Professional Documents
Culture Documents
CSQE 2002
THE SOFTWARE
QUALITY ENGINEER
PRIMER
Third Edition
Bill Wortman
Quality Council of Indiana
602 West Paris Avenue
West Terre Haute, IN 47885
TEL: 812-533-4215
FAX: 812-533-4216
qci@qualitycouncil.com
http://www.qualitycouncil.com
001
QUALITY COUNCIL OF INDIANA INTRO-5 (2)
CSQE 2002
X. INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X-1
ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . X-19
QUALITY COUNCIL OF INDIANA INTRO-6 (7)
CSQE 2002
I. Certification Overview
V. Software Engineering
Process 16.25% 26 65 162
X. Index
TOTALS 100% 160 400 1000
QUALITY COUNCIL OF INDIANA I-1 (8)
CSQE 2002
I. CERTIFICATION OVERVIEW
I KNOW OF NO MORE
ENCOURAGING FACT THAN
T H E U N Q U E S T I O N AB L E
ABILITY OF MAN TO ELEVATE
HIS LIFE BY A CONSCIOUS
ENDEAVOR.
I. CERTIFICATION OVERVIEW
CSQE Exam
Objective
Eligibility
Duration
Other Details
I. CERTIFICATION OVERVIEW
I. CERTIFICATION OVERVIEW
I. CERTIFICATION OVERVIEW
I. CERTIFICATION OVERVIEW
C Knowledge Level
C Comprehension Level
C Application Level
C Analysis
C Synthesis
C Evaluation
QUALITY COUNCIL OF INDIANA II-1 (14)
CSQE 2002
IT IS EASY TO BE TOLERANT OF
THE PRINCIPLES OF OTHER
PEOPLE, IF YOU HAVE NONE OF
YOUR OWN.
Introduction
General Knowledge, Conduct and Ethics is presented in
the following areas:
C Customer satisfaction
C Improved software reliability
C Reduced errors during software operation
C Matching the customer*s requirements
Quality Philosophies
Philip B. Crosby Senior manager involvement
4 absolutes of quality management
Quality cost measurements
W. Edwards Plan-do-study-act (wide usage)
Deming Top management involvement
Concentration on system improvement
Constancy of purpose
Armand V. Total quality control/management
Feigenbaum Top management involvement
Kaoru Ishikawa 4M (5M) or cause and effect diagram
Company wide quality control
Next operation as customer
Joseph M. Juran Top management involvement
Quality Trilogy (project improvement)
Quality cost measurement
Pareto analysis
Walter A. Assignable cause versus chance causes
Shewhart Control charts
Plan-Do-Check-Act
Use of statistics for improvement
Genichi Taguchi Loss function concepts
Signal to noise ratio
Experimental design methods
Concept of design robustness
QUALITY COUNCIL OF INDIANA II-16 (19)
CSQE 2002
C Plan-Do-Check-Act
C SEI Capability Maturity Model
C Goal/Question/Metric Paradigm
QUALITY COUNCIL OF INDIANA II-17 (20)
CSQE 2002
Process Benchmarking
Performance Benchmarking
Benchmarking (Continued)
Project Benchmarking
Strategic Benchmarking
1. Customer focus
2. Leadership
3. Involvement of people
4. Process approach
6. Continual improvement
ISO 9000-3-1997
ISO 9000-3 and ANSI/ISO/ASQ Q9000-3-1997 are titled:
Quality Management and Quality Assurance Standards -
Part 3: Guidelines for the Application of ANSI/ISO/ASQC
Q9001-1994 to the Development, Supply, Installation and
Maintenance of Computer Software.
Software Standards
Bellcore Model
The Bellcore model contains 25 generic requirements
sets, which are organized to align with the ISO 9000-3
descriptive guideline structure. Two additional sets
have been added, for ongoing quality improvement in
the quality system and basic software processes. They
provide purchasers with operational assistance in
analyzing and resolving field problems.
QUALITY COUNCIL OF INDIANA II-53 (31)
CSQE 2002
Process
Maturity Levels indicate
Capability
contain
organized by
Common Implementation or
address
Features Institutionalization
contain
Key Infrastructure
describe
Practices or Activities
CMM Structure
QUALITY COUNCIL OF INDIANA II-57 (35)
CSQE 2002
Interim Profile
This approach is also based on CMM. It is a method to
measure progress between two extensive evaluations.
CBA IPI
The CBA IPI method (CMM-Based Appraisal for Internal
Process Improvement) has two objectives: establishing
an accurate picture of the strengths and weaknesses of
an organizations software process relative to the CMM,
and creating an internal commitment of personnel to the
ongoing improvement process.
QUALITY COUNCIL OF INDIANA II-60 (37)
CSQE 2002
C Process Management
C Project Management
C Engineering
C Support
QUALITY COUNCIL OF INDIANA II-70 (46)
CSQE 2002
Part 9: Vocabulary
QUALITY COUNCIL OF INDIANA II-73 (49)
CSQE 2002
Trillium Model
The goal of the Trillium model is to provide a means to
initiate and guide a continuous improvement program.
The Trillium model provides key industry practices
which can be used to improve an existing process or
life cycle.
C Capability Evaluation
C Capability Joint-Assessment
C Capability Self-Assessment
Trillium Model
Model Foundation
Trillium Scale
1. Unstructured - The development process is ad
hoc. Project frequently cannot meet quality or
schedule targets. (Risk - High)
TRILLIUM Model
indicates contains
Process
Capability Capability Areas
impact contain
Goals:
C Organization
C Commitments
C Culture
Road Maps
influence
contain
Process
Functions
Techniques
Practices
cover
Activities:
C Implementation
C Deployment
C Institutionalization
Road maps
Practices
Bootstrap Method
Bootstrap is a project completed as part of the
European Strategic Program for Research in Information
Technology, also known as ESPRIT. Its goal was to
develop a method for software process assessment,
quantitative measurement, and improvement.
Bootstrap Assessment
Improvements
TL 9000 (Continued)
TL 9000 is a common set of quality system requirements
and metrics design specifically for the Telcom industry
encompassing ISO 9001 and best practices.
Characteristics of the TL 9000 relationship to other
requirements are:
TL 9000 (Continued)
TL 9000 Structure
TL 9000 Model
QuEST Forum Focus Area
International Standard ISO 9001
Common TL 9000 Requirements T
L
Hardware Specific Software Specific Services Specific
Requirements Requirements Requirements
9
Common TL 9000 Metrics 0
0
Hardware Software Services
Specific Specific Specific
0
Metrics Metrics Metrics
QUALITY COUNCIL OF INDIANA II-83 (61)
CSQE 2002
TL 9000 (Continued)
TL 9000 Quality System Requirements
TL 9000 (Continued)
TL 9000 Release 3.0 Structure
C Organizational Leadership
C Team Management
C Team Tools
C Facilitation Skills
C Communication Skills
QUALITY COUNCIL OF INDIANA II-86 (64)
CSQE 2002
Organizational Leadership
Effective improvement programs do not happen
accidentally. Careful planning and implementation are
required to ensure that the proper resources are
available and applied to the right problems.
