A Quality Software Process for Rapid Application Development

Software organizations can significantly improve the quality of their output if they have a defined and documented software process, together with the appropriate techniques and tools to measure its effectiveness. Without a defined process it is impossible to measure success or focus on how development capability can be enhanced. To date, a number of software process improvement frameworks have been developed and implemented. However, most of these models have been targeted at large-scale producers. Furthermore, they have applied to companies who use traditional development techniques. Smaller companies and those operating in development areas where speed of delivery is paramount have not, as yet, had process improvement paradigms available for adoption.This study examined the software process in a small company and emerged with the recommendation of the use of the Dynamic Systems Development Method (DSDM) and the Personal Software Process (PSP) for achieving software process improvement.     

Frameworks for quality software process: SEI Capability Maturity Model versus ISO 9000

With the historical characterization of software development as being costly due to massive schedule delays, incorporation of the ever-changing technology, budget reductions, and missing customer requirements, the trend of the 1990s in establishing a quality improvement or a quality assurance programme has been over-whelming. The two popular models or frameworks for assessment of a quality assurance programme are the US government-sponsored Capability Maturity Model (CMM) and the internationally recognized ISO-9000 quality standards. Both of these two frameworks share a common concern regarding software quality and process management. Since it is not clear which of these two frameworks is most effective in achieving their shared objectives, it is valuable and timely to provide an objective overview of both models and to compare and contrast their features for quality software development. Because there are many legitimate areas for comparison, we have selected the two most important as a basis for comparison: (1) the role of management, and (2) the application of measurements. We also provide a summary of the reported impact of these two models on the organizations adhering to their standards, and include our observations and analysis.     

Characterizing and evaluating the quality of software process modeling language: Comparison of ten representative model-based languages

Software organizations are very conscious that deployments of well-defined software processes improve software product development and its quality. Over last decade, many Software Process Modeling Languages (SPMLs) have been proposed to describe and manage software processes. However, each one presents advantages and disadvantages. The main challenge for an organization is to choose the best and most suitable SPML to meet its requirements. This paper proposes a Quality Model (QM) which has been defined conforms to QuEF (Quality Evaluation Framework). This QM allows to compare model-based SPMLs and it could be used by organizations to choose the most useful model-based SPML for their particular requirements. This paper also instances our QM to evaluate and compare 10 representative SPMLs of the various alternative approaches (metamodel-level approaches; SPML based on UML and approaches based on standards). Finally, this paper concludes there are many model-based proposals for SPM, but it is very difficult to establish with could be the commitment to follow. Some non-considered aspects until now have been identified (e.g., validation within enterprise environments, friendly support tools, mechanisms to carry out continuous improvement, mechanisms to establish business rules and elements for software process orchestrating).     

Simplified software inspection process in compliance with international standards

A significant amount of software is developed all over the world by small and medium size software organizations. These organizations do not have enough infrastructures and resources to implement an austere quality plan. Software inspection is a fundamental component of the software quality assurance process. Formal review methods are rigorous and their implementation is cumbersome for small and medium enterprises. In this paper, we have presented a new simplified inspection process which is easy to implement, requires fewer resource and almost no documentation. Also, people who are conducting this inspection need not be present at the same place during most stages of the inspection process. We have also compared this process with IEEE and NASA standards for software inspection and found that it meets almost 99% of both standards. While there has been much research on inspection, little attention is paid towards compliance with international standards. These results could be used as a basis for further research in software inspection and process towards aligning with international standards. This process has been successfully implemented in a CMM level 3 software development organization which is striving to accomplish higher maturity levels to establish at the international level.     

The value of the formal standards process

The purpose of this article is to critique the process of developing formal standards, which are those that have been approved by an official standards-making body. The bodies that impact US computer standards most include the International Standards Organization (ISO), the International Telecommunications Union (ITU), the American National Standards Institute (ANSI) and the Institute of Electrical and Electronics Engineers (IEEE). Other groups develop important standards that are outside the formal process. These include the Open Software Foundation (OSF), X/Open, and the Internet Engineering Task Force (IETF). The main difference between a formal standards organization and the other groups is the legal framework in which the body operates. The formal organizations are often chartered by the government with strict procedures and rules imposed on the standards development process. OSF and X/Open are each directed by a board of directors, whereas the IETF is an independent, self-governing body that develops its own rules and procedures     

Harmonization of ISO/IEC 9001:2000 and CMMI-DEV: from a theoretical comparison to a real case application

