The Certified Software Quality

Engineer Handbook

Also available from ASQ Quality Press:

The Software Audit GuideJohn Helgeson

Fundamental Concepts for the Software Quality Engineer, Volume 2Sue Carroll and Taz Daughtrey, editors

Safe and Sound Software: Creating an Efficient and Effective Quality System for Software Medical Device OrganizationsThomas H. Faris

Quality Audits for Improved Performance, Third EditionDennis R. Arter

The ASQ Auditing Handbook, Third EditionJ.P. Russell, editing director

The Internal Auditing Pocket Guide: Preparing, Performing, Reporting, and Follow-Up, Second EditionJ.P. Russell

Root Cause Analysis: Simplified Tools and Techniques, Second EditionBjørn Andersen and Tom Fagerhaug

The Certified Manager of Quality/Organizational Excellence Handbook, Third EditionRussell T. Westcott, editor

The Certified Quality Engineer Handbook, Third EditionConnie M. Borror, editor

Six Sigma for the New Millennium: A CSSBB Guidebook, Second EditionKim H. Pries

The Certified Quality Process Analyst HandbookEldon H. Christensen, Kathleen M. Coombes-Betz, and Marilyn S. Stein

Enabling Excellence: The Seven Elements Essential to Achieving Competitive AdvantageTimothy A. Pine

To request a complimentary catalog of ASQ Quality Press publications, call 800-248-1946, or visit our Web site at http://www.asq.org/quality-press.

ASQ Quality PressMilwaukee, Wisconsin

The Certified Software Quality

Engineer Handbook

Linda Westfall

American Society for Quality, Quality Press, Milwaukee 53203© 2010 by Linda WestfallAll rights reserved. Published 2009Printed in the United States of America15 14 13 12 11 10 09 5 4 3 2 1

Library of Congress Cataloging-in-Publication Data

Westfall, Linda, 1954– The certified software quality engineer handbook / Linda Westfall. p. cm. Includes bibliographical references and index. ISBN 978-0-87389-730-3 (hard cover : alk. paper) 1. Electronic data processing personnel—Certification. 2. Computer software— Examinations—Study guides. 3. Computer software—Quality control. I. Title. QA76.3.W466 2009 005.1'4—dc22 2009030360

ISBN: 978-0-87389-730-3

No part of this book may be reproduced in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.

Publisher: William A. TonyAcquisitions Editor: Matt T. MeinholzProject Editor: Paul O’MaraProduction Administrator: Randall Benson

ASQ Mission: The American Society for Quality advances individual, organizational, and community excellence worldwide through learning, quality improvement, and knowledge exchange.

Attention Bookstores, Wholesalers, Schools, and Corporations: ASQ Quality Press books, videotapes, audiotapes, and software are available at quantity discounts with bulk purchases for business, educational, or instructional use. For information, please contact ASQ Quality Press at 800-248-1946, or write to ASQ Quality Press, P.O. Box 3005, Milwaukee, WI 53201-3005.

To place orders or to request a free copy of the ASQ Quality Press Publications Catalog, including ASQ membership information, call 800-248-1946. Visit our Web site at www.asq.org or http://www.asq.org/quality-press.

Printed in the United States of America

Printed on acid-free paper

CMM, CMMI, and Capability Maturity Model are registered in the US Patent & Trademark Office by Carnegie Mellon University.

For Robert Westfall, my husband, my partner, my best friend, and my playmate. Thank you for all of your support and patience while I wrote

this book and as I volunteered countless hours to ASQ and other organizations over the years. Thank you for sharing your life with me,

making me laugh out loud, cooking all of those fantastic meals, and sharing your passion for fireworks with me. Life with you continues to be a blast!!!

(This page intentionally left blank)

vii

Table of Contents

CD-ROM Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiList of Figures and Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiiiAcknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Part I General Knowledge

Chapter 1 A. Quality Principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21. Benefits of Software Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42. Organizational and Process Benchmarking . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 2 B. Ethical and Legal Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101. ASQ Code of Ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102. Legal and Regulatory Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 3 C. Standards and Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16ISO 9000 Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17IEEE Software Engineering Standards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19SEI Capability Maturity Model Integration (CMMI) . . . . . . . . . . . . . . . . . . . . . 21

Chapter 4 D. Leadership Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251. Organizational Leadership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262. Facilitation Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343. Communication Skills. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Chapter 5 E. Team Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481. Team Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492. Team Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Part II Software Quality Management

Chapter 6 A. Quality Management System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621. Quality Goals and Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622. Customers and Other Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723. Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764. Outsourcing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Chapter 7 B. Methodologies (for Quality Management) . . . . . . . . . . . . . . . . . . 891. Cost of Quality (COQ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 892. Process Improvement Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

viii Table of Contents

3. Corrective Action Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 994. Defect Prevention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Chapter 8 C. Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1071. Audit Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1092. Audit Roles and Responsibilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1133. Audit Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Part III Systems and Software Engineering Processes

Chapter 9 A. Life Cycles and Process Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Waterfall Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130V-Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132W-Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Spiral Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Iterative Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Test-Driven Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Feature-Driven Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Incremental Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Rapid Application Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142Evolutionary Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Chapter 10 B. Systems Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146Embedded System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146n-Tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Client–Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Collaboration Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Chapter 11 C. Requirements Engineering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1521. Requirements Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1552. Requirements Elicitation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1603. Requirements Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Chapter 12 D. Requirements Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1811. Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1812. Requirements Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1843. Requirements Change Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1904. Bidirectional Traceability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Chapter 13 E. Software Analysis, Design, and Development . . . . . . . . . . . . . . 1951. Design Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1952. Quality Attributes and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2003. Software Reuse. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2034. Software Development Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2055. Software Development Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Table of Contents ix

Chapter 14 F. Maintenance Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2131. Maintenance Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2132. Maintenance Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Part IV Project Management

Chapter 15 A. Planning, Scheduling, and Deployment . . . . . . . . . . . . . . . . . . . 2201. Project Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2252. Project Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2403. Project Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Chapter 16 B. Tracking and Controlling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2581. Phase Transition Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2612. Tracking Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2673. Project Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2744. Program Reviews. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Chapter 17 C. Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2821. Risk Management Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2852. Software Security Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2993. Safety and Hazard Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Part V Software Metrics and Analysis

Chapter 18 A. Metrics and Measurement Theory . . . . . . . . . . . . . . . . . . . . . . . . 3061. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3072. Basic Measurement Theory and Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3143. Psychology of Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Chapter 19 B. Process and Product Measurement . . . . . . . . . . . . . . . . . . . . . . . . 3231. Software Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3252. Process Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3393. Metrics Reporting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Chapter 20 C. Analytical Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3601. Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3602. Data Collection and Integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3633. Quality Analysis Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Part VI Software Verification and Validation (V&V)

Chapter 21 A. Theory (of V&V) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3861. V&V Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3882. Software Product Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Chapter 22 B. Test Planning and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3941. Test Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3962. Test Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

x Table of Contents

3. Test Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4064. Software Tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4145. Tests of Supplier Components and Products . . . . . . . . . . . . . . . . . . . . . . . . . . 4256. Test Coverage Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4267. Code Coverage Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4328. Test Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4389. Test Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Chapter 23 C. Reviews and Inspections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444Objectives of Peer Reviews. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444Benefits of Peer Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445What to Peer Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446Selecting Peer Reviewers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446Informal versus Formal Peer Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449Types of Peer Reviews. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450Risk-Based Peer Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451Desk Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452Walk-Throughs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455Inspections—The Process and Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456Inspections—Planning Step. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458Inspections—Kickoff Meeting Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460Inspections—Preparation Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460Inspections—Inspection Meeting Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461Inspections—Post-Meeting Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Soft Skills for Peer Reviews and Inspections. . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Technical Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

Chapter 24 D. Test Execution Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . 466Test Execution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467Test Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468Test Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469Test Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470Problem Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471Test Results Data and Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472Test Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Chapter 25 E. Customer Deliverables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474Peer Reviews. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475Development Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475Development Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475Pilots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475Ordering, Manufacturing, Shipping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476Installation Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477Customer/User Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

Part VII Software Configuration Management

Chapter 26 A. Configuration Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4821. Configuration Management Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Table of Contents xi

2. Configuration Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4863. Library Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Chapter 27 B. Configuration Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5001. Configuration Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5002. Software Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513

Chapter 28 C. Configuration Control and Status Accounting . . . . . . . . . . . . . 5161. Item, Baseline, and Version Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5182. Configuration Control Board (CCB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5243. Concurrent Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5344. Status Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539

Chapter 29 D. Configuration Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544Functional Configuration Audit (FCA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545Physical Configuration Audit (PCA). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547Standardized Checklists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

Chapter 30 E. Product Release and Distribution . . . . . . . . . . . . . . . . . . . . . . . . . 5511. Product Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5512. Archival Processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558

Appendix A Software Quality Engineer Certification Body of Knowledge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623

(This page intentionally left blank)

xiii

CD-ROM Contents

PracticeExam1.pdf

PracticeExamAnswers1.pdf

PracticeExam2.pdf

PracticeExamAnswers2.pdf

PracticeExam3.pdf

PracticeExamAnswers3.pdf

(This page intentionally left blank)

xv

List of Figures and Tables

Figure 1.1 Cost of fixing defects. ............................................................................................ 5

Figure 1.2 Kano model. ........................................................................................................... 6

Figure 1.3 Steps in the benchmarking process. ................................................................... 8

Figure 3.1 ISO 9001:2008 major elements. ............................................................................. 18

Figure 3.2 SEI CMMI for Development staged representation. ........................................ 22

Table 3.1 SEI CMMI for Development staged representation. ........................................ 23

Figure 3.3 SEI CMMI for Development continuous representation. ................................ 23

Figure 4.1 Change force field analysis. ................................................................................. 28

Figure 4.2 Satir change model. ............................................................................................... 28

Figure 4.3 Knowledge transfer. .............................................................................................. 29

Figure 4.4 Maslow’s hierarchy of needs. ............................................................................... 30

Figure 4.5 Situational leadership styles. ............................................................................... 33

Figure 4.6 Formal negotiation process. ................................................................................. 38

Figure 4.7 One-way communication model. ........................................................................ 41

Figure 4.8 Two-way communication model. ........................................................................ 41

Table 4.1 Oral communication techniques. ........................................................................ 42

Table 4.2 Written communication techniques. .................................................................. 44

Table 4.3 Open-ended versus closed-ended questions—examples. .............................. 46

Table 4.4 Context-free questions—examples. .................................................................... 46

Figure 5.1 Stages of team development. ............................................................................... 51

Table 5.1 Team problems and potential solutions. ............................................................ 53

Figure 5.2 Affinity diagram technique—example. ............................................................. 57

Table 5.2 Prioritization matrix—example. ......................................................................... 59

Figure 5.3 Prioritization graph—example. ........................................................................... 59

Figure 5.4 Force field analysis template. ............................................................................... 60

Figure 6.1 QMS documentation hierarchy. .......................................................................... 64

Table 6.1 ETVX method—example. ..................................................................................... 66

Figure 6.2 Roles in a process flow diagram—example. ..................................................... 67

Figure 6.3 Process flow diagram—example. ....................................................................... 68

Figure 6.4 High-level process architecture—example. ...................................................... 70

Figure 6.5 Categories of product stakeholders. ................................................................... 73

Table 6.2 Business needs and motives—example. ............................................................ 77

xvi List of Figures and Tables

Figure 6.6 Acquisition process. .............................................................................................. 80