SWOT Analysis
SWOT analysis requires that a comprehensive appraisal
of internal and external situations be undertaken before
suitable strategic options can be determined. Good
strategies are built on the strengths of a company and
on exploiting opportunities. Each company has a
different set of opportunities and threats with differing
strengths and weaknesses. Thus, strategies will be
different for each firm.
Knowledge Management
Knowledge management is a process that a firm can
use to build their capabilities in maintaining and
improving performance. The aim is to continuously
improve the firm through the sharing of knowledge. The
basic concept is to have the right knowledge, at the
right time, at the right place.
C Repository
Motivation Techniques
Certainly the most challenging management
responsibility is how to both sustain and increase
internal motivation in the work group.
Frederick Taylor
Frederick Taylor produced a systematic organization of
the shop work broken down by task and instruction.
This significantly raised productivity. Piecework
incentives rewarded the productive and punished the
slackers.
Abraham Maslow
Abraham Maslows theory of human needs identified
five levels of human needs and they are listed below
from the highest to the lowest:
C Self-actualization needs
C Esteem needs
C Social needs
C Safety needs
C Physiological needs
Douglas McGregor
Douglas McGregor introduced new theories, which he
called Theory X and Theory Y. McGregor contended that
traditional management practices were rooted in certain
basic negative assumptions about people (Theory X):
Frederick W. Herzberg
Frederick W. Herzberg proposed that motivation can be
divided into two factors, which have been referred to by
a variety of names:
Organizational Empowerment
Organizations find that with empowerment, solutions
are better, decisions have better acceptance, and
performance is increased.
1. Know thyself
5. Monitor progress
7. Communicate effectively
8. Celebrate success
QUALITY COUNCIL OF INDIANA II-102 (79)
CSQE 2002
Team Management
A participative style of management is the best
approach to insure employee involvement in the
improvement process.
C Champion
C Sponsor
C Facilitator
C Coach
C Leader
C Recorder
C Timekeeper
C Team member
QUALITY COUNCIL OF INDIANA II-106 (80)
CSQE 2002
Forming
Storming
Norming
Performing
Team Size
A team can consist of members from only one area or
can be made up of a group of representatives from
different parts of the organization. Conventional
wisdom is that teams over 20 people, some think over
15, become too unwieldy and lose the active
participation of all team members. Teams of 4 people or
less may not generate enough ideas.
Team Diversity
Usually team members have diverse skills and
experience. What they share in common is their
involvement in the problem to be addressed. On a team,
each member often brings different experiences, skills,
know-how, and perspectives to the issues.
C Dominant Participants
C Overbearing Participants
C Negative Nellies
C Opinions as Facts
C Shy Members
C Jump to Solutions
C Attributions
C Feuding
C Risky-Shift
QUALITY COUNCIL OF INDIANA II-113 (86)
CSQE 2002
C A problem is presented
Multivoting
Multivoting is a way to select the most popular or
potentially most important items from a previously
generated list. Multivoting consists of the following
steps:
Brainstorming
Brainstorming is an uninhibited technique for
generating creative ideas when the best solution is not
obvious. Brainstorming does not solve problems or
create a corrective action plan. It is a participative
method to help work teams achieve their goals and
objectives.
C Free-wheeling is encouraged
C Dont criticize
JAD (Continued)
The steps for getting a JAD started are:
C Requirements Planning
C User Design
C Construction
C Implementation
QUALITY COUNCIL OF INDIANA II-120 (93)
CSQE 2002
Team Facilitation
The team leader and/or facilitator must understand
group dynamics. Facilitators are useful in assisting a
group in the following ways:
Conflict Resolution
Conflict can result from mutually exclusive objectives or
views, manifested by emotional responses such as
anger, fear, frustration and elation. Some conflicts are
inevitable in human relationships. When ones actions
may be controlled by the actions of another, there is
opportunity for conflict.
COMPETING COLLABORATING
UNASSERTIVEASSERTIVE
ASSERTIVENESS
COMPROMISING
AVOIDING ACCOMMODATING
UNCOOPERATIVE COOPERATIVE
Negotiation Techniques
This treatment of negotiating concentrates on
developing agreements among individuals or groups.
Win-Win Negotiations
C Establish Win-Win Plans
C Relationship Factors
C Process Factors
C Goal Factors
C Environmental Factors
C Role Factors
QUALITY COUNCIL OF INDIANA II-129 (100)
CSQE 2002
3. Start on time
6. Reinforce
Communication Skills
For any organization to survive, information must
continually flow in a variety of forms across the
company. Software professionals must be able to
understand this process flow and how to use it.
Presentation Formats
The ability to make public presentations is the number
one predictor of professional success. A good
presentation requires careful planning and preparation.
Written Communication
Good business writing is more about clear thinking than
it is about writing style. An individual must know what
they want to say, the objective, and why it*s important
for the audience to read it. Written communication
methods used in business are:
C Business Letters
C Business Reports
C Memoranda (Memos)
QUALITY COUNCIL OF INDIANA II-133 (102)
CSQE 2002
Effective Listening
The skills needed to improve listening are relatively
simple to learn and implement. Perhaps the harder task
is developing an active, or more effective, listening
attitude.
C Competition
C Speed difference
C Lack of training
QUALITY COUNCIL OF INDIANA II-134 (103)
CSQE 2002
C It improves relationships
C Better understanding
C The Non-listener
Interviewing
Interviewing is a useful technique for soliciting
information about a software product, process, or
technique; gathering requirements from customers and
users; or conducting software assessments and audits.
Interviewing (Continued)
One of the most fundamental questioning techniques is
to start with broad, open questions and build on the
speaker*s responses by asking narrower, more specific
questions. This is called the funnel technique.
C Have a plan
C Keep the questions simple
C Stay focused
C Avoid manipulation
C Ask permission
C Be non-threatening
C Avoid ambiguity
Fundamental Principles
3.1 Will take care that credit for the work of others
is given to those to whom it is due.
3.2 Will endeavor to aid the professional
development and advancement of those in my
employ or under my supervision.
3.3 Will not compete unfairly with others; will
extend my friendship and confidence to all
associates and those with whom I have
business relations.
QUALITY COUNCIL OF INDIANA II-141 (112)
CSQE 2002
Professional Conduct
Terms and Definitions
Software Copyright
A software copyright is the legal right to control who
copies your software. It also governs who can
distribute or sell copies or prepare works based on your
software. The U.S. Copyright Law provides the
following protection:
Fraud
Where software has performed very poorly, customers
may assert claims of fraud, in litigation or arbitration.