In the past years, both industrial and research communities in Software Engineering have shown special interest in Software Process Improvement—SPI. This is evidenced by the growing number of publications on the topic. The literature offers numerous quality frameworks for addressing SPI practices, which may be classified into two groups: ones that describe “what” should be done (ISO 9001, CMMI) and ones that describe “how” it should be done (Six Sigma, Goal Question Metrics-GQM). When organizations decide to adopt improvement initiatives, many models may be implied, each leveraging the best practices provided, in the quest to address the improvement challenges as well as possible. This may at the same time, however, generate confusion and overlapping activities, as well as extra effort and cost. That, in turn, risks generating a series of inefficiencies and redundancies that end up leading to losses rather than to effective process improvement. Consequently, it is important to move toward a harmonization of quality frameworks, aiming to identify intersections and overlapping parts, as well as to create a multi-model improvement solution. Our aim in this work is twofold: first of all, we propose a theoretical harmonization process that supports organizations interested in introducing quality management and software development practices or concerned about improving those they already have. This is done with specific reference to CMMI-DEV and ISO 9001 models in the direction “ISO to CMMI-DEV”, showing how GQM is used to define operational goals that address ISO 9001 statements, reusable in CMMI appraisals. Secondly, we apply the theoretical comparison process to a real case, i.e., a Small Enterprise certified ISO 9001.     

Managing object oriented framework reuse

Reusing frameworks instead of libraries can cause subtle architectural changes in an application, calling for innovative management solutions. We relate our experience in managing the Knowledge-Based Software Assistant project and offer tips for buying, building and using frameworks. One of the promises of object-oriented software development is that organizations can get a significant return on development investment because the code is easier to reuse. Software project managers are often eager to take the OO plunge for that reason, but are uncertain about the management issues they will face. There is also the problem of choosing the best form of reuse. Library-based reuse, the traditional reuse form, is more popular than framework-based reuse, but we have found that framework-based reuse offers many more benefits with the right management approach. We describe the lessons we learned when building the Knowledge-Based Software Assistant/Advanced Development Model     

Data Mining of Software Development Databases

Software quality models can predict which modules will have high risk, enabling developers to target enhancement activities to the most problematic modules. However, many find collection of the underlying software product and process metrics a daunting task.Many software development organizations routinely use very large databases for project management, configuration management, and problem reporting which record data on events during development. These large databases can be an unintrusive source of data for software quality modeling. However, multiplied by many releases of a legacy system or a broad product line, the amount of data can overwhelm manual analysis. The field of data mining is developing ways to find valuable bits of information in very large databases. This aptly describes our software quality modeling situation.This paper presents a case study that applied data mining techniques to software quality modeling of a very large legacy telecommunications software system's configuration management and problem reporting databases. The case study illustrates how useful models can be built and applied without interfering with development.     

A single model for process improvement

The FAA has spent many years evaluating and combining models and methods to establish and monitor IT process improvement. In 1997, it released the integrated Capability Maturity Model (iCMM), which blended three of the Capability Maturity Models - software, systems engineering, and software acquisition - developed by Carnegie Mellon University's Software Engineering Institute. iCMM version 2, released in 2001, updated and expanded version 1's set of engineering disciplines to better accommodate the IT processes associated with the agency's air-traffic-control business, as well as IT system deployment, transition, operation, maintenance, and retirement. It also included some processes that govern IT, such as leadership, strategic planning, and investment decision-making. With this breadth of coverage, we believe the iCMM is the most comprehensive model available for improving the performance of an organization that relies on complex IT systems to provide services. The iCMM also has a flexible structure that lets organizations use it to benchmark processes from other process improvement models in terms of either maturity or capability level. Finally, the model offers various appraisal methods so that organizations can understand current practice in relation to iCMM's best practices or measure process performance characteristics. Lessons have come from many years of iCMM application at FAA, and many have broad application to the IT community. Overall, using one model to cover processes that span many disciplines has clear advantages.     