Figure 6.7 Supplier score card—calculated scoring examples. ......................................... 84

Figure 6.8 Supplier score card—weighted scoring examples. ........................................... 85

Figure 6.9 Supplier score card—indexed scoring examples. ............................................. 85

Figure 6.10 Integrated product team. ...................................................................................... 86

Figure 7.1 Classic model of optimal cost-of-quality balance. ............................................ 92

Figure 7.2 Modern model of optimal cost of quality. ......................................................... 92

Figure 7.3 Plan–do–check–act model. ................................................................................... 94

Figure 7.4 Standard deviations versus area under a normal distribution curve. .......... 95

Figure 7.5 DMAIC versus DMADV. ...................................................................................... 96

Figure 7.6 Product problem resolution process—example. ............................................... 100

Figure 7.7 Corrective action process—example. ................................................................. 102

Figure 8.1 Internal first-party audit. ..................................................................................... 110

Figure 8.2 External second-party audit. ............................................................................... 110

Figure 8.3 External third-party audit. ................................................................................... 111

Figure 8.4 Audit process. ......................................................................................................... 117

Figure 8.5 Audit execution process. ...................................................................................... 122

Figure 9.1 Waterfall model—example. ................................................................................. 131

Figure 9.2 V-model—example. ............................................................................................... 132

Figure 9.3 W-model—example. .............................................................................................. 133

Figure 9.4 Spiral model steps. ................................................................................................ 133

Figure 9.5 Spiral model—example. ....................................................................................... 134

Figure 9.6 Iterative model—example. ................................................................................... 136

Figure 9.7 Test–code–refactor rhythm. ................................................................................. 137

Figure 9.8 Test-driven development. ..................................................................................... 137

Figure 9.9 Feature-driven development process. ................................................................ 138

Figure 9.10 Incremental development process—example. .................................................. 141

Figure 9.11 Incremental development over time—example. .............................................. 141

Figure 9.12 Combination of iterative and incremental models—example. ...................... 143

Figure 9.13 Rapid application development—example. ....................................................... 143

Figure 9.14 Evolutionary development over time—example. ............................................. 144

Figure 9.15 Evolutionary development process—example. ................................................ 145

Figure 10.1 Five-tier architecture—example. ......................................................................... 147

Figure 10.2 Client–server architecture—example. ............................................................... 148

Figure 10.3 Web architecture—examples. .............................................................................. 149

Figure 11.1 Requirements engineering process. ................................................................... 153

Figure 11.2 Incremental requirements development. ........................................................... 154

Figure 11.3 Levels and types of requirements. ...................................................................... 156

Figure 11.4 Use case diagram—example. ............................................................................... 167

Table 11.1 Use case—example. ............................................................................................... 169

Figure 11.5 Storyboard—example. .......................................................................................... 171

List of Figures and Tables xvii

Figure 11.6 Data flow diagram (DFD) symbols. .................................................................... 173

Figure 11.7 Data flow diagram (DFD)—example. ................................................................ 174

Figure 11.8a Entity relationship diagram (ERD)—example. ................................................ 175

Figure 11.8b Entity relationship diagram (ERD) cardinality—example. ............................ 175

Figure 11.8c Entity relationship diagram (ERD) modality—example. ............................... 176

Figure 11.8d Other cardinality and modality symbol—examples. ...................................... 176

Figure 11.9 State transition diagram graphic—example. .................................................... 177

Table 11.2 State transition table—example. ......................................................................... 177

Figure 11.10 Class diagram—example. .................................................................................... 178

Figure 11.11 Sequence diagram—example. ............................................................................. 179

Figure 11.12 Activity diagram—example. ............................................................................... 179

Table 11.3 Event/response table—example. ........................................................................ 180

Figure 12.1 Requirements participants. .................................................................................. 182

Figure 12.2 Organizational context. ........................................................................................ 184

Figure 12.3 Iterative requirements evaluation. ...................................................................... 185

Table 12.1 Requirements prioritization matrix. ................................................................... 189

Figure 12.4 Bidirectional (forward and backward) traceability. ......................................... 191

Table 12.2 Traceability matrix—example. ............................................................................ 193

Figure 12.5 Trace tagging—example. ...................................................................................... 194

Figure 13.1 Levels of cohesion. ................................................................................................. 197

Figure 13.2 Levels of coupling. ................................................................................................. 197

Figure 13.3 Methodology triangles. ........................................................................................ 206

Figure 13.4 Agile manifesto. ..................................................................................................... 207

Figure 13.5 Pair programming. ................................................................................................ 209

Figure 15.1 Project management processes. ........................................................................... 221

Figure 15.2 Life cycle phase project management processes. ............................................. 222

Figure 15.3 Cost/schedule/scope trilogy. .............................................................................. 223

Figure 15.4 Project planning is the road map for the project journey. .............................. 224

Figure 15.5 Project planning. .................................................................................................... 225

Figure 15.6 Long-term versus near-term planning. .............................................................. 226

Figure 15.7 PMI project planning process group. ................................................................. 227

Figure 15.8 Project estimates and forecasts. ........................................................................... 232

Figure 15.9 Program evaluation and review technique (PERT) method. .......................... 235

Table 15.1 Weighted scale factors for the COCOMO II model. ......................................... 237

Table 15.2 Cost drivers for COCOMO II model. .................................................................. 238

Figure 15.10 Rayleigh staffing curve. ........................................................................................ 239

Figure 15.11 Product-type work breakdown structure—example. ...................................... 242

Figure 15.12 Process-type work breakdown structure—example. ...................................... 243

Figure 15.13 Hybrid work breakdown structure—example. ................................................ 243

Figure 15.14 Activity on the line network—example. ............................................................ 244

Figure 15.15 Activity on the node network—example. .......................................................... 244

xviii List of Figures and Tables

Figure 15.16 Types of activity network relationships. ............................................................ 245

Figure 15.17 Critical path analysis—example. ........................................................................ 246

Figure 15.18 Scrum process. ....................................................................................................... 250

Figure 15.19 Burn-up chart—example. ..................................................................................... 252

Figure 15.20 Burn-down chart—example. ............................................................................... 253

Figure 15.21 PMI executing process group. ............................................................................. 254

Figure 16.1 Actual project journey. .......................................................................................... 260

Figure 16.2 PMI monitoring and controlling process group. .............................................. 261

Figure 16.3 Scheduling Gantt chart—example. .................................................................... 263

Figure 16.4 Tracking Gantt chart—example. ......................................................................... 264

Table 16.1 Earned value—example. ...................................................................................... 268

Table 16.2 Interpreting earned value. ................................................................................... 269

Figure 16.5 Interpreting earned value. ................................................................................... 270

Figure 16.6 Design deliverable status—example. ................................................................. 270

Figure 16.7 Code deliverable status—example. .................................................................... 271

Figure 16.8 Story point deliverable status—example. .......................................................... 271

Table 16.3 Productivity metric—examples. ......................................................................... 272

Figure 16.9 Productivity metric—example. ........................................................................... 272

Figure 16.10 Resource utilization metric—example. .............................................................. 273

Figure 16.11 Staff turnover metric—example. ......................................................................... 274

Figure 17.1 Risk/opportunity balance. ................................................................................... 283

Figure 17.2 Risk duration. ......................................................................................................... 284

Table 17.1 Project management versus risk management. ................................................ 284

Figure 17.3 Risk management process. ................................................................................... 285

Figure 17.4 Risk statement examples. ..................................................................................... 289

Table 17.2 Risk exposure prioritization matrix—example. ............................................... 292

Table 17.3 Risk exposure scores—example. ......................................................................... 292

Figure 17.5 Risk-handling options. ......................................................................................... 293

Table 17.4 Obtain additional information action—examples. .......................................... 294

Table 17.5 Risk avoidance action—examples. ...................................................................... 294

Table 17.6 Risk-transfer action. .............................................................................................. 295

Table 17.7 Risk mitigation plans—examples. ...................................................................... 296

Table 17.8 Risk reduction leverage—example. .................................................................... 296

Table 17.9 Risk contingency plan—examples. ..................................................................... 298

Figure 18.1 Metrics defined. ..................................................................................................... 307

Table 18.1 Internal and external attributes of a code inspection. ..................................... 309

Figure 18.2 Reliability and validity. ........................................................................................ 311

Figure 18.3 Metric function—examples. ................................................................................ 314

Figure 18.4 Area under the normal curve. ............................................................................. 317

Figure 19.1 Goal/question/metric paradigm. ....................................................................... 324

Figure 19.2 Function points. ..................................................................................................... 327

List of Figures and Tables xix

Figure 19.3 Cyclomatic complexity—examples. .................................................................... 329

Figure 19.4 Structural complexity—examples. ..................................................................... 330

Table 19.1 Defect density example inputs. ........................................................................... 331

Figure 19.5 Post-release defect density—example. ............................................................... 332

Figure 19.6 Problem report arrival rate—examples. ............................................................ 333

Figure 19.7 Cumulative problem reports by status—example. .......................................... 333

Figure 19.8 Amount of test coverage needed—example. ..................................................... 335

Figure 19.9 Changes to requirements size—example. ......................................................... 336

Figure 19.10 Requirements volatility—example. .................................................................... 336

Figure 19.11 Availability example. ............................................................................................ 338

Figure 19.12 Customer satisfaction summary report—example. ......................................... 341

Figure 19.13 Customer satisfaction detailed reports—example. .......................................... 342

Figure 19.14 Customer satisfaction trending report—example. ........................................... 343

Figure 19.15 Responsiveness to customer problems—example. .......................................... 344

Figure 19.16 Defect backlog aging—example. ......................................................................... 344

Figure 19.17a Measuring escapes—requirements example. ................................................... 345

Figure 19.17b Measuring escapes—design example. ............................................................... 346

Figure 19.17c Measuring escapes—coding example. ............................................................... 346

Figure 19.17d Measuring escapes—testing example. ............................................................... 347

Figure 19.17e Measuring escapes—operations example. ........................................................ 347

Figure 19.18 Defect containment effectiveness—example. ................................................... 348

Figure 19.19a Defect removal efficiency—design review example. ....................................... 350

Figure 19.19b Defect removal efficiency—code review example. .......................................... 350

Figure 19.20 Data table—example. ............................................................................................ 352

Figure 19.21 Pie chart—example. .............................................................................................. 352

Figure 19.22 Line graph—example. ........................................................................................... 353

Figure 19.23 Simple bar chart—example. ................................................................................. 353

Figure 19.24 Horizontal bar chart—example. .......................................................................... 353

Figure 19.25 Grouped bar chart—example. ............................................................................. 354

Figure 19.26 Stacked bar chart—example. ............................................................................... 354

Figure 19.27 Area graph—example. .......................................................................................... 355

Figure 19.28 Box chart—example. ............................................................................................. 355

Figure 19.29 Box chart components. .......................................................................................... 356

Figure 19.30 Stoplight chart—examples. .................................................................................. 357

Figure 19.31 Dashboard—example. .......................................................................................... 358

Figure 19.32 Kiviat chart—example. ......................................................................................... 359

Figure 19.33 Kiviat chart comparison—example. ................................................................... 359

Table 20.1 Data ownership—examples. ................................................................................ 364

Figure 20.1 Basic flowchart symbols and flowchart—examples. ....................................... 369

Figure 20.2 Pareto chart—example. ........................................................................................ 370