Personal Injury
One area of concern is software that can impact human
health and safety. Errors in this type of software can
lead to large personal injury claims. Strategies for
dealing with this type of liability include:
1. Determine needs
2. Set objectives
3. Determine subject content
4. Select participants
5. Determine the best schedule
6. Select appropriate facilities
7. Select appropriate instructors
8. Select and preparing audiovisual aids
9. Coordinate the program
10. Evaluate the program
QUALITY COUNCIL OF INDIANA II-149 (121)
CSQE 2002
C On-the-job training
C Coaching
C Apprenticeship
C Modeling
C Off-the-job training
C Management development
C Mentoring
C Management simulation games
C 80% by sight
C 11% by hearing
C 9% by other senses
I. Bootstrap
II. ISO SPICE
III. ISO 9001:2000
IV. Trillium
2.13.The key process areas that are identified within the SEI-
CMM are critical indicators that a company is:
a. New technologies
b. External environment
c. Emerging technologies
d. Internal environment
Introduction
Quality Principles
Quality can be addressed by an organization in their
vision or mission statements. In most cases, one or
more quality elements will be included as guiding
principles.
The term principles means a basic foundation of
beliefs, truths, etc., upon which others are based. Often
these principles are formalized into one or more quality
policies. From quality policies a number of strategic
and tactical quality goals may be developed. An
organizations principles may stress some of the
following points:
Quality Policies
A quality policy represents the overall quality intentions
and direction of an organization regarding quality, as
formally expressed by top management. These policies
will be transmitted to all levels of the organization.
Vendor
Rev Config
Mgmt
Quality
Standards Documentation
Assurance
Contract
Rev Security
Outsourced Services
Outsourcing means contracting with a vendor for part or
all of the work of a software and data processing
function. Outsourcing of Information Technology)
services can be accomplished in three ways: straight
acquisition, subcontractor services, and external
resources.
Categories of Outsourcing
Process Work
Project Work
Types of Outsourcing
There are three broad types of outsourcing
relationships. Each of these has different strategic,
management and economic issues.
C Global or Strategic
C Tactical or Partial
C Subcontracting or Targeted
QUALITY COUNCIL OF INDIANA III-9 (137)
CSQE 2002
C Lower costs
C Economies of scale
C More control
C More professionalism
C Cash infusion
QUALITY COUNCIL OF INDIANA III-10 (138)
CSQE 2002
C Higher costs
C Risk exposure
C Diseconomies of scale
C Conflicting agendas
QUALITY COUNCIL OF INDIANA III-13 (139)
CSQE 2002
C Problem prevention
C Identifying problem areas through trend
analysis
C Assisting in identifying and alleviating risk
C Assuring reviews and inspections will be
performed correctly
C Assessing the need and developing procedures
as required
QUALITY COUNCIL OF INDIANA III-14 (140)
CSQE 2002
Corporate Policy
Standard Processes
Procedure Artifacts
Internal/External Guides
SEI-CMM, Coding Stds., etc.
C Reliability
C Pass/fail criteria
C Traceability
C Software baseline control
C Consistency
C Lines of code (LOC)
QUALITY COUNCIL OF INDIANA III-16 (142)
CSQE 2002
PHASE TITLE
1 Concept
2 Requirements
3 Design
4 Code/Unit Test
5 Integration Test
6 System Test
7 Field Verification Office (FVO)
Phase Descriptions
A Software Quality Assurance Plan (SQAP) has been
defined by IEEE and DOD. The required topics for each
major phase is:
C Product Introduction
C Inspection Procedure
C Documentation Procedures
QUALITY COUNCIL OF INDIANA III-18 (144)
CSQE 2002
2. Documentation
2.1. Identification and filing of project documents
2.2. Project document standards
Customer Requirements
IEEE Standard 610.12-1990 defines requirements as:
C Correct
C Unambiguous
C Complete
C Verifiable
C Consistent
C Understandable by customer
C Modifiable
C Traced
C Traceable
C Design independent
C Annotated
C Concise
C Organized
QUALITY COUNCIL OF INDIANA III-24 (150)
CSQE 2002
Object-oriented techniques:
C State charts
C Finite state machines
Behavioral Analysis
Behavioral requirements define precisely what inputs the
software expects, what outputs will be generated by the
software, and the details of relationships that exist
between those inputs and outputs.
Nonbehavioral Analysis
Nonbehavioral requirements define the attributes of the
system as it performs its job. They include a complete
description of the systems requirement levels.
QUALITY COUNCIL OF INDIANA III-26 (153)
CSQE 2002
C Requirements workshops
C Joint application development (JAD)
C Rapid application development (RAD)
C Storyboarding
C Interactive
C Role playing
C Prototyping
C Throwaway
C Evolutionary
QUALITY COUNCIL OF INDIANA III-28 (154)
CSQE 2002
Methodologies
Reviews
Software management and technical reviews are
conducted to ensure that appropriate progress is being
made and may evaluate conformance to specification.
Reviews may be on-going as part of a managed quality
initiative or may be directed towards a specific project.
Inspection
The objective of inspections are to locate defects early
in the development cycle. Inspections also compare the
product with applicable standards and specifications.
Testing
Testing is performed to assess functionality, to assess
performance, to locate incorrect or missing functions, to
detect logic errors, etc. As a result of testing, defects
may be corrected, software programs may be modified
and the results may be used for future planning.
QUALITY COUNCIL OF INDIANA III-29 (156)
CSQE 2002
C Requirements Tracer
C Database Analyzer
C Complexity Analyzer
C Logic Analyzer
C Reliability Model
C Simulators
C Standards Analyzer
C Data-flow Analyzer
C Interface Analyzer
C Test Generator
QUALITY COUNCIL OF INDIANA III-30 (157)
CSQE 2002
Conducting Assessments
Assessment Phases
Assessments are typically conducted in three phases:
1. Preparation
Software Environments
A software environment is a full set of facilities that
support the efficient use of an effective process. It must
be convenient to use, support customization, have an
open architecture, and have a comprehensive
conceptual schema that encompass the database,
process data, tool interfacing and environment
evolution.
QUALITY COUNCIL OF INDIANA III-36 (163)
CSQE 2002
Prevention Costs
Applicant screening Pilot projects
Capability studies Planning
Controlled storage Procedure reviews
Design reviews Procedure writing
Education Prototype test
Maintenance Quality design
Field testing Quality incentives
Fixture design Safety reviews
Forecasting Surveys
Housekeeping Time and motion studies
Job descriptions Training
Market analysis Vendor evaluation
Personnel reviews Vendor surveys
QUALITY COUNCIL OF INDIANA III-40 (168)
CSQE 2002
Appraisal Costs
Audits Laboratory testing
Document checking Other expense reviews
Drawing checking Personnel testing
Equipment calibration Procedure checking
Final inspection Prototype inspection
In-process inspection Receiving inspection
Inspection and test Shipping inspection
Inspection reporting Test equipment
maintenance
QUALITY COUNCIL OF INDIANA III-41 (169)
CSQE 2002
C Understanding
C Evaluation
C Control
C Prediction
QUALITY COUNCIL OF INDIANA III-43 (173)
CSQE 2002
Defect Prevention
Defect prevention is highly beneficial because the costs
of finding and repairing defects increases exponentially
the latter they are found in the process. Even if defects
are found early in the process, preventing defects is
generally less expensive than finding and fixing them.