PEM: The small company-dedicated software process quality evaluation method combining CMMISM and ISO/IEC 14598

Many small software organizations have recognized the need to improve their software product. Evaluating the software product alone seems insufficient since it is known that its quality is largely dependant on the process that is used to create it. Thus, small organizations are asking for evaluation of their software processes and products. The ISO/IEC 14598-5 standard is already used as a methodology basis for evaluating software products. This article explores how it can be combined with the CMMI to produce a methodology that can be tailored for process evaluation in order to improve their software processes. ^SM: CMMI is a service mark of Carnegie-Mellon University. Sylvie Trudel has over 20 years of experience in software. She worked for more than 10 years in development and implementation of management information systems and embedded real-time systems. Since 1996, she works as a process improvement specialist, implementing best practices into organizations processes from CMM and CMMI models. She performed several CMM and CMMI assessments and participated in many other CMM assessments such as CBA IPI, SCE, and other proprietary methods. She obtained a bachelors degree in computer science in 1986 from Laval University in Québec City and a Masters degree in Software Engineering at école de Technologie Supérieure (éTS) in Montréal. Sylvie is currently working as a software engineering advisor at the Centre de Recherche Informatique de Montréal (CRIM). Jean-Marc Lavoie has been working in software development for over 10 years. He performed and published a comparative study between the guide to the SWEBOK and the CMMI in 2003. Jean-Marc obtained a bachelor degree in Electrical Engineering. He is pursuing a Masters degree in Software Engineering at école de Technologie Supérieure (éTS) in Montréal while working as a software architect at Trisotech. Marie-Claude Pare has been working in software development for 7 years. Marie-Claude obtained a bachelor degree in Software Engineering from école Polytechnique in Montréal. She is pursuing a Masters degree in Software Engineering at école de Technologie Supérieure (éTS) in Montréal while working as a software engineer at Motorola GSG Canada. Dr Witold Suryn is a Professor at the école de technologie supérieure, Montreal, Canada (engineering school of the Université du Québec network of institutions) where he teaches graduate and undergraduate software engineering courses and conducts research in the domain of software quality engineering, software engineering body of knowledge and software engineering fundamental principles. Dr Suryn is also the principal researcher and the director of GELOG : IQUAL, the Software Quality Engineering Research Group at école de technologie supérieure. From October 2003 Dr. Suryn holds the position of the International Secretary of ISO/IEC SC7 – System and Software Engineering.     

Using Software Reliability Growth Models in Practice

The amount of software in consumer electronics has grown from thousands to millions of lines of source code over the past decade. Up to a million of these products are manufactured each month for a successful mobile phone or television. Development organizations must meet two challenging requirements at the same time: be predictable to meet market windows and provide nearly fault-free software. Software reliability is the probability of failure-free operation for a specified period of time in a specified environment. The process of finding and removing faults to improve the software reliability can be described by a mathematical relationship called a software reliability growth model (SRGM). Our goal is to assess the practical application of SRGMs during integration and test and compare them with other estimation methods. We empirically validated SRGMs' usability in a software development environment. During final test phases for three embedded software projects, software reliability growth models predicted remaining faults in the software, supporting management's decisions.     

Standards-comparing, contrasting ISO 9001 and the SEI capabilitymaturity model

The Carnegie Mellon University Software Engineering Institutes's (SEI's) five-level framework for engineering practices in a successful software development organization and the International Organization for Standardization's ISO 9000 series of standards, which describes the key requirements for companies and organizations doing business in the European Community, are reviewed. The origins of the models are discussed, and the two models are compared and contrasted     

基于CMMI的软件质量保证

软件的质量保证是软件业最关注的一个问题。结合软件质量保证体系的国内外现状,以CMMI标准体系的优点与5级成熟度模型为依据,分析出过程是软件项目质量保证的制约因素以及基于CMMI的软件质量保证的具体内容。详细探讨了CMMI模型下项目计划开展与开发流程的问题。最后得出通过过程改进达到管理提高的目的,最终使得软件质量有所保证,结果减低企业的工程成本。该方法不仅适用于规模较大的组织和较大型的项目,而且也可以广泛应用于相当多的小型组织。     

支持外包的软件协同工作模型

软件外包已经成为世界软件业发展的一种趋势，它是以最少的成本和最节约的资源来获得高品质的软件产品，软件外包过程不同于传统的软件过程，它可以被认为是发生在软件发包主和分包方之间的合同过程，包括软件外购过程和软件供应过程，分析了典型的软件外购过程和软件供应过程，对这两个过程之间的协同工作进行了研究，包括协同的必要性和内容以及协同的机制，并提出一个支持外包的软件协同开发过程模型，来辅助软件外包项目的高效实施。     