Figure 20.3 Cause-and-effect diagram—example. ................................................................ 371

xx List of Figures and Tables

Figure 20.4 Process-type cause-and-effect diagram—example. ......................................... 371

Figure 20.5 Check sheet—example. ......................................................................................... 372

Figure 20.6 Scatter diagram—examples. ................................................................................ 373

Figure 20.7 Run chart—example. ............................................................................................ 374

Figure 20.8 S-curve run chart—example. ............................................................................... 374

Figure 20.9 Histogram—examples. ......................................................................................... 375

Figure 20.10 Creating a control chart—example. .................................................................... 376

Figure 20.11 Statistically improbable patterns—example. .................................................... 377

Figure 20.12 Affinity diagram—example. ............................................................................... 380

Figure 20.13 Tree diagram—example. ...................................................................................... 381

Figure 20.14 Matrix diagram—example. .................................................................................. 381

Figure 20.15 Interrelationship digraph—example. ................................................................. 382

Figure 21.1 Verification and validation. ................................................................................. 387

Figure 21.2 V&V techniques identify defects. ....................................................................... 387

Figure 21.3 Verification and validation sufficiency. ............................................................. 390

Figure 21.4 Probability indicators. ........................................................................................... 392

Figure 22.1 When testing happens in the life cycle. ............................................................. 395

Figure 22.2 Test activities throughout the life cycle. ............................................................. 395

Figure 22.3 White-box → gray-box testing. ............................................................................ 397

Figure 22.4 Top-down testing strategy. .................................................................................. 398

Figure 22.5 Bottom-up testing strategy. .................................................................................. 399

Figure 22.6 Black-box testing. ................................................................................................... 400

Figure 22.7 Input field boundary—example. ......................................................................... 407

Table 22.1 Causes and effects—example. ............................................................................. 410

Table 22.2 Cause–effect graphs—example. .......................................................................... 411

Figure 22.8 Cause-and-effect graph with constraints—example. ...................................... 412

Table 22.3 Cause–effect graph constraint symbols—example. ......................................... 412

Table 22.4 Limited-entry decision table—example. ........................................................... 413

Table 22.5 Test cases from cause–effect graphing—example. ........................................... 414

Figure 22.9 Levels of testing. .................................................................................................... 415

Figure 22.10 Function and subfunction list—example. ......................................................... 416

Figure 22.11 Environment in which the function operates. .................................................. 417

Figure 22.12 Decision tree example. .......................................................................................... 419

Figure 22.13 Load, stress, and volume testing. ........................................................................ 421

Figure 22.14 Test what changed. ................................................................................................ 425

Table 22.6 Test matrix—example. .......................................................................................... 427

Table 22.7 Configuration test matrix. .................................................................................... 431

Figure 22.15 Code example. ........................................................................................................ 433

Table 22.8 Statement coverage—example. ............................................................................ 433

Table 22.9 Decision coverage—example. .............................................................................. 434

Table 22.10 Condition coverage—example. ........................................................................... 434

List of Figures and Tables xxi

Table 22.11 Decision/condition coverage—example. ........................................................... 435

Table 22.12 Multiple condition coverage—example. ............................................................ 435

Figure 22.16 Control flow graph—example. ............................................................................ 436

Table 22.13 Stub—example. ...................................................................................................... 439

Table 22.14 Driver—example. .................................................................................................. 439

Figure 23.1 Selecting peer reviewers. ...................................................................................... 447

Figure 23.2 Informal versus formal peer reviews. ................................................................ 449

Figure 23.3 Types of peer reviews. .......................................................................................... 450

Figure 23.4 Risk-based selection of peer review types. ........................................................ 451

Table 23.1 Work product predecessor—examples. ............................................................. 454

Figure 23.5 Formal walk-through process. ............................................................................ 455

Figure 23.6 Walk-throughs versus inspection. ...................................................................... 456

Figure 23.7 Inspection process. ................................................................................................ 457

Figure 23.8 Inspection planning step process. ...................................................................... 459

Figure 23.9 Inspection meeting step process. ........................................................................ 462

Figure 24.1 Types of testing documentation. ......................................................................... 466

Figure 24.2 Test case—examples. ............................................................................................. 469

Figure VII.1 Software configuration management activities. ............................................... 480

Figure 26.1 Software build. ....................................................................................................... 487

Figure 26.2 Creating a new software work product. ............................................................ 492

Figure 26.3 Creating a software build. .................................................................................... 493

Figure 26.4 Testing a software build. ...................................................................................... 494

Figure 26.5 Modifying a controlled work product—check-out process. ........................... 495

Figure 26.6 Modifying a controlled work product—modification process. ..................... 495

Figure 26.7 Modifying a controlled work product—check-in process. ............................. 496

Figure 26.8 Main codeline—example. .................................................................................... 496

Figure 26.9 Branching—example. ............................................................................................ 497

Figure 26.10 Merging—example. ............................................................................................... 498

Figure 27.1 Levels of software work product control. .......................................................... 501

Figure 27.2 Configuration identification hierarchy. ............................................................. 502

Figure 27.3 Configuration item acquisition. .......................................................................... 506

Figure 27.4 Configuration unit identification scheme—example. ..................................... 507

Figure 27.5 Labeling—example. .............................................................................................. 508

Figure 27.6 Branching identification scheme—example. .................................................... 509

Figure 27.7 Build identification scheme—example. ............................................................. 509

Figure 27.8 Build identification scheme—internal build status example. ........................ 510

Figure 27.9 Document identification scheme—example. .................................................... 511

Figure 27.10 Types of baselines. ................................................................................................. 512

Figure 28.1 Types of software configuration control. ........................................................... 518

Figure 28.2 Change control process. ....................................................................................... 519

Figure 28.3 Document control process. ................................................................................... 521

xxii List of Figures and Tables

Figure 28.4 Manual tracking of item changes. ....................................................................... 522

Figure 28.5 Configuration item dependencies. ...................................................................... 524

Figure 28.6 Configuration control board processes for change control. ........................... 526

Figure 28.7 Configuration control board processes for document control. ...................... 528

Figure 28.8 Using backward traceability for defect analysis—example. .......................... 530

Figure 28.9 Using forward traceability for defect analysis—example. ............................. 531

Figure 28.10 Multiple levels of CCBs—code example. ........................................................... 532

Figure 28.11 Membership of multiple levels of CCBs. ............................................................ 532

Figure 28.12 Multiple levels of CCBs—software requirements specification (SRS) example. .................................................................................................................. 533

Figure 28.13 Software product evolution graph—example. .................................................. 534

Figure 28.14 Software unit versioning—example 1. ............................................................... 535

Figure 28.15 Software unit versioning—example 2. ............................................................... 536

Figure 28.16 Software unit versioning—example 3. ............................................................... 537

Figure 28.17 Impact analysis and concurrent development. ................................................. 538

Table 29.1 Example FCA checklist items and evidence-gathering techniques. ............. 546

Table 29.2 Example PCA checklist items and evidence-gathering techniques. ............. 548

Figure 30.1 Corrective release. ................................................................................................. 552

Figure 30.2 Feature release. ...................................................................................................... 552

Figure 30.3 Packaging of releases over time. ......................................................................... 555

Figure 30.4 The problem with patching. ................................................................................. 556

xxiii

Preface

Continuous improvement is a mantra implicit to the quality profession. So as software quality engineers, we should not be surprised our own discipline has continued to evolve and change. By ‘practicing what we preach’ in our

own field, adopting ‘lessons learned’ from implementing software quality prin-ciples and practices, and proactively staying involved in managerial, procedural, and technological advances in software engineering and the quality arena, soft-ware quality engineers have learned to increase the value they add to the end software products.

One of the primary roles of a software quality engineer is to act as a man-agement information source that keeps software quality as visible to software management as cost and schedule are when business plans and decisions need to be made. In order to fulfill this role, software quality engineers must continu-ously improve their skill and knowledge sets. The software quality profession has moved beyond the limits of using only testing or auditing as the primary tools of our trade. Software quality has emerged into a multi-faceted discipline that requires us, as software quality engineers, to be able to understand and apply knowledge that encompasses:

• Software quality management. The processes and activities involved in setting the organization’s strategic quality goals and objectives, establishing organizational, project, and product quality planning, and providing the oversight necessary to ensure the effectiveness and efficiency of the organization’s quality management system. Software quality management provides leadership and establishes an integrated, cross-functional culture where producing high-quality software is “just the way we do things around here.”

• Software quality engineering. The processes and activities needed to define, plan, and implement the quality management system for software-related processes, projects, and products. This includes defining, establishing, and continuously improving software-related systems, policies, processes, and work instructions that help prevent defects and build quality into the software.

• Software quality assurance. The planned and systematic set of all actions and activities needed to provide adequate confidence that the:

– Software work products conform to their standards of workmanship and that quality is being built into the products

– Organization’s quality management system (or each individual process) is adequate to meet the organization’s quality goals and objectives, is appropriately planned, is being followed, and is effective and efficient.

• Software quality control. The planned and systematic set of all actions and activities needed to monitor and measure software projects, processes, and products to ensure that special causes have not introduced unwanted variation into those projects, processes, and products.

• Software verification and validation. The processes and activities used to ensure that software products meet their specified requirements and intended use. It helps ensure that the “software was built right” and the “right software was built.”

• Soft skills. A software quality engineer also needs what are referred to as the “soft skills” to be effective in influencing others toward quality. Examples of “soft skills” include leadership, team building, facilitation, communication, motivation, conflict resolution, negotiation, and more.

The ASQ Certified Software Quality Engineer (CSQE) Body of Knowledge (BoK) is a comprehensive guide to the “common knowledge” software quality engineers should possess about these knowledge areas. To keep the CSQE BoK current with industry and practitioner needs, a modernized version of the CSQE BoK is released every five years. This handbook contains information and guidance that supports all of the topics of the 2008 version of the CSQE BoK (included in Appendix A) upon which the CSQE exam is based. Armed with the knowledge presented in this handbook to complement the required years of actual work experience, quali-fied software quality practitioners may feel confident they have taken appropriate steps in preparation for the ASQ CSQE exam.

However, my goals for this handbook go well beyond it being a CSQE exam preparation guide. I designed this handbook not only to help the software qual-ity engineers, but as a resource for software development practitioners, project managers, organizational managers, other quality practitioners, and other profes-sionals who need to understand the aspects of software quality that impact their

Softwarequalitycontrol

Softwarequality

assuranceSoftwarequality

engineering

Softwarequality

management

Softskills

Verificationand

validation

Area ofknowledge needed

by a Software QualityEngineer

xxiv Preface

Preface xxv

work. It can also be used to benchmark their (or their organization’s) understand-ing and application of software quality principles and practices against what is considered a cross-industry “good practice” baseline. After all, taking stock of our strengths and weaknesses we can develop proactive strategies to leverage soft-ware quality as a competitive advantage.

New software quality engineers can use this handbook to gain an under-standing of their chosen profession. Experienced software quality engineers can use this handbook as a reference source when performing their daily work. I also hope that trainers and educators will use this handbook to help propagate soft-ware quality engineering knowledge to future software practitioners and manag-ers. Finally, this handbook strives to establish a common vocabulary that software quality engineers, and others in their organizations can use to communicate about software and quality. Thus increasing the professionalism of our industry and eliminating the wastes that can result from ambiguity and misunderstandings.