QUALITY COUNCIL OF INDIANA III-49 (178)
CSQE 2002
1. Defect reporting
2. Cause analysis
4. Action implementation
5. Performance tracking
6. Starting over
QUALITY COUNCIL OF INDIANA III-50 (179)
CSQE 2002
Trend Analysis
Pareto Analysis
150 100
Number of Errors
80
100
60
40
50
20
0 0
G J MQB D CA OR N L I E H K F P
Order Form Item
Testing
a. Level 2
b. Level 3
c. Level 4
d. Level 5
a. Lower costs
b. More control
c. Less bureaucracy
d. Less risk exposure
a. I and II only
b. I and III only
c. II and IV only
d. III and IV only
a. Project description
b. Code and media control
c. Life cycle model
d. Quality Objectives
Introduction
Software audits are described in the following topic
areas:
Software Audits
Treatment in this Section on Software Auditing are
summary in nature and, where appropriate for
preparation for the CSQE exam, stress the application
of auditing to the software engineering process.
Audit Administration
Top management has the responsibility for establishing
and authorizing the organizational quality auditing
program.
Audit Responsibilities
The following responsibilities are condensed and
paraphrased from ANSI/ASQC Q10011-1-1994.
The client:
Auditing Standards
ISO 10011
C Code of ethics
QUALITY COUNCIL OF INDIANA IV-8 (197)
CSQE 2002
Audit Types
First Party Audit
External Audit
System Audit
Product Audit
Compliance Audit
C Regulatory Audit
C Management Audit
C Quality Audit
QUALITY COUNCIL OF INDIANA IV-14 (203)
CSQE 2002
C Extrinsic
C Vendor Survey
C Pre-award Survey
C System Audit
C Management Survey
C Operation Survey
C Assessment Audit
C Appraisal
C Compliance Review
C Quality Review
C Full Audit (Cradle to Grave)
QUALITY COUNCIL OF INDIANA IV-15 (204)
CSQE 2002
Audit Purposes
There can be no audit unless documented requirements
have been developed. Likewise, some activity must
have taken place in order to measure the
implementation of those requirements. In order to
provide management with the proper feedback on the
implementation process, audits must follow these five
basic precepts:
C Entry Criteria
C Exit Criteria
QUALITY COUNCIL OF INDIANA IV-18 (207)
CSQE 2002
C Law or regulation
C The audit program
C Standards
C Client needs
QUALITY COUNCIL OF INDIANA IV-19 (208)
CSQE 2002
Checklists
Flowchart Usage
Interviewing Techniques
Sampling
Trace Forward
Trace Backward
C Preparation Phase
C Performance (Execution) Phase
C Reporting Phase
C Corrective Action Follow-up Phase
Preparation Phase
The preparation phase starts when the decision is made
to conduct an audit. The following steps should be
performed:
Performance Phase
The performance phase begins with the on-site opening
meeting and includes the gathering of information and
analysis of that information. This phase is completed
when the exit or closing meeting is held.
Reporting Phase
The reporting phase covers the translation of the audit
teams findings and conclusions into a formal audit
report which is accurate, concise, clear, and timely (i.e.
mailed within one week). The audit report should be
consistent with the results presented in the exit
meeting. The reporting phase covers the following
activities:
I. ISO 9001
II. ISO 9000-3
III. ISO 10011
IV. TickIT
SOURCE UNKNOWN
QUALITY COUNCIL OF INDIANA V-2 (219)
CSQE 2002
Introduction
C Environmental Conditions
C Requirements Management
C Requirements Engineering
C Analysis, Design, and Development Methods and
Tools
C Maintenance Management
Environmental Conditions
C Life Cycles
C Systems Architecture
QUALITY COUNCIL OF INDIANA V-2 (220)
CSQE 2002
Definition Phase
C Information is to be processed?
C Functions and performances are desired?
C Interfaces are to be established?
C Design constraints exist?
C Validation criteria are required?
1. Customer contact
2. Project planning
3. Requirements analysis
QUALITY COUNCIL OF INDIANA V-4 (221)
CSQE 2002
C Design
C Coding
C Testing
QUALITY COUNCIL OF INDIANA V-4 (222)
CSQE 2002
C Error correction
C Adaptations required as the environment evolves
C Enhancements caused by changing requirements
1. Correction
2. Adaptation
3. Enhancement (Perfective)
4. Reengineering
QUALITY COUNCIL OF INDIANA V-5 (223)
CSQE 2002
SYSTEM
ENGINEERING
ANALYSIS
DESIGN
CODE
TESTING
MAINTENANCE
C Systems Engineering
C Analysis
C Design
C Coding
C Testing
C Maintenance
Waterfall Model
Advantages/Disadvantages
The waterfall model provides a template into which
methods, for analysis, design, coding, testing, and
maintenance, can be placed.
Prototyping
Prototyping is a process that enables the developer to
create a model of the software which is built in an
evolutionary manner.
REQUIREMENTS
GATHERING &
ANALYSIS
QUICK DESIGN
REFINING
DESIGN & BUILDING
PROTOTYPE PROTOTYPE
CUSTOMER
EVALUATION
OF PROTOTYPE
CUSTOMER
SATISFIED
FULL SCALE
DEVELOPMENT
Spiral Model
The spiral model is an evolutionary model. The model
defines four major activities:
1. Planning
2. Risk analysis
3. Engineering
4. Customer evaluation
V-Model
The software engineering process may be viewed as a
V-Model or Decomposition/Integration Model. Time
progression is from left to right, and the project
components become more and more specific and
granular as a project moves down the left side of the
V.
Object-Oriented Development
The Object-Oriented (OO) development paradigm begins
with requirements gathering. Once objectives for the
software are defined, Object-Oriented Analysis (OOA)
begins. OOA is an activity in which classes and objects
are extracted from the initial statement of the
requirements. Then Object-Oriented Design (OOD) is
used to create a model of each of the program
components known as objects.
C Waterfall
C Prototyping
C Spiral
C Incremental
C V-Model
C OOA/OOD
C Hybrid models
QUALITY COUNCIL OF INDIANA V-19 (232)
CSQE 2002
Systems Architecture
A systems architecture is defined in terms of a
collection of components and interactions among those
components.
Client Server
Client-server systems require a network and at least two
machines to operate. The server receives input
requests from the client and manipulates the data by
applying the applications business logic rules.
