally popularized by Motorola in the 1980s,
 The Six Sigma strategy ―is a rigorous and
disciplined methodology that uses data and statistical
analysis to measure and improve a company's
operational performance by identifying and
eliminating defects in manufacturing and service-
related processes.
 The term Six Sigma is derived from six standard
deviations instances (defects) per million
occurrences implying an extremely high quality
standard
 DMAIC and DMDAV
Six sigma methodology defines three core steps:-
These core and additional steps are sometimes
referred to as the DMAIC (define, measure, analyze,
improve, and control) method.
 Define customer requirements and deliverables and
project goals via well-defined methods of customer
communication.
 Measure the existing process and its output to
determine current quality performance (collect defect
metrics).
 Analyze defect metrics and determine the vital few
causes.
If an existing s/w process is in place,but improvement
is required,six sigma suggest two additional steps:-
 Improve the process by eliminating the root causes
of defects.
 Control the process to ensure that future work does
not reintroduce the causes of defects.
If an organization is developing a software process
(rather than improving an existing process), the
steps are as follows:-
Design the process to avoid the root causes of defects
and to meet customer requirement.
Verify that the process model will avoid defects and
meet customer requirement.
The variation is sometimes called as DMDAV
(define,measure,analyze,design and verify method.)
 ISO 9000 for software
 International set of standards for quality
management
 Quality standards and procedures must be
documented in an organizational quality
manual
 An external body is often used to certify that
the quality manual conforms to ISO 9000
standards
 ISO principles/standards with
benifits.
1. customer focus
2. Leadership
3. Involvment of People.
4. Process approach
5. System appraoch
6. Continual improvment.
7. Factual appraoch to decision making
8. Mutually beneficial supplier relationships.
 CMMI
 Definition- Capability Maturity Model Integration
(CMMI) is a process improvement approach that
helps organizations improves their performance.
 CMMI (Capability Maturity Model Integration) is a
proven industry framework to improve product quality
and development efficiency for both hardware and
software
Objectives of CMMI:
Specific Objectives
> Establish Estimates
> Develop a Project Plan
> Obtain Commitment to the Plan
Generic Objectives:
> Achieve Specific Goals
> Institutionalize a Managed Process
>Institutionalize a Defined Process
> Institutionalize a Quantitatively Managed
Process
>Institutionalize an Optimizing Process
 CMMI maturity levels:
 Level 1: Initial. The software process is characterized as
ad hoc and occasionally even chaotic. Few processes
are defined, and success depends on individual effort.
 Level 2: Repeatable. Basic project management
processes are established to track cost, schedule, and
functionality. The necessary process discipline is in place
to repeat earlier successes on projects with similar
applications.
 Level 3: Defined. The software process for both
management and engineering activities is documented,
standardized, and integrated into an organization wide
software process. All projects use a documented and
approved version of the organization's process for
developing and supporting software. This level includes
all characteristics defined for level2
 Level 4: Managed. Detailed measures of the
software process and product quality are
collected. Both the software process and
products are quantitatively understood and
controlled using detailed measures. This level
includes all characteristics defined for level3
 Level 5: Optimizing. Continuous process
improvement is enabled by quantitative
feedback from the process and from testing
innovative ideas and technologies. This level
includes all characteristics defined for level 4.
CMMI Vs ISO
 McCall’s Quality factors
The factors that affect S/W quality can be categorized in
two broad groups:
1. Factors that can be directly measured (defects
uncovered during testing)
2. Factors that can be measured only indirectly
(Usability and maintainability)
The S/W quality factors shown above focus on three
important aspects of a S/W product:
i. Its operational characteristics
ii. Its ability to undergo change
iii. Its adaptability to new environments
The various factors of quality are:
(a) Correctness: The extent to which a program satisfies
its specs and fulfills the customer‘s mission
objectives.
(b) Reliability: The extent to which a program can be
expected to perform its intended function with
required precision.
(c) Efficiency: The amount of computing resources and
code required to perform is function.
(d) Integrity: The extent to which access to S/W or data
by unauthorized persons can be controlled.
(e) Usability: The effort required to learn, operate,
prepare input for, and interpret output of a program.
(f) Maintainability: The effort required to locate and fix
errors in a program.
(g) Flexibility: The effort required to modify an
operational program.
(h) Testability: The effort required to test a program to
ensure that it performs its intended function.
(i) Portability: The effort required to transfer the program
from one hardware and/or software system
environment to another.
(j) Re usability: The extent to which a program can be
reused in other applications- related to the packaging
and scope f the functions that the program performs.
(k) Interoperability: The effort required to couple one
system to another.