For me, personally, obtaining my CSQE certification, participating in the devel-opment of the ASQ CSQE program and even the writing this book were more about the journey then the destination. I have learned many lessons from my col-leagues, clients and students over the years since I first became involved with the ASQ CSQE effort in 1992, as well as during my 30 plus year career in software. I hope that you will find value in these ‘lessons learned’ as they are embodied in this handbook. Best wishes for success in your software quality endeavors!

Linda Westfalllwestfall@westfallteam.com

(This page intentionally left blank)

xxvii

I would like to thank all of the people who helped review this book as I was writing it: Zigmund Bluvband, Dan Campo, Sue Carroll, Carolee Cosgrove-Rigsbee, Margery Cox, Ruth Domingos, Robin Dudash, Scott Duncan, Eva Fre-

und, Tom Gilchrist, Steven Hodlin, Theresa Hunt, James Hutchins, Yvonne Kish, Matthew Maio, Patricia McQuaid, Vic Nanda, Geree Streun, Ponmurugarajan Thi-yagarajan, Bill Trest, Rufus Turpin, and Cathy Vogelsong.

I would like to thank Jay Vogelsong for the cartoons and character clip art used in this book.

I would like to express my appreciation to the people at ASQ Quality Press, especially Matt Meinholz and Paul O’Mara, for helping turn this book into reality. I would also like to thank the staff of New Paradigm Prepress and Graphics for their copyediting skills, for creating the table of contents, list of figures, and index, and for turning my manuscript into a format worthy of being published.

Finally, I would like to thank all of the people who volunteered their time, energy, and knowledge to work with the ASQ and the Software Division to turn the Certified Software Quality Engineer (CSQE) exam into reality and who continue to support the ongoing body of knowledge and exam development activities.

Acknowledgments

(This page intentionally left blank)

1

Part I

Part IGeneral Knowledge

Chapter 1 A. Quality PrinciplesChapter 2 B. Ethical and Legal ComplianceChapter 3 C. Standards and ModelsChapter 4 D. Leadership SkillsChapter 5 E. Team Skills

2

Chapter 1

A. Quality Principles

Since this is a book about software quality engineering, it would be appropri-ate to start with a definition of quality. However, the industry has not, and may never, come to a single definition of the term quality. For example, the

ISO/IEC Systems and Software Engineering—Vocabulary (ISO/IEC 2009) has the fol-lowing set of definitions for quality:

1. The degree to which a system, component, or process meets specified requirements

2. Ability of a product, service, system, component, or process to meet customer or user needs, expectations, or requirements

3. The totality of characteristics of an entity that bear on its ability to satisfy stated and implied needs

4. Conformity to user expectations, conformity to user requirements, customer satisfaction, reliability, and level of defects present

5. The degree to which a set of inherent characteristics fulfills requirements.

Based on his studies of how quality is perceived in various domains (for example, philosophy, economics, marketing, operations management), Garvin ( Schulmeyer 1998) concluded, “Quality is a complex and multifaceted concept.” Garvin describes quality from five different perspectives:

• Transcendental perspective. Quality is something that can be recognized but not defined. As stated by Kan (2003), “to many people, quality is similar to what a federal judge once said about obscenity: ‘I know it when I see it.’” This perspective of quality takes the viewpoint of the individual into consideration. What is “obscenity” to one person may be “art” to another. What one customer considers good software quality may not be high enough quality for another customer. Tom Peters cites the customer’s reaction as the only appropriate measure for the quality of a product. This requires that product developers keep in touch with their customers to ensure that their specifications accurately reflect the customer’s real (and possibly changing) needs.

Part

I.A

Chapter1:A.QualityPrinciples 3

• Manufacturing perspective. Philip Crosby defines quality in terms of conformance to the specification. His point is that an organization does not want a variety of people throughout the development of a product trying to make judgments about what the customer needs or wants. A well-written specification is the cornerstone for creating a quality product. For software, however, this perspective of quality may not be sufficient since according to Wiegers (2003), errors made during the requirements stage account for 40 percent to 60 percent of all defects found in a software project. From another viewpoint, this perspective refers to the ability to manufacture (replicate) a product to that specification over and over within accepted tolerances. W. Edwards Deming talks about quality needing “precision of effort.” Before an organization adjusts its processes to improve them, it must let them run long enough to understand what is really being produced. Then it needs to design its specifications to reflect the real process capabilities. While the primary focus of software quality is on the design and development activities, this manufacturing and “precision of effort” quality perspective reminds software organizations that the replication process can not be completely ignored.

• User perspective. Joseph M. Juran cites fitness for use as the appropriate measure for quality. Software practitioners can all probably relate stories of software products that conformed to their specifications but did not function adequately when deployed into operations. This perspective of quality not only considers the viewpoints of the individual users but their context of use as well. For example, what a novice user might consider a “quality” user interface might drive a power user to distraction with pop-up help and warning messages that require responses. What is a secure-enough interface for a software database used for personal information at home might be woefully inadequate in a business environment.

• Product perspective. Quality is tied to inherent characteristics of the product. These characteristics are the quality attributes, also called the “ilities” of the software product. Examples include reliability, usability, availability, flexibility, maintainability, portability, installability, and adaptability. Of course they don’t all end in “ility.” Functionality, correctness, fault tolerance, integrity, efficiency, security, and safety are also examples of quality attributes. The more the software has high levels of these characteristics, the higher its quality is considered to be. The ISO/IEC 25000 Software Engineering—Software Product Quality Requirements and Evaluation (SQuaRE) standard series (transition from the previous ISO/IEC 9126 and 14598 series of standards) provides a reference model and definitions for external and internal quality attributes and quality-in-use attributes. This standards series also provides guidance for specifying requirements, planning and managing, measuring, and evaluating quality attributes.

Part I.A

4 Part I: General KnowledgePa

rt I.

A.1

• Value-based perspective. Quality is dependent on the amount a customer is willing to pay for it. This perspective leads to considerations of “good enough” software quality. Are people willing to pay as much for high-quality video game software as they are for high-quality software in biomedical devices or the high-quality software for airplane navigation systems?

1. BenefIts of softwAre QuAlIty

Describe the benefits that software quality engineering can have at the organizational level. (Understand)

Body of Knowledge I.A.1

At its most basic, increasing the quality of the software typically means reduc-ing the number of defects in the software. Defects can result from mistakes that occurred during the development process that introduced faults into the software work products. Defects can also be missing, ambiguous, or incorrect require-ments that result in the development of software that does not match the needs of its stakeholders. The most cost-effective way of handling a defect is to prevent it. In this case, software quality is accomplished through process improvement, increasing staff knowledge and skill, and through other defect prevention tech-niques that keep defects out of the software. Every defect that is prevented elimi-nates rework to correct that defect and the effort associated with that rework.

If a defect does get interjected into the software, the shorter the period of time between when that defect is introduced and when it is identified and corrected, the less rework effort is typically required to correct that defect. Eliminating the waste of rework allows organizations to use the saved effort hours to produce additional value-added software. In this case, software quality is accomplished through techniques that improve defect detection techniques and find the defects earlier. Both defect prevention and detection help keep software defects from being delivered into operations.

The elimination or reduction of rework can also be used to shorten the cycle time required to produce a software product, and it can directly translate into reductions in costs. For example, as illustrated in Figure 1.1, when using tradi-tional software development methods, if a requirements defect is found during the requirements phase and it costs one unit to fix (for example, three engineer-ing hours of effort, or $500), that same defect will typically increase exponentially in cost to fix as it is found later and later in the life cycle. In fact, studies show that it can cost 100-plus times more to fix a requirements defect if it is not found until after the software is released into operations. The main point here is that the development of software is a series of dependencies, where each subsequent step

Chapter1:A.QualityPrinciples 5Part I.A

.1

builds on and expands the products of the previous step. For example, a single requirement could result in four design elements that expand into seven code units. All of these have supporting documentation and/or tests. A defect that is prevented or found early keeps the entire tree from needing to be backtracked, investigated, and potentially reworked. Agile methods specifically attack these costs by significantly shortening the development cycle using incremental devel-opment and through other techniques that shorten defect interjection to correc-tion cycle times.

If fewer software defects are delivered into operations, there is a higher proba-bility of failure-free operations. Unlike hardware, software does not wear out with time. If a defect is not encountered during operations, the software performs reli-ably. Reliable software can increase the effectiveness and efficiency of work being done using that software. Reliable software reduces both failure and maintenance costs to the software’s customers and thus reduces the overall cost of ownership of the software product.

Taking a broader view, high-quality software is software that has been specified correctly and that meets its specification. If the software meets the stake-holder’s needs and expectations and is value-added, it is more likely to be used instead of ending up as “shelfware.”

If the customers and users receive software that has fewer defects, that is more reliable, and that performs to their needs and expectations, then those customers and users will be more satisfied with the software. This is illustrated in Figure 1.2, which depicts Noritaki Kano’s model of the relationship between customer satis-faction and quality.

• Basic quality. There is a basic level of quality that a customer expects the product to have. These are quality requirements that are assumed by the customer and are typically not explicitly stated or requested. For example,

Requirements Design Code

Life cycle phases

Test Operations

Cos

t

×100+

×1

$ $ $ $ $ $$

$$

$$

$$

$

Figure 1.1 Cost of fixing defects.

6 Part I: General KnowledgePa

rt I.

A.1

customers expect a car to have four tires, a windshield, windshield wipers, and a steering wheel. They will not ask for these items when purchasing a new car, but they expect them to be there. This level of quality does not satisfy the customer. (Note that the entire “basic quality” line is in the dissatisfaction region.) However, absence of quality at this level will quickly increase a customer’s dissatisfaction.

• Expected quality. The “expected quality” line on the graph in Figure 1.2 represents those quality requirements that the customer explicitly considers and requests. For example, they will state their preferences for the make, model, and options when shopping for a car. The customer will be dissatisfied if this level of quality is not met and increasingly satisfied as this quality level increases.

• Exciting quality. This is the innovative quality level and represents unexpected quality items. These are items that the customer doesn’t even know they want, but they will love them when they see them, for example, when cup holders were introduced in cars. Note that the entire “exciting quality” line is in the satisfaction region. It should be remembered, however, that today’s innovations are tomorrow’s expectations. If fact, most customers now consider a cup holder as part of the basic requirements for a car.

An increase in the quality of the software can also increase the satisfaction of the software practitioners. For most software engineers, their favorite activity is not burning the midnight oil trying to debug critical problems reported from opera-tions. By producing a high-quality product, engineers can also take pride in what they are doing, which increases their satisfaction.

Sat

isfa

ctio

nre

gion

Dis

satis

fact

ion

regi

on

Exciting quality

Expected quality

Basic quality

Figure 1.2 Kano model.

Chapter1:A.QualityPrinciples 7Part I.A

.2

2. orgAnIzAtIonAl And ProCess BenChmArKIng

Use benchmarking at the organizational, process, and project levels to identify and implement best practices. (Apply)

Body of Knowledge I.A.2

Benchmarking is the process used by an organization to identify, understand, adapt, and adopt outstanding practices and processes from others, anywhere in the world, to help that organization improve the performance of its processes, projects, products, and/or services. Benchmarking can provide management with the assurance that quality and improvement goals and objectives are aligned with best-in-class practices of other organizations. At the same time it helps ensure that those goals and objectives are obtainable because others have obtained them. The use of benchmarking can help an organization “think outside the box,” and can result in breakthrough improvements.