N-Tier
An N-tier configuration refers to networks employing
multiple servers. Services are provided directly for
users applications and indirectly for one another.
Credit Internet
Cert
Card Firewall
Server
Server
Database
Server App Web
Proxy
Server Server Server
FTP
Server
DNS E-Mail
Print
Server Server
Server
File
Win
Server
Server
Web (Internet/Intranet/Extranet)
The Internet is a network of physical connections of
fiber optics, copper wire, routers, hubs and switches
that provide an infrastructure for worldwide
communications between computers.
Requirements Management
Requirements Prioritization
and Evaluation
A requirements specification document contains
background information necessary for understanding
the proposed product and explains and justifies the
need for various product attributes.
Unambiguous
Verifiable
Consistency
Completeness
In this case the forward trace table would just name the
design entity that enable each requirement. As before,
the review of each entity would verify that all the
enabled higher level requirements are cited, and only
the enabled requirements were cited.
Requirements Engineering
C Requirement Types
C Requirements Elicitation
Requirement Types
There are many definitions of requirement in software
engineering.
C Functional Requirements
C Quality Requirements
C Performance Requirements
C Regulatory Requirements
C Security Requirements
QUALITY COUNCIL OF INDIANA V-38 (244)
CSQE 2002
Requirements Elicitation
Software requirements analysis can be divided into five
areas of effort:
1. Problem recognition
2. Evaluation and synthesis
3. Modeling
4. Specification
5. Review
C Interviews
C Document Analysis
C Brainstorming
C Requirements Workshops
C Prototyping
C Use Cases
C Storyboards
C Interfaces Analysis
C Modeling
C Performance and Capacity Analysis
QUALITY COUNCIL OF INDIANA V-43 (246)
CSQE 2002
C User Procedures
C Current Capabilities
C Gold Plating
C Requirements Creep
QUALITY COUNCIL OF INDIANA V-49 (248)
CSQE 2002
Data Dictionary
The data dictionary is an organized listing of all data
elements that are pertinent to the system, with precise
rigorous definitions. This is known as the data
modeling component of structured analysis.
E - R DIAGRAM
Requirements Analysis
Common Characteristics
Requirements analysis methods have the following
common characteristics:
C Definitions of interfaces
Warnier-Orr Methodology
Data Structure Systems Development (DSSD), also
called the Warnier-Orr methodology, evolved from work
by J.D. Warnier. Warnier developed a notation for
representing an information hierarchy using three
constructs for sequence, selection and repetition.
DSSD Notation
QUALITY COUNCIL OF INDIANA V-57 (255)
CSQE 2002
C Categorical
C Behavioral
C Domain
C Use-Case
C Textural
C Structured
QUALITY COUNCIL OF INDIANA V-60 (257)
CSQE 2002
System Requirements
Specification Process
The specification of system requirements is a function
of system engineering, which is a problem solving
activity.
C Introduction
C Functional and data descriptions
C Subsystem descriptions
C System models
C System validation requirements
QUALITY COUNCIL OF INDIANA V-63 (259)
CSQE 2002
Information Domain
Software is built to transform data from one form to
another. Software also processes events. The
information domain contains three different views of the
data and control as each is processed by the computer
program:
Models
Models are created during requirements analysis to gain
an understanding of the entity to be built. Models must
be capable of illustrating how the software transforms
information.
Partitioning
During software requirements analysis, the problems
that are to be solved are often too large to be
understood as a whole. The problem is partitioned into
segments that can be more readily understood.
Object-Oriented Design
Object-Oriented Design (OOD) is a method of design
encompassing the process of object-oriented
decomposition and a notation for depicting both logical
and physical as well as static and dynamic models of
the system under design. Major conceptual elements in
the object-oriented model are abstraction,
encapsulation, modularity, and hierarchy and three
minor elements are typing, concurrency, and
persistence.
QUALITY COUNCIL OF INDIANA V-67 (263)
CSQE 2002
C Meta-metamodel
C Metamodel
C Model
C User objects (user data)
Advantages of Reuse
C Cost savings
C Reliability
C Efficiency
QUALITY COUNCIL OF INDIANA V-72 (268)
CSQE 2002
Reengineering
Reengineering is a type of reuse that takes on a system
view and is generally applied in specialized
circumstances. Reengineering is an activity or process
to rebuild an existing system.
C Inventory Analysis
C Code Restructuring
C Data Restructuring
QUALITY COUNCIL OF INDIANA V-75 (269)
CSQE 2002
Reverse Engineering
Reverse engineering can be viewed conceptually as a
reuse method that involves a disassembling or
decomposition process. Reverse engineering is a
process of design recovery from software source code,
usually because the original design has been lost or
obscured over time.
Plug-and-Play
Plug-and-play means that a self-contained software
component can be automatically incorporated into an
existing system. The software component performs any
reconfiguration necessary in real time.
Documentation Standards
Classical Cleanroom
With the classical cleanroom process, software is
developed using a statistical quality control approach to
the review process. This procedure is defect prevention
rather than defect removal. This is achieved by using
human mathematical verification to prepare software for
system test.
Modified Cleanroom
The Modified Cleanroom approach usees less formal
methods that are nonetheless quite rigorous and can
deliver code with very low fault densities. The
hallmarks of a modified cleanroom approach are:
Formal Reviews
Formal technical reviews are the most effective way to
uncover and correct errors. Technical reviews are
applied at various points during software development
and serve to uncover defects that can then be removed.
Subjects of Reviews
C Management Tools
C Modeling Tools
C Design Tools
C Documentation Tools
C Relational Databases
QUALITY COUNCIL OF INDIANA V-85 (276)
CSQE 2002
Maintenance Management
C Maintenance Types
C Operational Maintenance
QUALITY COUNCIL OF INDIANA V-85 (277)
CSQE 2002
Maintenance Types
This Section describes the characteristics of corrective,
adaptive, and perfective maintenance types and their
benefits and risks.
Software Engineering
Aspects of Maintenance
The concept of software maintenance has different
implications when contrasted with other engineering
fields. For example software, unlike hardware, cannot
wear out. In most fields of engineering, maintenance
affects only new instances or generations of the
product.
Software Evolution
The term maintenance usually implies keeping
something that can wear out or break in good repair.
Since software does not wear out or break, the term
software evolution has come into use with respect to
describing software maintenance. Software evolution
more accurately describes the types of activities that
occur during the process of maintaining software.
Software Maintenance
Software maintenance is defined as a set of engineering
activities that occur after software has been delivered to
a customer and put into operation.
Adaptive Maintenance
Maintenance Costs
The following are typical comparisons in the industry in
terms of overall maintenance effort of the defined types
of maintenance:
Maintainability
Maintainability is defined as the ease with which
software can be understood, corrected, adapted, and/or
enhanced.