Toward reference models for requirements traceability

Requirements traceability is intended to ensure continued alignment between stakeholder requirements and various outputs of the system development process. To be useful, traces must be organized according to some modeling framework. Indeed, several such frameworks have been proposed, mostly based on theoretical considerations or analysis of other literature. This paper, in contrast, follows an empirical approach. Focus groups and interviews conducted in 26 major software development organizations demonstrate a wide range of traceability practices with distinct low-end and high-end users of traceability. From these observations, reference models comprising the most important kinds of traceability links for various development tasks have been synthesized. The resulting models have been validated in case studies and are incorporated in a number of traceability tools. A detailed case study on the use of the models is presented. Four kinds of traceability link types are identified and critical issues that must be resolved for implementing each type and potential solutions are discussed. Implications for the design of next-generation traceability methods and tools are discussed and illustrated     

A formal framework for software product lines

ContextA Software Product Line is a set of software systems that are built from a common set of features. These systems are developed in a prescribed way and they can be adapted to fit the needs of customers. Feature models specify the properties of the systems that are meaningful to customers. A semantics that models the feature level has the potential to support the automatic analysis of entire software product lines.ObjectiveThe objective of this paper is to define a formal framework for Software Product Lines. This framework needs to be general enough to provide a formal semantics for existing frameworks like FODA (Feature Oriented Domain Analysis), but also to be easily adaptable to new problems.MethodWe define an algebraic language, called SPLA, to describe Software Product Lines. We provide the semantics for the algebra in three different ways. The approach followed to give the semantics is inspired by the semantics of process algebras. First we define an operational semantics, next a denotational semantics, and finally an axiomatic semantics. We also have defined a representation of the algebra into propositional logic.ResultsWe prove that the three semantics are equivalent. We also show how FODA diagrams can be automatically translated into SPLA. Furthermore, we have developed our tool, called AT, that implements the formal framework presented in this paper. This tool uses a SAT-solver to check the satisfiability of an SPL.ConclusionThis paper defines a general formal framework for software product lines. We have defined three different semantics that are equivalent; this means that depending on the context we can choose the most convenient approach: operational, denotational or axiomatic. The framework is flexible enough because it is closely related to process algebras. Process algebras are a well-known paradigm for which many extensions have been defined.     

State‐of‐the‐art: software inspections after 25 years

Software inspections, which were originally developed by Michael Fagan in 1976, are an important means to verify and achieve sufficient quality in many software projects today. Since Fagan's initial work, the importance of software inspections has been long recognized by software developers and many organizations. Various proposals have been made by researchers in the hope of improving Fagan's inspection method. The proposals include structural changes to the process and several types of support for the inspection process. Most of the proposals have been empirically investigated in different studies. This is a review paper focusing on the software inspection process in the light of Fagan's inspection method and it summarizes and reviews other types of software inspection processes that have emerged in the last 25 years. This paper also addresses important issues related to the inspection process and examines experimental studies and their findings that are of interest with the purpose of identifying future avenues of research in software inspection. Copyright © 2002 John Wiley & Sons, Ltd.     

SPI patterns: learning from experience

Thousands of organizations have been improving their software process maturity level since the Capability Maturity Model (CMM) appeared in 1991. Organizations have improved project management, automated configuration management, and introduced reuse practices. Some of them succeeded; others failed. If we could extract lessons for the software community from these experiences, organizations could avoid repeating mistakes. Publications such as the `Process Maturity Profile of the Software Community' show organizational trends assessed against the SW-CMM, They provide information about the organizations' state and the time spent moving from one level to the other, but say nothing about the different ways used to reach that state. Unfortunately, such information is embedded in experiences that are not public. However, initiatives such as the European Systems and Software Initiative facilitate some of these experiences. The European Commission has been funding around 400 process improvement experiments (PIEs) through ESSI since 1993. More than 250 are public and available through Vasie, a repository that can be accessed through the Internet. Many researchers have analyzed this repository (and the ESSI) many times, but none have focused on identifying patterns of solutions for specific problems or patterns for pursuing concrete business goals, or on determining that pattern's relative success of such patterns. Many disciplines have identified patterns by the analysis of past experiences, and we believe this approach is also valid for software process improvement     

The difficulties of building generic reliability models for software

The Software Engineering research community have spent considerable effort in developing models to predict the behaviour of software. A number of these models have been derived based on the pre and post behaviour of the development of software products, but when these models are applied to other products, the results are often disappointing. This appears to differentiate Software from other engineering disciplines that often depend on generic predictive models to verify the correctness of their products. This short paper discusses why other engineering disciplines have managed to create generalized models, the challenges faced by the Software industry to build these models, and the change we have made to our process in Microsoft to address some of these challenges.