Figure 1.3 illustrates the steps in the benchmarking process. The first step is to determine what to benchmark, that is, which process, project, product, or ser-vices the organization wants to analyze and improve. This step involves assessing the effectiveness and efficiencies, strengths, and weaknesses of the organization’s current practices, identifying areas that require improvement, prioritizing those areas, and selecting the area to benchmark first. The Certified Manager of Quality/Organizational Excellence Handbook (Westcott 2006) says, “examples of how to select what to benchmark include systems, processes, or practices that:

• Incurthehighestcosts

• Haveamajorimpactoncustomersatisfaction,quality,orcycletime

• Strategicallyimpactthebusiness

• Havethepotentialofhighimpactoncompetitivepositioninthemarketplace

• Presentthemostsignificantareaforimprovement

• Havethehighestprobabilityofsupportandresourcesifselected for improvement”

The second step in the benchmarking process is to establish the infrastructure for doing the benchmarking study. This includes identifying a sponsor to provide necessary resources and championship for the benchmarking activities within the organization. This also includes identifying the members of the benchmark-ing team who will actually perform the benchmarking activities. Members of this team should include individuals who are knowledgeable and involved in the area being benchmarked, and others who are familiar with benchmarking practices.

8 Part I: General KnowledgePa

rt I.

A.2

In order to do an accurate comparison, the benchmarking team must obtain a thorough, in-depth understanding of current practice in the selected area. Key performance factors for the current practice are identified, and the current values of those key factors are measured during this third step in the benchmarking pro-cess. Current practices are studied, mapped as necessary, and analyzed.

The fourth step is to determine the source of benchmarking best-practice infor-mation. A search and analysis is performed to determine the best-practice leaders in the selected area of study. There are several choices that can be considered:

• Internal benchmarking. Looks at other teams, projects, functional areas, or departments within the organization for best-practice information.

• Competitive benchmarking. Looks at direct competitors, either locally or internationally, for best-practice information. This information may be harder to obtain than internal information, but industry standards, trade journals, competitor’s marketing materials, and other sources can provide useful data.

• Functional benchmarking. Looks at other organizations performing the same functions or practices but outside the same industry. For example, an information technology (IT) team might look for best practices in other IT organizations in other industries. IEEE and ISO standards and the Software Engineering Institute’s Capability Maturity Model Integration (CMMI) for Development are likely sources of information in addition to talking directly to individual organizations.

• Generic benchmarking. Looks outside the box. For example, an organization that wants to improve on-time delivery practices might look to FedEx, or an organization that wants to improve just-in-time, lean inventory practices might look to Wal-Mart or Toyota, even if the organization is not in the shipping, retail, or automotive arena.

1. Determine what to benchmark

2. Establish benchmarking infrastructure

3. Understand and measure current practice

4. Determine source of benchmarking information

5. Analyze best practices

6. Plan and implement improvement

Repeat asappropriate

Figure 1.3 Steps in the benchmarking process.

Chapter1:A.QualityPrinciples 9Part I.A

.2

In the fifth step of the benchmarking process, the best-practices information is gathered and analyzed. There are many mechanisms for performing this step including site visits to targeted benchmark organizations, partnerships where the benchmark organization provides coaching and mentoring, research studies of industry standards or literature, evaluations of best-practice databases, Internet searches, attending trade shows, hiring consultants, customer surveys, and other activities. The objective of this study is to:

• Collectinformationanddataontheperformanceoftheidentified benchmark leader and/or on best practices

• Evaluateandcomparetheorganization’scurrentpracticeswiththe benchmark information and data

• Identifyperformancegapsbetweentheorganization’scurrentpracticesand the benchmark information and data in order to identify areas for potential improvement and lessons learned

This comparative analysis is used to determine where the benchmark is better and by how much. The analysis then determines why the benchmark is better. What specific practices, actions, or methods result in the superior performance?

For benchmarking to be useful, the lessons learned from the best-practice analysis must be used to improve the organization’s current practices. This final step in the benchmarking process involves:

• Obtainingmanagementbuy-inandacceptanceofthefindingsfromthebenchmarking study.

• Incorporatingthebenchmarkingfindingsintobusinessanalysisand decision making.

• Creatingaplanofspecificactionsandassignmentstoadapt(tailor)andadopt the identified best practices to fill the performance gaps.

• Pilotingthoseimprovementactionsandmeasuringtheresultsagainst the initial values of identified key factors to monitor the effectiveness of the improvement activities.

• Forsuccessfulimprovementactivities,propagatingthoseimprovementsthroughout the organization. For unsuccessful pilots or propagations, appropriate corrective action must be taken.

Once the selected area has been successfully improved, lessons learned from the benchmarking activities should be leveraged into the improvement of future bench marking activities. The benchmarking process can also be repeated to con-sider improvements for other areas from the prioritized list created in the first step of the benchmarking process, and of course this prioritized list should be updated as additional information is obtained over time. Benchmarking must be a con-tinuous process that not only looks at current performance but also continues to monitor key performance indicators into the future as industry practices change and improve.

623

Index

A

acceptance criteria, 87, 262–63, 416, 426, 506acceptance testing, 416, 477access control, 200, 300accessibility, 150, 421accessor operations, in object-oriented

analysis and design, 199accident, IEEE definition, 302accountability, 15, 26, 140, 300accuracy

of data, 366–67metric, 339quality attribute, 158

acquisition points, in software configuration management identification, 505–6

acquisition process, in outsourcing, 80–87activity diagrams, 172, 178activity network, 244–45, 382actor, versus user, 166–67ACWP (actual value), 267–69adaptive software maintenance, 214adjourning, 52affinity diagrams, 57–58, 378–79Agile Alliance, 207Agile Manifesto, 207–8agile project metrics, 251–52agile software development methods, 206–8allocated baseline, in software configuration

management identification, 512alpha testing, 477analysis, in requirements coverage, 428analytical techniques, 360–84anomaly report, 471–72appraisal cost of quality, 90architectural design, 135, 146, 191, 195, 196,

203, 226, 270, 386, 513, 523architectural design review, 275archival processes, 558–60area graphs, 355

arrival rates, metric, 332artistic testing, 423–24ASQ Code of Ethics, 10–12assemblers, 487assumption, 81, 171, 286, 288, 337–38, 408attack, on software, 157, 200–201, 299–301attribute, of entity, 308audit, definition, 107audit checklists, 121audit corrective action, 126–27audit criteria, 119–20audit execution, 122–25audit follow-up, 126–27audit initiation, 117–20audit objectives, 107–8audit plan, 120–21audit planning, 120–21audit preparation, 121–22audit process, 116–27

steps, 116–17audit program, 108audit purpose statement, 118–19audit report, 125audit reporting, 125–26audit scope, 119audit team lead, 114–15audit team meetings, 124–25auditee management, 115auditees, 116auditor, lead, 114–15auditor management, 113–14auditors, 115audits, 107–27

consequences of, 108–9roles and responsibilities, 113–16types, 109–13

author (inspection team member), 456author assignment, 504authority and responsibility, in software

configuration management identification, 504

624 Index

automationof software builds, 514test, 402–3

availabilitymetric, 338quality attribute, 157

B

backup library, 491backups, 559–60backward traceability, 192

in impact analysis, 530bar charts, 352–54base measures, 312–13baseline metadata, 541baselines, in configuration identification,

511–13basic quality, in Kano model, 5–6basis path testing, 436–37BCWP (earned value), 268–69BCWS (planned value), 267–69behavioral patterns, 200benchmarking, organizational and process,

7–9best practices, identifying in audits, 126beta testing, 477–78bidirectional traceability, 190–94

in impact analysis, 530big design up front (BDUF), 210black-box testing, 400–401

in regression testing, 424Body of Knowledge, Software Quality

Engineer Certification (Appendix A), 561–71

bottom-up gray-box testing, 399–400boundary value analysis, 407boundary value testing, 436box charts, 355box-and-whisker diagrams, 355boxes, in cleanroom engineering, 212brainstorming, 55branch coverage, 434branching, software configuration

management library process, 495–97

budgetin project planning, 240in project tracking and controlling, 265

build metadata, 541build scripts, 488

builds. See software buildburn charts, in crystal, 252burn-down chart, 252burn-up chart, 252business analysts, 182business objectives, in project deployment,

255business requirements, 155business requirements document (BRD), 160business rules, in requirements engineering,

157

C

calendar time, 233Capability Maturity Model Integration

(CMMI) for Development, SEI, 21–24in corrective action process, 101

capacity, metric, 339capital costs, in project planning, 240cardinality, in entity relationship diagrams,

174cause-and-effect diagram, 370–71cause–effect graphing (CEG), 409–13CD keys, 477centerline, in control charts, 376central limit theorem, 314–15certification testing, 416change

in software configuration management identification, 504

types of, 26change agent, 27change authority board (CAB), 524–33change control, 518–20, 526–27change control board (CCB), 524–33

in requirements change management, 190in requirements management, 183

change managementorganizational, 26–28in requirements management, 183tools, 488–89

change request, 471–72charts, for metrics reporting, 351–55check sheets, 371–72check-in, 492, 534checklist, 69–71

audit, 121standardized, 550

check-out, 494, 534checksums, 476

Index 625

chief programmer work packages, in feature-driven development, 139

class, in object-oriented analysis and design, 198

class diagrams, 172, 177–78cleanroom engineering, 212clear-box testing, 396–97client, audit, 113client–server architecture, 148–49closing meeting, of an audit, 114, 115, 122, 125cluster sampling, 362coaching, 31–32COBOL programming language, 145COCOMO. See constructive cost modelcode and tests, 211code coverage techniques, 432–37codeline, 495–498, 535–36cohesion, 196, 201collaboration platforms, 150–51colors, use of in graphs and charts, 355, 356common cause variation, 378commercial off-the-shelf (COTS) software

in software configuration management identification, 505

testing of, 425–26communication

in requirements elicitation, 162types of, 40–41

communication plans, 232communication skills, 40–47competitive benchmarking, 8compilers, 487complex metrics, 313–14complexity, 137, 139, 168, 199, 201–3, 238, 290,

310, 321, 323, 529concept of operations document, 160concurrent development, 534–39condition coverage, 434–35configuration audits, 544–50configuration components, 501–2configuration control, 516–39configuration control board (CCB), 100,

519–20, 524–33member roles and responsibilities, 525–26multiple levels of, 530–33processes, 526–28

configuration identification, 500–515baselines, 511–13managerial factors, 504–5methods (schema), 506–11technical factors in, 503–4

configuration infrastructure, 482–99

configuration items, 500–513dependencies, 523, 541interrelationship data, 541metadata, 541

configuration management deviations and waivers data, 541

configuration management team, 482–86configuration management tools, 486–89configuration status accounting, 539–43configuration status reporting, 542–43configuration units, 501–2conflict, management and resolution, 34–37conflicts of interest, 10–12conformance, 3, 112, 119, 544consistency, in measurement validity, 310constructive cost model (COCOMO), 236constructive cost model version 2 (COCOMO