Operational Maintenance
Software Maintenance Framework
C User
C Environment
C Maintenance process
C Software product
C Maintenance personnel
INFORM
REQUESTER
DON'T
EVALUATE
DO
SERIOUSNESS MINOR
ADAPTATION
DO
NO YES
INFO
EVALUATE REQUIRED
MAJOR CATEGORIZE
PRIORITIZE
PRIORITIZE CONSULT
CATEGORIZE
TO TOP WITH
PRIORITIZE
OF LIST REQUESTER
SELECT
TASK FROM
LIST
PLAN &
DESIGN
SOLUTION
COMPLETE NO
YES
System Documentation
The system documentation includes all of the
documents describing the implementation of the system
from the requirements specification to final acceptance
test plan. System documents aid product maintenance.
Lehmans Laws
Lehmans laws are one of the few examples in software
engineering of theories that have been derived from
observations. The proposed laws were derived from
these measurements.
C Continuing change
C Increasing complexity
C Organizational stability
C Conservation of familiarity
QUALITY COUNCIL OF INDIANA V-98 (287)
CSQE 2002
Program Understanding
Program understanding is fundamental to an effective
change process. Prior to implementing any change, it
is essential to understand the software product as a
whole and the programs affected by the change in
particular.
C Top-down
C Bottom-up or chunking
C Opportunistic
QUALITY COUNCIL OF INDIANA V-100 (288)
CSQE 2002
Maintenance Personnel
Developers tend to think of development as a form of
puzzle solving, and it is reassuring when they
successfully complete a difficult section of code.
Maintenance Tools
A software maintenance tool is any artifact that
supports a software maintainer in performing a task.
Use of tools can significantly simplify the maintenance
task, increase efficiency and productivity, and support
the evolution of the entire software system. A taxonomy
of maintenance tools includes:
C Testing
C Simulator
C Test case generator
C Test path generators
C Other Tasks
C Configuration Management
C Documentation
C Complexity assessment
QUALITY COUNCIL OF INDIANA V-105 (290)
CSQE 2002
a. Inventory Manager
b. E-R Diagram
c. Test Generator
d. Outline Processor
a. Waterfall
b. Prototyping
c. Degenerative
c. Spiral
a. Validation process
b. Inspection or walkthrough
c. Tape verification
d. Reengineering Paradigm
a. Problem recognition
b. Evaluation and synthesis
c. Modeling
d. Marketing analysis
a. Perfective maintenance
b. Corrective maintenance
c. Adaptive maintenance
d. A customer complaint
a. Modeling languages
b Object-Oriented program behaviors
c. Data structures and transformations
d. Graphical User Interfaces
LEWIS CARROLL
CHARLES LUTWIDGE DODGSON
QUALITY COUNCIL OF INDIANA VI-2 (297)
CSQE 2002
C Planning
C Tracking and Controlling
C Risk Management
QUALITY COUNCIL OF INDIANA VI-3 (298)
CSQE 2002
Planning
C Contractual obligations
C Requests for quote or proposal
C Market demands through feasibility studies
C Internally initiated research and development
efforts
C Customer requests
C Business needs
C Strategic need for new technologies
QUALITY COUNCIL OF INDIANA VI-3 (300)
CSQE 2002
Consensus
&
Commitment
Reconciled
Requirements Allocate
Requirements
SLOC
Evaluate
Project
Resources
Man Months
Develop
& Dollars
Initial
Schedule
Realign Schedule
Estimates
Resolve
Schedule
Conflicts
Project GO
Develop S/W
Product
Product
Estimates Compare to
Baseline
Estimates
1.0 Introduction
SMP (Continued)
7.0 Sustaining Engineering and Operations Activities
Plan
13.0 Glossary
14.0 Notes
15.0 Appendices
QUALITY COUNCIL OF INDIANA VI-12 (306)
CSQE 2002
Estimation
An activity in the planning of software is estimation of
the following:
Estimation (Continued)
In order to get a credible cost estimation, use more than
one software estimating parametric model. The inputs
to these models usually consist of:
C Analogy
C Engineering assessment
C Parametric modeling
QUALITY COUNCIL OF INDIANA VI-15 (310)
CSQE 2002
1. Product attributes
2. Hardware attributes
3. Personnel attributes
4. Project attributes
QUALITY COUNCIL OF INDIANA VI-17 (311)
CSQE 2002
S = T L - TE
QUALITY COUNCIL OF INDIANA VI-19 (314)
CSQE 2002
CPM Example
Using information from the PERT chart example, and
adding crash times and costs:
CPM Example
Project Sizing
Size estimation is an input to cost estimates. The
biggest difficulty in using the cost estimation algorithms
available today, is the problem of providing sound
sizing estimates.
Scheduling
The estimation process uses past project data to
develop productivity factors to assist in allocating the
required resources for the development process. Data
points are documented in a project schedule to assist
management in tracking the progress of the project.
Some of the factors that must be considered are:
C Corporate culture
QUALITY COUNCIL OF INDIANA VI-35 (330)
CSQE 2002
Budgeting
As projects progress, management is concerned with
the current cost of the program as compared to the
original estimation. Performance is measured by
comparing three quantities:
Gantt Charts
One method of showing project status is a Gantt chart.
Task bars are scaled in length to denote the duration of
the tasks. Their relative positions denote the sequence
of tasks with their respective start and completion
dates.
Project - X-Wing
Code
Inspection
Unit Test
Fix
Retest
Labor bases:
C Total direct labor (worked)
C Standard labor (planned)
Sales bases:
C Net sales billed
C Contributed value
Unit bases:
C Quality costs, dollars per unit of production
C Quality costs related to production
QUALITY COUNCIL OF INDIANA VI-40 (335)
CSQE 2002
C Track to closure
C Project risks
Tracking Methods
Project reviews and reporting should focus on:
Cost Metrics
Earned Value
Project Reviews
The project review is a formal and documented critique
conducted by a committee of qualified company
personnel. The project review extends over all phases
of software development, from inception to completion.
C Status reporting
C Progress reporting
C Forecasting
C Progress status reporting
Risk Management
Analyze Plan
Mitigate Control
Risk Probability
Risk management is the systematic process of
identifying, analyzing, and responding to project risk
and measuring and managing the probability of risk
occurrence. The purpose of risk management is to
minimize the probability and consequences of adverse
events to project objectives.
Risk Identification
Risk identification involves determining which risks
might affect the project and documenting their
characteristics.
QUALITY COUNCIL OF INDIANA VI-54 (350)
CSQE 2002
C Documentation Reviews
C Assumption Analysis
C Avoidance
C Transference
C Mitigation
C Acceptance
C Documented deliverables
C Verified documents (reviewed)
C Testing has been completed at an acceptable
pass rate
C Any prioritized problem/defects are resolved
C Regression testing has been executed
C Release criteria in all planning documents
(SQA plan) has been achieved
C Risks have been identified and mitigated
C All exceptions to plans have been resolved
C Customer is informed of product release status
C A product support plan is in place
C Quality criteria have been met
QUALITY COUNCIL OF INDIANA VI-58 (353)
CSQE 2002
Software Security
Software security consists of the attributes of software
that bear on its ability to prevent unauthorized access,
whether accidental or deliberate, to programs and data.
