Measuring software product quality: a survey of ISO/IEC 9126

To address the issues of software product quality, the Joint Technical Committee 1 of the International Organization for Standardization and International Electrotechnical Commission published a set of software product quality standards known as ISO/IEC 9126. These standards specify software product quality's characteristics and subcharacteristics and their metrics. Based on a user survey, this study of the standard helps clarity quality attributes and provides guidance for the resulting standards.     

Validating the ISO/IEC 15504 measure of software requirementsanalysis process capability

ISO/IEC 15504 is an emerging international standard on software process assessment. It defines a number of software engineering processes and a scale for measuring their capability. One of the defined processes is software requirements analysis (SRA). A basic premise of the measurement scale is that higher process capability is associated with better project performance (i.e., predictive validity). The paper describes an empirical study that evaluates the predictive validity of SRA process capability. Assessments using ISO/IEC 15504 were conducted on 56 projects world-wide over a period of two years. Performance measures on each project were also collected using questionnaires, such as the ability to meet budget commitments and staff productivity. The results provide strong evidence of predictive validity for the SRA process capability measure used in ISO/IEC 15504, but only for organizations with more than 50 IT staff. Specifically, a strong relationship was found between the implementation of requirements analysis practices as defined in ISO/IEC 15504 and the productivity of software projects. For smaller organizations, evidence of predictive validity was rather weak. This can be interpreted in a number of different ways: that the measure of capability is not suitable for small organizations or that the SRA process capability has less effect on project performance for small organizations     

Validating the external quality subcharacteristics of software products according to ISO/IEC 9126

The study statistically tests the proposition of the ISO/IEC 9126 standard that higher external quality (quality when software is executed) implies higher ‘quality in use’. For this purpose, the study based on 75 user survey data shows that individual external quality subcharacteristics are positively associated with user satisfaction as defined in ‘quality in use’. This study also investigates the external quality subcharacteristics that strongly influence user satisfaction. Our results provide guidance for the revision of the Standard as well as supporting management decisions (i.e., resource allocation) aimed at improving software product quality.     

解读ISO/IEC17799:2000

前言 以数字化、网络化为主要特征的信息时代正快步走来,越来越多的机构,如:政府部门、学校、企业事业单位等已经或正在建立自己的计算机网络系统、计算机信息系统,逐步实现机构业务信息、业务数据的数字化、网络化。网络技术、Internet技术的进步以及人们对数字化信息共享、交流、处理的需要促使机构逐渐开放其信息系统并通过网络把它和其他机构的信息系统相连,形成一个全球化的数字化信息网络。在促进信息的     

Frameworks for quality software process: SEI Capability Maturity Model versus ISO 9000

With the historical characterization of software development as being costly due to massive schedule delays, incorporation of the ever-changing technology, budget reductions, and missing customer requirements, the trend of the 1990s in establishing a quality improvement or a quality assurance programme has been over-whelming. The two popular models or frameworks for assessment of a quality assurance programme are the US government-sponsored Capability Maturity Model (CMM) and the internationally recognized ISO-9000 quality standards. Both of these two frameworks share a common concern regarding software quality and process management. Since it is not clear which of these two frameworks is most effective in achieving their shared objectives, it is valuable and timely to provide an objective overview of both models and to compare and contrast their features for quality software development. Because there are many legitimate areas for comparison, we have selected the two most important as a basis for comparison: (1) the role of management, and (2) the application of measurements. We also provide a summary of the reported impact of these two models on the organizations adhering to their standards, and include our observations and analysis.     

Enhancing ISO/IEC 15288 with reuse and product management: An add-on process reference model

To support the transformation of system engineering from the project-based development of highly customer-specific solutions to the reuse and customization of ‘system products’, we integrate a process reference model for reuse- and product-oriented industrial engineering and a process reference model extending ISO/IEC 12207 on software life cycle processes with software- and system-level product management. We synthesize the key process elements of both models to enhance ISO/IEC 15288 on system life cycle processes with product- and reuse-oriented engineering and product management practices as an integrated framework for process assessment and improvement in contexts where systems are developed and evolved as products.     