II), 236–39effort multiplier cost drivers, 238–39

constructor operations, in object-oriented analysis and design, 199

context-free questions, 46contingency plans, in risk management, 297continuous integration, in extreme

programming, 210contract objectives, in project deployment,

255contract requirements, defining, in

outsourcing, 83contracts, 12

negotiating and awarding, in outsourcing, 84–85

contractual risks, 290control charts, 376–78control limits, 376controlled library, 490–91controlled test environments, 440–41controlled work product, modifying,

493–94conversion (tort), 13copyrights, 13corrective action

audit, 126–27procedures, 99–104process, 101–4project, 265–66request, 101–2

corrective release, 551corrective software maintenance, 213–14correctness, 3, 184, 212, 339, 388, 431, 480correlation, 372–73

in measurement validity, 310

626 Index

costprocess metric, 340project, 233, 240

cost/benefit analysis, 83, 134, 295, 306, 312cost drivers, in the constructive cost model,

238–39cost objectives, in project deployment, 255cost of quality (COQ), 89–93cost performance index (CPI), 268cost variance, 268, 269COTS. See commercial off-the-shelf (COTS)

softwarecounting criteria, 308–9, 312–13coupling, 196creational patterns, 200critical design review, 276critical path method (CPM), 246–48critical-to-quality (CTQ) characteristics,

105–6Crosby, Philip, 3cross-functional teams, 48crystal (agile methodology), 251–52customer, audit, 113customer deliverables, 474–78customer impact metrics, 341–45customer satisfaction, metrics, 341–43customer/user testing, 477–78customers

in requirements management, 181as stakeholders, 72–76

cycle time, process metric, 340–41cycle time objectives, in project deployment,

255cyclic redundancy checks (CRC), 476cyclomatic complexity, 310, 328–29, 334

in basis path testing, 436–37

D

daily deployment, in extreme programming, 211

dashboards, metrics, 356–57data

high-quality, ensuring, 366how to collect, 365software configuration management,

types, 541test results, 472who should collect, 363–65

data accuracy, 366–67data availability time, 367–68

data collection, 363–68reasons for, 306and recording, in configuration status

accounting, 539–42data collection time, 367data completeness, 367data domain coverage, 429data extraction time, 368data flow diagram (DFD), 172, 173data flow modeling, in structured analysis

and design, 197data integrity, 363–68data modeling, in structured analysis and

design, 197data owner, role in data collection, 363–65data privacy, 14data reporting time, 368data requirements, 159data tables, 351–52data timeliness, 367–68data-driven testing, 400–401date and time domain coverage, 429debug, 90, 91, 100, 216, 332, 333, 441, 442, 445,

490, 514, 540decision coverage, 434decision criteria, in metric, 356decision trees, 173decomposition, in risk identification, 287decoupling, 201defect containment, 348–49defect density, 330–31defect detection, 345–48defect detection effectiveness, 349–51defect detection efficiency, 349–51defect prevention, 104–6defect removal efficiency (DRE), 349–51defect report, 471–72defects, and software quality, 4deliverables, 68–69

customer, 474–78tracking, 270–72

delivery, software, 555–57Delphi technique, 233–34Deming, W. Edwards, 3Deming circle, 93demonstration, in requirements coverage,

427–28denial of service, 299departmental audit strategy, 120dependencies

configuration item, 523hardware, 557

Index 627

software, 557–58in software configuration management

identification, 504dependent variable, 372depth metric, 329–30derived measures, 313–14design, quality attributes and, 200–202design constraints, 159design for Six Sigma, 96–97design methods, 195–200design patterns, 199–200designers, in requirements management, 182desk audits, 113desk checks, 452–54

versus inspections and walk-throughs, 450–51

destructor operations, in object-oriented analysis and design, 199

detailed design, 97, 124, 135, 146, 182, 195, 196, 270–71, 276, 386, 523

detailed design review, 276developers, in requirements management,

182development audits, of customer

deliverables, 475development library, 490development testing, of customer

deliverables, 475developmental baselines, in software

configuration management identification, 513

deviation, 262–65, 269, 541direct metrics, 312–13direct-access media, 557disaster recovery plan, 559discovery method audit strategy, 120discriminative power, in measurement

validity, 310distributed work environments, working

in, 54distributors, as stakeholders, 73DMADV (define, measure, analyze, design,

verify) model, 96–97DMAIC (define, measure, analyze, improve,

control) model, 94–96document audit, 113document control, 520–21, 527–28document studies, in requirements

elicitation, 164documentation

quality management system, 63test execution, 466–78

documentation hierarchy, in software configuration management identification, 504

documentation plan, 229documentation writers, in requirements

management, 182–83domain testing, 435–36drivers, test, 439–40duration, 233, 246–48dynamic analysis, 389dynamic cycle time, 341dynamic library, 490dynamic reliability models, 337

E

early design, in COCOMO II model, 236earned value, tracking, 267–69earned value management (EVM), 267

analysis, 232effective listening, techniques, 43–45efficiency (quality attribute), 157effort, project, 232–33effort multiplier cost drivers, in COCOMO II

model, 238–39electronic transfer, in software delivery, 556,

557element method audit strategy, 120embedded system, 146–47energized work, in extreme programming,

208engineering change board (ECB), 524–33engineering process group (EPG), 49, 103engineering processes, systems and

software, 129–217enhancement request, 215, 488, 526entity, in measurement, 308entity behavior modeling, in structured

analysis and design, 197entity relationship diagram (ERD), 172,

174–76entry criteria, 262environmental factors, in project planning,

228environmental load testing, 420equity theory, of motivation, 31equivalence class partitioning, 406–7equivalence class testing, 435–36error guessing, 408error tolerance (quality attribute), 158escapes (defects), 345

628 Index

escort, 116estimation and planning, in software

configuration management identification, 504

estimation techniques, model-based, 236–40ethical compliance, 10–12ETVX method, of process mapping, 65event, 178, 180event/response tables, 173, 178–80evidence, objective

definition, 122–23techniques for gathering, 123–24

evolutionary change, 26evolutionary development, 143–45evolutionary prototypes, 165exception handling, 408–9exciting quality, in Kano model, 6executable, 394, 474, 487, 488, 508, 513, 555execution

in requirements coverage, 428in testing, 467–68

exit criteria, 262expectancy theory, of motivation, 31expected quality, in Kano model, 6expert-judgment estimation techniques,

233–35explicit knowledge, 29explicit measures, 312–13exploratory audit, 120exploratory testing, 423–24external attributes, of entity, 308external audits, 110–11external failure cost of quality, 90–91external input, function type, 327external inquiry, function type, 327external interface file, 327external interface requirements, 159, 160external output, function type, 327external validity, of metric, 310extranet, 150extreme programming (XP), 136, 208–11extrinsic motivation, 30

F

facilitated requirements workshops, 163–64facilitation skills, 34–40facilitator, 34failure mode effects and criticality analysis

(FMECA), 201, 302

failure report, 471–72fan-in metric, 330, 334fan-out metric, 330, 334fat client, in client–server architecture,

148–49fault insertion, 408fault seeding, 408fault tolerance (quality attribute), 158fault-error handling, 408–9feasibility, 165, 182, 287feature release, 552feature-driven development (FDD), 138–40field-testing, 477–78file systems, as users in functional testing,

417–18financial risks, 290finding, 108, 109, 125–26firewall, 200, 300firmware, 146–47first office verification, 477–78first-party audits, 109–10first-pass yield, process metric, 340fishbone diagram, 370–71five whys method, 383–84flexibility (quality attribute), 158flowcharts, 368–70focus groups, in requirements elicitation,

162–63follow-up, audit, 126–27follow-up audits, 112–13force field analysis, 60forecasts, 232–33formal methods, 211forming, phase of team development, 51forward traceability, 191

in impact analysis, 530fraud (tort), 14full release, 554function points, 326–28functional baseline, in software

configuration management identification, 512

functional benchmarking, 8functional characteristics, of configuration

items, 505functional configuration audit (FCA), 544,

545functional coverage, 428functional requirement, 152, 155–56, 158, 160,

409, 416functional testing, 400–401, 416–20

Index 629

G

Gantt charts, 263–64generic benchmarking, 8Gilb’s risk principle, 282glass-box testing, 396–97goal/question/metric paradigm, 324–25“gold-plating,” 161good-enough software, 402graphs, for metrics reporting, 351–55gray-box testing, 397–400group dynamics, 52grouped bar charts, 352–54groups, diverse, working with, 52–54guidelines, 17, 69guides, 17

H

hackers, 74, 155, 300haphazard sampling, 362hardware

dependencies, 557in functional testing, 417in test beds, 438

harnesses, test, 440hash sums, 476Hawthorne effect, 319hazard analysis, 301–3high-level design review, 275histograms, 375–76horizontal prototypes, 165human factors, in metrics and measurement,

322human factors studies, 171–72humans, as users in functional testing, 417

I

IDEAL model, SEI, 101IEEE Computer Society, 19IEEE software engineering standards, 19–21impact analysis, in configuration control,

528–30incremental change, 26incremental deployment, in extreme

programming, 211incremental design, in extreme

programming, 210

incremental development, 140–42, 144incremental requirements development,

154independent test team, 400independent variable, 372information hiding, 147, 199information radiators, in crystal, 251–52informative workspaces, in extreme

programming, 208, 251infrastructure plans, 231inheritance, in object-oriented analysis and

design, 198initiator, audit, 113in-process software configuration

management audits, 544–45input, 65input/output-driven testing, 400–401inspection, in requirements coverage, 427inspection leader (audit team member),

456–57inspection package, 459–60inspections

versus desk checks and walk-throughs, 450–51

inspection meeting step, 461–63kickoff meeting step, 458–59, 460planning step, 458–60post-meeting steps, 464preparation step, 460–61process and roles, 456–58and reviews, 444–65soft skills for, 464–65

inspectors (inspection team members), 458installability (quality attribute), 158installation, software, 555–57installation testing, 477instrumentation, in test beds, 438integrated master schedules, 264–65integrated product team (IPT), 86–87integration complexity, 334integration testing, 415integrity (quality attribute), 157intellectual property rights, 12–13interaction diagram, 178interface, 3, 82, 146, 147, 159interface coverage, 430intermediate installation media, 556–57internal attributes, of entity, 308internal audits, 109–10internal benchmarking, 8internal failure cost of quality, 90

630 Index

internal logical file, function type, 327internal validity, of metric, 310International Function Point Users Group

(IFPUG), 327International Organization for

Standardization (ISO), 17internationalization, 555internationalization configuration coverage,

430–32internationalization testing, 430Internet, 149–50interoperability (quality attribute), 157interrelationship digraph, 381–82interval scale measurement, 318interviews, 45–47

in requirements elicitation, 162intranet, 15intrinsic motivation, 30Ishikawa diagram, 370–71ISO 9000 standards, 17–18ISO/IEC 9126 standard series, 3ISO/IEC 14598 standard series, 3ISO/IEC 25000 Software Engineering—

Software Product Quality Requirements and Evaluation (SQuaRE) standard series, 3, 158

item changes, tracking, 521–22iterative model, of software development,

136, 142

J

Jelinski-Moranda (J–M) model, 337–38joint application design/development (JAD),

163judgmental sampling, 362–63Juran, Joseph M., 3

K

Kano model, of quality, 5–6Kiviat chart, 357–59knowledge, types of, 28–29knowledge transfer, 28–29