C Programmer errors
C Input overflows
C Fault prevention
C Syntax checking flaws
C Using too general a mechanism to accomplish
a function
C Documentation lapses, wrong, missing,
confusing, or faulty
C Lack of security awareness
QUALITY COUNCIL OF INDIANA VI-60 (356)
CSQE 2002
Additional factors:
Software Safety
Software safety is an integral part of the overall system
safety and software development efforts. Software
safety activities take place in every phase of the system
and software development life cycle beginning as early
as the concept phase and on through to operations and
maintenance.
Safety-Critical Software
Safety-critical software is software that:
Hazard Analysis
Critical systems require defensive functions to prevent
unintended functions and to allow operation to continue
despite errors and component failures. From the
system hazard analysis, some software functions may
be identified to prevent hazards or to mitigate the effect
of problems.
C Hazard analysis
C Identifying critical control points (CCP)
C Establishing critical limits for each CCP
C Monitoring data to control processes
C Corrective action
C Record keeping
C Verification
Real-time Logic
Real-time logic builds a system model by specifying
events and corresponding actions.
OR
HARD
.0025 CPU KEYBOARD MONITOR
DRIVE
CALCULATED
.10 .15 .20 .15
AND
.05 .05
QUALITY COUNCIL OF INDIANA VI-69 (364)
CSQE 2002
a. 20 days c. 22 days
b. 21 days d. 23 days
I. External inquiries
II. Algorithms
III. Internal files
IV. External inputs
Introduction
C Introduction
C Analytical Techniques
QUALITY COUNCIL OF INDIANA VII-2 (372)
CSQE 2002
Introduction (Continued)
Application of quantitative methods to software
development techniques include:
C Definitions
C Basic Measurement Theory
C Psychology of Metrics
QUALITY COUNCIL OF INDIANA VII-6 (374)
CSQE 2002
Reliability
Reliability refers to the consistency of a number of
measurements taken of a metric using the same
measurement method on the same subject.
Validity
Validity relates to accuracy, or the truth.
Measurement Errors
C Systematic measurement error is associated
with validity.
C Random measurement error is associated with
reliability.
Representational Condition
Representational theory of measurement is based on
sets, relations, axioms and functions. The empirical
relation system C is a set which consists of the set of
entities C related by the set of empirical relations R.
C = (C, R )
Metrics Definitions
Software metrics. An approach to measuring some
attribute of software products or processes.
Measurement Scales
Nominal Scale: This is the lowest level of measurement.
Data is assorted into groups such as categories.
Scale Description
Nominal Data consists of names or categories
only. No ordering scheme is possible.
Ordinal Data is arranged in some order but
(Ranking) differences between values cannot be
determined or are meaningless.
Interval Data is arranged in order and
differences can be found. However,
there is no inherent starting point and
ratios are meaningless.
Ratio An extension of the interval level that
includes an inherent zero starting point.
Both differences and ratios are
meaningful.
The Mode
Measures of Dispersion
Range (R)
Psychology of Metrics
In setting up a measurement program, one must be
aware of potential human problems and how to
overcome them.
Human Errors
Rounding: This involves the discard of some test
measurement accuracy.
Goal/Question/Metric Paradigm
One such paradigm for establishing a software project
metrics program is the Goal/Question/Metric (GQM)
paradigm.
GQM Example
QUALITY COUNCIL OF INDIANA VII-18 (389)
CSQE 2002
DeMarco - Bang
A computation of functionality.
Testing
Unit test - The developer exercises the code to see if it
has been properly implemented through some low level
tests of its capability.
Software Reliability
One definition for reliability is the probability that a
system will not fail for a stated length of time, starting
from some specific time. In actuality, for a period of
time after software is placed in operation, there is often
a surge of defect discovery. Software defects
include errors or faults. Achieving 100% software
reliability requires software to be free of errors or faults.
Exponential Model
The exponential distribution in software is best used for
modeling the defect arrival pattern at the back-end of
the process (for example the final formal test phase).
Exponential Distribution
Yield Effectiveness
Customer Impact
C Arbitrary
C Management reserve
C Statistical limits
Process Effectiveness
ISO 9000:2000 defines effectiveness as the extent to
which planned activities are realized and planned
results achieved.
Process Capability
C Data Integrity
C Quality Tools
Correct Data
Data serves as the basis for action. Basili and Weiss
proposed a data collection methodology that could be
applicable anywhere. Their scheme consists of six
steps with considerable feedback and iteration
occurring at several phases:
Data Quality
A fundamental principle of data quality is that data
should be right the first time, which means that the
responsibility for getting the data right is at the point at
which it is recorded.
QUALITY COUNCIL OF INDIANA VII-45 (412)
CSQE 2002
1. Calculation Error
2. Blank Field
4. Entry Error
6. Impossible Values
Data Management
It is important to look at data integrity from a data
management perspective.
C Regular backups
C Offsite backups
C Testing of backups
C Virus protection
C Good security
C Care in the manipulation of files
C Data integrity monitoring
QUALITY COUNCIL OF INDIANA VII-47 (414)
CSQE 2002
Pareto Diagram
Graphs
Control Charts
No traceability Lack of
Insufficient time
Prep time
No background
Wrong participants Poor standards
provided
Ineffective
Inspection
All defects
No follow up
not recorded
No process for
No root defect certification
Not trained
cause analysis
Moderator Inspection
Follow-up
meeting
QUALITY COUNCIL OF INDIANA VII-54 (421)
CSQE 2002
Flow Charts
A flow chart or process map can depict the sequence of
product, containers, paperwork, operator actions or
administrative procedures. A flow chart is often the
starting point for process improvement.
Problem-Solving Process
Problem solving is important for process improvement.
C Prioritize solutions
1. Relations diagram
2. Affinity diagram (KJ method)
3. Systematic diagram
4. Matrix diagram
5. Matrix data analysis
6. Process decision program chart (PDPC)
7. Arrow diagram
Affinity Diagrams
The affinity diagram method can be used for problem
solving and is similar to the mind mapping technique.
One generates ideas that link up to other ideas to form
patterns of thoughts.
CONSIDER A CSQE
TRAINING COURSE
DEVELOP PRACTICAL
EXPERIENCE
STUDY
JOB CSQE TESTS TAKE
EVALUATION
UNIVERSITY
NEEDS
CSQE COURSES
PROMOTION STUDY
REQUIRES INTENSIVELY
CSQE
QUALITY COUNCIL OF INDIANA VII-65 (431)
CSQE 2002
Tree Diagrams
The tree diagram is a systematic method to outline all
the details needed to complete a given objective. The
tree diagram can also be referred to as a systematic
diagram. The organization is by levels of importance
(i.e., why - how, goals - means).