软件过程风险评估方法研究

随着科技的突飞猛进,软件工程的不断革新,在软件开发的过程中,由于每项软件活动之间都存在着一定的风险,所以为了保证软件工程的健康平稳的发展,应该采用风险评估的研究方法对其进行监控,在软件生产的过程中,发生偏离最佳实践的风险就叫做软件过程的风险,本文通过根据建立在CMMI中的过程域的风险评估体系,并采用每个过程域的模糊综合评估,进而监控软件风险与质量,通过实例分析,进一步说明该风险评估的方法符合软件工程建模的要求。     

软件质量综合评价方法研究

根据软件产品质量特点，给出质量综合模糊评价模型，并对模型中定量化方法作了较详细地讨论。     

The EMISQ method and its tool support-expert-based evaluation of internal software quality

There is empirical evidence that internal software quality, e.g., the quality of source code, has great impact on the overall quality of software. Besides well-known manual inspection and review techniques for source code, more recent approaches utilize tool-based static code analysis for the evaluation of internal software quality. Despite the high potential of code analyzers the application of tools alone cannot replace well-founded expert opinion. Knowledge, experience and fair judgment are indispensable for a valid, reliable quality assessment, which is accepted by software developers and managers. The EMISQ method (Evaluation Method for Internal Software Quality), guides the assessment process for all stakeholders of an evaluation project. The method is supported by the Software Product Quality Reporter (SPQR), a tool which assists evaluators with their analysis and rating tasks and provides support for generating code quality reports. The application of SPQR has already proved its usefulness in various code assessment projects around the world. This paper introduces the EMISQ method and describes the tool support needed for an efficient and effective evaluation of internal software quality.     

The applicability analysis of ISO/IEC 9126 series of standards in telecom sector: the example of softswitch category of software

A software application called a softswitch is considered within the telecom industry as critical for the proper operation of most telecommunication systems. This paper presents the results of the research for a solution for methodically evaluating the internal quality of a softswitch dedicated to developers and acquirers alike. The resulting solution is designed in form of a prioritized two-part evaluation grid containing measurements of internal quality attributes of software as defined by the technical report ISO/IEC 9126-3. The elaboration of such a grid had the basic objective of giving developers and acquirers of a softswitch the tool to evaluate its internal quality when being purchased or developed in order to assess its design and code prior to its installation. This document also presents the applied research methodology, the proposed solution and recommendations for its use.

An approach for business process model registration based on ISO/IEC 19763-5

To facilitate business collaboration and interoperation among enterprises, it is critical to discover and reuse appropriate business processes modeled in different languages and stored in different repositories. However, the formats of business process models are very different, which makes it a challenge to fuse them in a unified way without changing their original representations and semantics. To solve this problem, this paper uses semantic interoperability technique which is able to transform heterogeneous process models into uniform registered items. Based on the general and unambiguous metamodel for process model registration (PMR for short) in ISO/IEC 19763-5 that we proposed before, in this article, we provide a generic process model registration framework for registering heterogeneous business process models to facilitate semantic discovery of business processes across enterprises, and promote process interoperation and business collaboration. Considering that Event-driven Process Chain (EPC) is a popular process model widely used in the industry, we focus on the mapping rules and related specific transformation algorithms from EPC to PMR as an instantiation of our framework and develop an automatic process model registration tool for EPC. Moreover, we conduct a series of experiments to verify the correctness and efficiency of our proposed framework by leveraging the real data set of 604 EPCs from SAP.     

ISO/IEC standardization of identity management and privacy technologies

To cover projects in the area of identity management, privacy, and biometrics ISO/IEC JTC 1/ SC 27 “IT Security techniques” in 2006 established Working Group 5 “Identity Management and Privacy Technologies”. This text describes the reasoning to have this Working Group within SC 27 and introduces WG 5 and its projects.     