L

labeling, 508–9

labor costs, in project planning, 240lead auditor, 114–15leaders, effective, qualities of, 25–26leadership

definitions, 25organizational, 26–34situational, 32–34styles of, 33–34

leadership skills, 25–47lean client, in client–server architecture, 148lean techniques, 97–99legal compliance and issues, 12–15legal risks, 290lessons learned

in benchmarking, 9in corrective action process, 101in document studies, 164engineering process groups and, 49in inspections, 462–463as process assets, 228in projects, 279–280and software configuration managment,

483, 485, 550and standard processes, 64in the test report, 473and V&V techniques, 221

level of effort work activities, 220library processes, 489–99license keys, 477licenses, software, 13life cycles, software development, 130–45line coverage, 433line graphs, 352lines of code (LOC), 326linkers, 488load/volume/stress testing, 420loaders, 488localization, 555localization testing, 430

M

magnitude, in software configuration management identification, 504

maintainabilitymetric, 339quality attribute, 158, 202

maintenance, softwaremanagement, 213–17strategy, 215–17

Index 631

types, 213–15major milestone reviews, 275–77major nonconformance, in audit, 125malicious code, 300malpractice (tort), 14management, and peer reviews, 448–49management reviews, 278–79management risks, 290management system objectives, in project

deployment, 255managers, and peer reviews, 446–47manufacturing, verification and validation

activities for customer deliverables, 476–77

manufacturing perspective, of quality, 3mapping system, for measurement, 308,

312marketing requirements document (MRD),

160Maslow’s hierarchy of needs, 30–31master library, 490–91mathematical proofs, 388matrix diagrams, 379–81McCabe’s cyclomatic complexity. See

cyclomatic complexitymean

calculating the statistical mean, 315time to change , 339time to failure, 212, 337time to fix, 310, 339

measurementdefinition, 308–9do’s and don’ts, 320–21

measurement error, 366measurement method, 308–9measurement theory

basic, 314–18and metrics, 306–22terminology, 307–14

median, 315meeting management, 38–40meetings, audit team, 124–25mental execution, in desk checks, 452–53mentoring, 31–32merging, software configuration

management library process, 498–99messaging system architectures, 150method, in object-oriented analysis and

design, 199methodologies, for quality management,

89–106

metricscustomers of, 323–24definition, 307–8do’s and don’ts, 320–21and measurement theory, 306–22psychology of, 319–22software, 325–39terminology, 307–14test results, 472

metrics primitives, 312–13metrics providers, role in data collection,

364–65metrics reporting tools, 351–59migration, software, 216milestone objectives, in project deployment,

255minor nonconformance, in audit, 125mock-ups, 165modality, in entity relationship diagrams,

175–76mode, 315model-based estimation techniques, 236–40models, 16–24

definition, 17moderator (inspection team member), 456–57modifier operations, in object-oriented

analysis and design, 199motivation, 29–31

theories of, 31types of, 30

multicultural environments, working in, 47multiple condition coverage, 435multitier architecture, 147–48multivoting, 58

N

negative correlation, 372negative risks, 282negligence (tort), 14negotiate scope, 210–11negotiation, techniques, 37–38Nichols, Dr. Ralph, 43nominal group technique (NGT), 56nominal scale measurement, 316–17nonconformances, in audits, 125nonfunctional requirements, 158–59nonverbal listening, 45norming, phase of team development, 52n-tier architecture, 147–48

632 Index

O

Object Management Group (OMG), 17, 172objective evidence

definition, 122–23techniques for gathering, 123–24

objectivity, 108object-oriented analysis and design (OOAD),

198–99objects, in object-oriented analysis and

design, 198observation, in audit, 125–26offshore, 79Open Web Application Security Project

(OWASP), security principles, 301open-ended questions, 45–46opening meeting, of an audit, 122operating system, as user in functional

testing, 417operational profile testing, 419–20operational testing, 478operations, in object-oriented analysis and

design, 198–99operator documentation, 182–83, 276, 404, 523opportunities, in risk management, 282oral communication, 42ordering, verification and validation

activities for customer deliverables, 476–77

ordinal scale measurement, 317–18organizational change management, 26–28organizational leadership, 26–34organizational objectives, in project

deployment, 255organizational process assets, in project

planning, 228output, 68–69outsourcing, 79–88

acquisition process, 80–87

P

packaging, 553, 554pair programming, in extreme

programming, 209–10Pareto analysis, 369Pareto chart, 369–70Pareto principle, 369partial release, 554patch release, 551, 554

patents, 12path, 433peer reviewers, selecting, 446–49peer reviews

benefits of, 445–46of customer deliverables, 475definition, 444formal versus informal, 449–50objectives of, 444–45risk-based, 451–52soft skills for, 464–65types of, 450–51what to review, 446

perfective software maintenance, 214performance (quality attribute), 157performance testing, 420performing, phase of team development, 52personnel objectives, in project deployment,

255personnel risks, 290Peters, Tom, 2phase containment effectiveness, 348phase gate reviews, 275–77phase transition control, 261–66phase transition reviews, 275–77phase-end reviews, 275–77phases of a life cycle, 130, 134–35physical characteristics, of configuration

item, 505physical configuration audit (PCA), 544,

547–48pie charts, 352piloting, dynamic analysis technique, 389pilots, of customer deliverables, 475plan–do–check–act (PDCA) model, 93planning

project, 225–40in quality management system, 76–78

planning and estimation, in software configuration management identification, 504

planning poker technique, 234platform configuration coverage and testing,

430polar chart, 357–59polymorphism, 199portability (quality attribute), 158positive correlation, 372positive risks, 282post-architecture, in COCOMO II model, 236post-conditions, in use cases, 168

Index 633

post-mortems, 279–80post-project reviews, 279–80preconditions, in use cases, 168predictability, in measurement validity, 310predictive validity, of metric, 310preferred supplier relationship, 87–88preliminary design review, 275presenter (inspection team member), 457prevention cost of quality, 90preventive action, 104preventive software maintenance, 214–15prioritization graph, 59–60prioritization matrix, 58–59problem report backlogs, 333–34problem reports

responsiveness metrics, 343–45as test execution documentation, 471–72

process, definition, 64process architecture, 69process assets, organizational, in project

planning, 228process audits, 112process capability metrics, 351process change control board (PCCB), 103process entities, 339–40process flow diagram, 65–69, 173process improvement models, 93–99process improvement opportunities, in

audits, 126process improvement plan, 229process mapping, 65–69process measurement, 323–59process metrics, 339–51process models, software development,

130–45process owner teams, 49process stakeholders, 74processes

project-specific, 71–72standardized, and quality management

system, 64–69tailored, 71–72

process-type cause-and-effect diagram, 370procurement objectives, in project

deployment, 255product acceptance, 87, 426product acceptance plan, 229product architecture, in software

configuration management identification, 503

product attributes, 158–59

product audits, 112, 389product backlog, in scrum, 249product baselines, in software configuration

management identification, 513product distribution, and release, 551–58product evaluation, software, 390–93product functional requirements, 156–57product keys, 477product liability (tort), 14product limitations, in requirements

elicitation, 161product measurement, 323–59product owner, in scrum, 248product perspective, of quality, 3product problem resolution, 99–101product quality and reliability objectives, in

project deployment, 255product release, 551–58

and distribution, 551–60product releases, types of, 551–52product scope, in requirements elicitation,

161product stakeholders, 72–73product technical objectives, in project

deployment, 255product vision, in requirements elicitation,

161production baseline, in software

configuration management identification, 513

productivity, tracking, 272program, definition, 280–81program evaluation and review technique

(PERT), 234–35program reviews, 280–81programmer’s library, 490project, definition, 220project audits, 112project charter, 221, 227–28project closure, 222project closure plan, 229project communications, 256–57project controlling, 258–81project corrective action, 265–66project deployment, 253–57project drivers, 223–24project estimation, 232–33project execution, 222project forecasting, 232–33project initiation, 221project management, 219–303

634 Index

project manager, in requirements management, 183

project metricsagile, 251–52selecting, 274

project monitoring and controlling, 222project objectives, 254–55project organization plans, 230–31project planning, 221, 225–40

goals for, 224project plans, 225–26project reviews, 274–80project scheduling, 240–52project stakeholders, 73project team reviews, 277–78project tracking, 258–81

methods, 267–74project vision and scope document, 160proof of correctness, 388proofs of concept, 165prototypes, in requirements elicitation, 165prototyping, in COCOMO II model, 236Public Company Accounting Reform and

Investor Protection Act of 2002, 14–15

Q

qualitydefinitions of, 2perceptions of, 2–4

quality action teams, 48–49quality analysis tools, 368–84quality assurance, xxi–xxiiquality attributes, 157–58

and design, 200–202quality circles, 48–49quality control, xxiiquality council, 48quality engineering, xxi, 97, 98quality function, in requirements

management, 182quality gates, 262–63quality goals, 62–72quality improvement teams, 48–49quality management, methodologies for,

89–106quality management system (QMS), 62–88

documentation, 63quality management teams, 48quality objectives, 62–72

quality plans, product-level, 71quality policies, 64quality principles, 2–9quality records, 69, 560quarterly cycle, in extreme programming,

208–9questions, types of, 45–46

R

race condition, 400, 409radar chart, 357–59random audit, 120random sampling, 361range, 315ranked-choice method, 58rapid application development (RAD), 142ratio scale measurement, 318Rayleigh curve, 239–40Raytheon Electronic Systems (RES), cost of

quality example, 91–92reader (inspection team member), 457ready-to-release review, 276–77ready-to-ship review, 276–77ready-to-test review, 510real customer involvement, in extreme

programming, 210recognition, in motivation, 30recorder

configuration control board role, 525inspection team member, 457team, 50–51

recovery, 300, 559, 483, 485reengineering, 204refactoring, in software development, 136–38reflection, in extreme programming, 280regression analysis, 424regression testing, 424–25regulations, 17regulatory compliance and issues, 12–15reinforcement theory, of motivation, 31release backlog, in scrum, 250–51release management data, 541release notes, 523, 554release packaging, 554–55release planning and scheduling, 552–54release support, 558reliability

in measurement, 309–12quality attribute, 157, 201

Index 635

reliability metric, 337–38replication, software, 555–56reproducibility, of software builds, 514–15request for proposal (RFP), 82requirement, definition, 152requirements

not testable, in requirements coverage, 428prioritizing, 188–89types, 155–60

requirements allocation and traceability, in software configuration management identification, 504

requirements analysis, 154, 172–80requirements analysts, 182requirements baseline, 154–55requirements change management, 190requirements churn, 161, 334–37requirements coverage, 427requirements development, 153–54requirements elicitation, 153–54, 160–72

miscellaneous techniques, 164–65requirements engineering, 152–80

process, 152requirements evaluation, 184–89requirements management, 155, 181–94

participants, 181–83requirements management plan, 229requirements review, 275requirements specification, 154, 160requirements validation, 154requirements volatility, 334–37resource plans, 230resource risks, 290resource utilization, metric, 339resource utilization testing, 421resources, tracking, 273response time, metric, 339responsibility and authority, in software

configuration management identification, 504

retirement, software, 217retrospectives, 279–80return on investment (ROI), 249, 290, 295,

323reusability (quality attribute), 158, 202reuse

software, 203–5in software configuration management

identification, 503–4reverse engineering, 204–5review, definition, 444

reviews, and inspections, 444–65revision, definition, 523rewards, in motivation, 30rework, reduction of, in software quality, 4–5rich client, in client–server architecture,

148–49risk, definition, 283risk analysis, 290–92risk exposure (RE), 291risk identification, 286–90risk loss, 291risk management, 282–303

methods, 285–99planning, 293–97process, 285–86

risk management plan, 229, 285–86risk mitigation action, 285, 295, 297risk probability, 291risk reduction leverage (RRL), 295–97risk response strategies, 285risk statement, 289risk taxonomy, 288risk tracking, 298–99risk-based peer reviews, 451–52risk-based testing, 401risk-based verification and validation, 391–93risk-handling options, 285risks

in risk management, 282software, types of, 290

robustness (quality attribute), 158root cause analysis, 382–84run charts, 373–75

S

safety (quality attribute), 157, 201safety analysis, 301–3safety-critical software, 302sampling, 360–63Sarbanes-Oxley Act (SOX), 14–15Satir change model, 27–28scatter diagrams, 372–73schedule objectives, in project deployment,

255schedule performance index (SPI), 268–69schedule variance, 268–69scheduling, project, 240–52scope, in software configuration

management identification, 504

636 Index

scope creep, 334–37screener, configuration control board role,

525scribe. See recorderscrum, 248–51, 278scrum master, 248–49scrum team, 248–49S-curve run chart, 374–75second-party audits, 110–11security

designing for, 200–201, 201–2, 300quality attribute, 157, 200–201

security coverage, 430security hole, 300security principles, OWASP, 301security risks, software, 299–31security testing, 430SEI. See Software Engineering Institutesequence diagrams, 172, 178service level agreement, 343, 558service mark, 13service pack, 551set-based development, 98shared code, in extreme programming, 211Shewhart cycle, 93shipping, verification and validation

activities for customer deliverables, 476–77

simulation testing, 402simulators, in test beds, 438single code base, in extreme programming,

211site installation history data, 541situational leadership, 32–34Six Sigma, process improvement model,

94–97, 101Six Sigma teams, 48–49size metrics, 326–28slack

in activity networks, 244in extreme programming, 209

SLIM. See software life cycle management model

slim client, in client–server architecture, 148soft skills, for peer reviews and inspections,

464–65software analysis, 195–212Software and Systems Engineering

Standards Committee, IEEE, 19software applications, as users in functional

testing, 418

software architecture. See architectural design

software build, 487, 513–15creating, 492testing, 493

software configuration auditing, 481software configuration control, 480, 516–43software configuration identification, 480software configuration management (SCM),

479–560 in audits, 119data, types, 541definition, 479–80organizational-level group roles and

responsibilities, 483project data, 541project-level group roles and

responsibilities, 483–85risks associated with lack of good SCM

practices, 481special roles and responsibilities, 485–86

software configuration management audits, 544–50

software configuration management build tools, 487–88

software configuration management change management tools, 488–89

software configuration management librarians, 485

software configuration management libraries, 489–90

software configuration management library processes, 489–99

software configuration management library tools, 486

software configuration management managers, 485

software configuration management plan, 229

software configuration management planning and management, 481

software configuration management status accounting tools, 489

software configuration management toolsmiths, 485

software configuration management version control tools, 486–87

software configuration status accounting, 480

software delivery, 555–57software dependencies, 557–58

Index 637

software design, 195–212steps in, 196

software design specification (SDS), 194software development, 195–212

methods, 206–12tools, 205

software development life cycles, 130–45, 228–29

software development process models, 130–45

software development processes, 228–29Software Engineering Institute (SEI), 21

Capability Maturity Model Integration (CMMI), 21–24

software engineering processes, 129–217software installation, 555–57software license, 13software life cycle management (SLIM)

model, 239–40software maintenance

management, 213–17types, 213–15

software maintenance strategy, 215–17software metrics, 325–39

and analysis, 305–84software migration, 216software practitioners, in software

configuration management, 486software product baseline library, 491software product entities, 325–26software product evaluation, 390–93software product partitioning, 501–5software quality, benefits of, 4–6software quality assurance plan, 229Software Quality Engineer Certification,

Body of Knowledge (Appendix A), 561–71

software quality management, 61–127software replication, 555–56software repository, 491software requirements, versus system

requirements, 159–60software requirements specification (SRS),

160software retirement, 217software reuse, 203–5software risks, 290software security risks, 299–301software testing, levels of, 414–16software tests, 414–25software tools, in test beds, 438

software verification and validation (V&V), 385–478

methods, 388–90risk-based, 391–93sufficiency, 389task iteration, 389–90theory, 386–93

software work product, creating new, 491–92source code, 87, 195, 203, 204–5, 341, 436–37,

487, 506, 508, 513, 530–33, 555V&V techniques for, 391

special cause variation, 378spider chart, 357–59spiral model, of software development,

133–35sponsor, 27, 50, 81sprint, in scrum, 249–51sprint backlog, in scrum, 250–51sprint planning meeting, in scrum, 249–50sprint retrospective, in scrum, 251sprint retrospective meeting, 280sprint review, in scrum, 251sprint review meeting, 277stacked bar charts, 354staff turnover, 273staffing, tracking, 273staffing plans, 230stakeholder functional requirements, 155–56stakeholder participation plans, 74–76stakeholders, 72–76

benefits of identifying and involving, 74identifying, in project initiation, 221needs and motivations, 76in requirements elicitation, 161in requirements management,

miscellaneous, 183standard deviation, 94, 315–16standardized checklists, 550standardized processes, and quality

management system, 64–69standardized work instructions, 69–71standards, 16–24

definition, 16state coverage, 428–29state transition, 176state transition diagrams and tables, 172, 176statement coverage, 433static analysis, 388static cycle time, 340–41static library, 491static reliability models, 337

638 Index

statistics, basic, 314–18status accounting, 539–43status reporting, 542–43stoplight charts, 356stories, in extreme programming, 208storming, phase of team development, 51–52storyboards, in requirements elicitation, 171stratified sampling, 361–62stress testing, 420strict product liability (tort), 14structural complexity, 329–30structural patterns, 200structural testing, 396–97structured analysis and design (SAD),

196–97stubs, 438–39subsidiary project plans, 229–30supplier audits, 110–11supplier components, tests of, 425–26supplier management, in outsourcing, 85–87supplier management plan, 229supplier products, tests of, 425–26supplier qualification audit, 111supplier surveillance audit, 111suppliers

identifying and evaluating potential, in outsourcing, 82–83

selecting, in outsourcing, 83–84as stakeholders, 73

support, software release, 558supportability (quality attribute), 158system analysts, 182system architecture, 146, 159, 196system audits, 112system library, 490–91system performance metrics, 338–39system requirements, versus software

requirements, 159–60system testing, 415system verification matrix, 427systematic sampling, 361systems architecture, 146–51systems engineering processes, 129–217

T

tacit knowledge, 28–29tailoring, 67, 71–72task, in process definitions, 65team champion, 49–50

team colocation, in extreme programming, 208

team continuity, 210team facilitator, 50team leader, 50team management, 49–54team skills, 48–60team tools, 55–60teams

in extreme programming, 208roles and responsibilities, 49–51stages of development, 51–52types of, 48–49

technical reviews, 465technical risks, 290technical support, in requirements

management, 183technical writers, in requirements

management, 182–83templates, 69, 105, 44310-minute build, in extreme programming,

210test automation, 402–3test beds, 438test case review technique, in desk checks,

453test cases, 468–69test coverage, 426

of code, 334test coverage specifications, 426–32test design, and planning, 394–443test designs, 406–13test diagnostic tools, 442test drivers, 439–40test environments, 438–41

controlled, 440–41test execution, 467–68

documentation, 466–78test harnesses, 440test libraries, 440test log, 470–71test management tools, 443test matrix, 427test planning, and design, 394–443test plans, 403–5test procedures, 469–70test readiness review, 276test report, 472–73test results, data and metrics, 472test scenarios, 469–70test scripts, 469–70

Index 639

test strategies, 396–403test summary report, 472–73test tools, 441–43test utilities, 441–42testability, 445, 453test-driven design (TDD), 136–38, 401test-driven development (TDD), 136–38, 401testers, in requirements management, 182test-first programming, in extreme

programming, 210testing

customer/user, 477–78definition, 394installation, 477

thick client, in client–server architecture, 148–49

thin client, in client–server architecture, 148third-party audits, 111thread, 419–20

versus path, 433throughput, metric, 338throwaway prototypes, 165tiger team, 49time box, definition, 401time-box testing, 401–2tool administrators, in software

configuration management, 485tools

configuration management, 486–89metrics reporting, 351–59quality analysis, 368–84software development, 205team, 55–60test, 441–43test diagnostic, 442test management, 443virus detection and removal, 488

top-down gray-box testing, 398–99, 400tort, 13–14total defect containment effectiveness

(TDCE), 349trace tagging, 194traceability

definition, 190in impact analysis, 530

traceability matrix, 192tracing, audit technique, 124tracking

of item changes, 521–22in measurement validity, 310

trademarks, 13–14

training plans, 231transcendental perspective, of quality, 2tree diagrams, 379trouble report, 471–72

U

Unified Modeling Language (UML), 172Unified Modeling Standards Language, 17unit test specification, 194unit testing, 414usability

characteristics of, 421–22quality attribute, 157, 202

usability testing, 421–22use case diagram, 167use cases, in requirements elicitation,

166–71user, versus actor, 166–67user/customer testing, 477–78user documentation, 182–83, 276, 404, 523user perspective, of quality, 3user requirements specification (URS)

document, 160user stories, in requirements elicitation, 166users

four classes, in functional testing, 417–18in requirements management, 181as stakeholders, 72–73

V

validationdefinition, 386of requirements, 154

validity, in measurement, 309–12value adjustment factors, 327–28value stream mapping, 98value-based perspective, of quality, 4variance, 316verbal listening, 45verification, definition, 386verification and validation (V&V), software,

385–478of customer deliverables, 476–77methods, 388–90risk-based, 391–93sufficiency, 389task iteration, 389–90

640 Index

of test tools, 441theory, 386–93

verification and validation plan, 229, 393

verification step, in process definition, 65, 67–69

version, definition, 522version control, 522–23version description document (VDD), 523,

554vertical prototypes, 165virus detection and removal tools, 488visibility, in software configuration

management identification, 505V-model, of software development, 132

and testing, 394volume testing, 420

W

walk-throughs, 455–56versus inspections and desk checks,

450–51waste, in software development, 97–98waterfall model, of software development,

130–32web architecture, 149–50

weekly cycle, in extreme programming, 209white-box testing, 396–7

in regression testing, 424wideband Delphi technique, 234width metric, 330wireless network access, 150W-model, of software development, 132–33work breakdown structure (WBS), 241–42work instructions

project-specific, 72standardized, 69–71tailored, 72

work productcontrolled, modifying, 493–94externally delivered, 502software, creating new, 491–92supplier, in software configuration

management identification, 505work product dispositions, 463working library, 490worst-case testing, 422–23written communication, 43

Y

Yourdon/DeMarco symbols, for data flow diagrams, 173