The Scrum software development process for small teams

In today's software development environment, requirements often change during the product development life-cycle to meet shifting business demands, creating endless headaches for development teams. We discuss our experience in implementing the Scrum software development process to address these concerns     

A method for software quality planning, control, and evaluation

Squid is a method and a tool for quality assurance and a control that allows a software development organization to plan and control product quality during development. The Telescience software development project used it to build a remote monitoring and control system based in Antarctica     

一种基于ISO/IEC 7816的COS的设计与实现

文中通过对智能卡协议规范ISO/IEC 7816的研究,提出了一种应用于安全芯片的COS系统的设计方案。该系统能够有效地调用安全芯片中非对称算法RSA及国密对称算法SM1等算法资源。其中,生成的RSA私钥可以得到有效地保护和存储,私钥加密用作数字签名,对应的RSA公钥用于对数字签名的验签;SM1算法用于加密通信,对报文进行加解密处理,实现信息的安全防护。测试结果及试点情况表明这种设计方案具有实际的应用价值和良好的使用效果。     

Transitioning international software engineering standards to academia: Analyzing the results of the adoption of ISO/IEC 29110 in four Mexican universities

Software standards, targeted for the software industry, were developed to contribute to the development of quality products within budget and schedule, by optimizing efforts and resources. For small companies, the largest percentage of software companies in Mexico, they are fundamental for their growth and survival. However, academic programs do not always match industry requirements. In previous studies, the curricula in Computer Science and Informatics, and Software Engineering, of 4 Mexican universities, were compared with two software industry standards: the MoProSoft standard, a Mexican standard designed for organizations having up to 50 people and the Basic profile of the ISO/IEC 29110 developed specifically for organizations having up to 25 people. The analysis of the academic programs showed a better coverage of ISO/IEC 29110 than MoProSoft. In this paper, these two standards are mapped to understand the results of the analysis in detail and provide recommendations regarding academic programs. The analysis provides an evidence that the processes of the Basic profile of ISO/IEC 29110 are better covered by the universities curricula because the processes provides the minimal set of practices to be performed while a project is executed from the beginning until the delivery of a software. In addition, this mapping presents a clear differentiation between these two standards that might help Software Development Centers to understand where to start in the implementation of one of them.     

基于ISO/IEC17025的LIMS设计及实施策略

为提高检测实验室管理水平,LIMS的应用必不可少,将信息技术与实验室现有的质量管理体系相结合,构建符合ISO/IEC17025:2005标准的信息平台是LIMS的发展方向。该文以实例介绍了一个基于ISO/IEC17025的实验室信息管理系统(LIMS)产生、设计思想、实施策略以及实施取得效果。     

Evaluation of the implementation of a subset of ISO/IEC 29110 Software Implementation process in four teams of undergraduate students of Ecuador. An empirical software engineering experiment

The competitiveness of software development companies depends on their ability to offer software products with quality attributes within approved budget and schedule. Most Very Small Entities (VSEs) that develop software do not see the benefits of implementing software standards. Consequently, they limit their potential to be recognised as quality software development entities. In this study, the authors present results obtained through the application of empirical software engineering in an experiment in which the ISO/IEC TR 29110–5–1–2 “Software engineering – Lifecycle profiles for Very Small Entities (VSEs) – Part 5–1–2: Management and engineering guide: Generic profile group: Basic profile” was used. The guide includes two processes: Project Management (PM) process and Software Implementation (SI) process. The objective of the project was the development of a software product for the scheduling of medical appointments for the Student Wellness Center of a university of Ecuador. Four teams of undergraduate students were involved. Two of them (controlled teams) implemented a subset of the SI process, while the other two (non-controlled teams) had freedom to choose development activities that were subsequently mapped with the activities of the standard. All teams developed the software product using the SCRUM framework within the same timeframe. Although the experiment was focused on the SI process, the teams also used a tailored version of the PM process defined by the professors. The experiment execution encountered several difficulties. For example, the timeframe of six weeks established in the design of the experiment was too short since students worked part time in the project. All the teams experienced this difficulty, especially when they had to construct and test the software components. Overall, the teams that used the ISO/IEC TR 29110–5–1–2 guide achieved better scores in the quality evaluation of their software processes.     

基于ISO/IEC 10646标准的藏文编码转换的设计与实现

目前,国内少数民族地区的书报印刷行业大多使用北大方正、华光藏文排版系统。这些软件的编码各异,致使有限的藏文资源无法实现交换和共享,造成这种现象的原因是各种软件编码体系不一致。解决这个问题的根本途径是将各种不同体系的藏文编码转换为符合国际标准的编码。该文以华光Windows藏文字符编码为例,首先对每个藏文字符进行构字分析,然后采用分表分组技术构造出每个字符符合ISO/IEC 10646标准的编码序列,最后采用hash技术优化查询算法,实现非标准的藏文字符编码向标准编码序列转换。