Prioritization Matrices
To use the prioritization matrices, the key issues and
concerns are identified and alternatives generated. The
prioritization matrix is a system for decision making.
Knowledge and
1(0.45) 2(0.70) 3(0.50) 2(0.95) 1(0.65) 3(0.75) 8.2
Ethics
Quality
2(0.45) 3(0.70) 1(0.50) 3(0.95) 3(0.65) 4(0.75) 11.3
Management
Engineering
3(0.45) 4(0.70) 4(0.50) 4(0.95) 5(0.65) 5(0.75) 17.0
Processes
*Program
7(0.45) 7(0.70) 8(0.50) 7(0.95) 6(0.65) 8(0.75) 28.6
Management
*Software
6(0.45) 8(0.70) 7(0.50) 8(0.95) 8(0.65) 7(0.75) 29.9
Metrics
*Verification &
5(0.45) 6(0.70) 5(0.50) 6(0.95) 7(0.65) 6(0.75) 23.7
Validation
Configuration
8(0.45) 5(0.70) 6(0.50) 5(0.95) 4(0.65) 1(0.75) 18.2
Management
QUALITY COUNCIL OF INDIANA VII-69 (435)
CSQE 2002
Matrix Diagrams
Matrix diagrams show the strength of relationships in a
grid of rows and columns. Basic matrices types:
X-Type Matrix
Cause 1
Cause 2
Cause 3
Cause 4
Mach 1 Mach 2 Mach 3 Dept 1 Dept 2 Dept 3 Dept 4 Dept 5
Problem 1
Problem 2
Problem 3
Problem 4
Problem 5
Problem 6
Strong Relationship (3) Relationship (2) Possible (1)
QUALITY COUNCIL OF INDIANA VII-70 (436)
CSQE 2002
RESULT CONTINGENCY
A2 A4
RA4
A3 A5 RA5
A1 CONTINGENCY
START
GOAL
B2 B4 RB4
CONTINGENCY
B1
B3 B5 RB5
CONTINGENCY
QUALITY COUNCIL OF INDIANA VII-72 (438)
CSQE 2002
Sampling Terms
Consumers risk (beta risk) $: The probability of
accepting a bad lot.
QUALITY
GOOD BAD
CALLED 1-" $
THE PRODUCERS TYPE II ERROR
GOOD
DECISION CONFIDENCE
MADE
" 1- $
CALLED TYPE I ERROR CONSUMERS
BAD CONFIDENCE
QUALITY COUNCIL OF INDIANA VII-75 (442)
CSQE 2002
Acceptance Sampling
Acceptance sampling is typically used for product
testing and acceptance.
Auditing Sampling
Sampling for audit purposes is based on small sample
sizes and may not be representative. There is no
standard sampling plan for audits, but the sample must
be random and must include all audit scope elements.
Random Sampling
Random sampling gives every part an equal chance of
being selected. The sample must be representative of
the product and the sampling sequence must random,
which can be determined from a random number table.
Sequential Sampling
Sequential sampling plans are similar to multiple
sampling plans except that sequential sampling can
theoretically continue indefinitely.
Stratified Sampling
Stratified sampling is to attempt to select random
samples from each group or process that is different
from other similar groups or processes.
QUALITY COUNCIL OF INDIANA VII-77 (444)
CSQE 2002
Where:
7.9. Using the data from the table below, what is the phase
containment of the coding phase?
Phase # of Defects # of Defects
Introduced Found & Removed
Requirements 12 9
Design 25 16
Code 47 42
a. 89.4% b. 86.4% c. 75.0% d. 71.2%
a. 5 b. 6 c. 7 d. 8
a. Level 3 c. Level 5
b. Level 4 d. Level 2
Phase # of defects
Requirements 6
Design 8
Coding 10
Inspection 15
Testing 31
a. 23% c. 9%
b. 13% d. 15%
a. Cyclomatic complexity
b. COCOMO
c. Function counts
d. Software science
Introduction
C Theory
Theory
Software Verification and Validation (V&V) is a
disciplined approach to evaluating and assessing the
software product during each phase of the software life
cycle. The V&V effort helps ensure that quality is built
into the software during its development and that the
software meets the user requirements.
C Static Analysis
C Mathematical Proof
C Simulation
C Testing
QUALITY COUNCIL OF INDIANA VIII-7 (457)
CSQE 2002
Evaluating Software
Products and Processes
Software work products must be fit for use and
evaluated to assure that:
C Traceability Analysis
C Documentation
C Source Code
C Plans
C Test Results
C Audit Results
QUALITY COUNCIL OF INDIANA VIII-14 (462)
CSQE 2002
Review Processes
Objectives
Entry Criteria
C Leader
C Recorder
C Team Member
Inspection Processes
Objectives
C Find defects at the earliest possible point.
C Identify deviations.
Entry Criteria
Inspections are planned and documented according to
the project document and can be triggered by:
C Scheduled reinspection
C Moderator
C Reader
C Recorder (Scribe)
C Inspector (Reviewer)
C Author
QUALITY COUNCIL OF INDIANA VIII-26 (471)
CSQE 2002
Data Collection
Software inspections provide data for analysis of the
quality of the software elements, the effectiveness of the
development procedures, and the efficiency of the
inspection process. To enable these analyses, defects
identified during an inspection meeting are categorized
by defect type, class, and severity.
Analysis of Data
Analysis of inspection data includes the inspection
metrics:
C Preparation Rate
C Inspection Rate
C Defect Rate
C Defect Density
Phase Containment
The phase containment effectiveness measure (defect
removal effectiveness) is calculated using the following
formula.
Defects removed (at the step) x 100%
Defects existing on step entry + Defects injected during the development step
QUALITY COUNCIL OF INDIANA VIII-28 (473)
CSQE 2002
Reporting
Reports should be developed that present the results
from each inspection meeting. A summary of analysis
for each inspection meeting should be included in the
inspection meeting report.
Summary Reports
Analysis results from all inspection meetings, over a
period of time, can be included in a summary report for
the project or organization.
Types of Tests
C Functional - evaluating the feature sets and
capabilities of the system components, the
functions that are delivered, and the security of
the overall system. The program is treated as
a black box.
C Corrective
C Adaptive
C Perfective
C Preventive
QUALITY COUNCIL OF INDIANA VIII-30 (475)
CSQE 2002
Test Levels
C Unit Testing - done to show that the smallest
testable piece of software does or does not
satisfy its functional specification, and/or that
its implemented structure does or does not
match the intended design structure.
C Acceptance Testing
C Qualification Testing
C Operational Testing
Test Tools
C Fundamental Tools - include computers, word
processors, compilers, spreadsheets, system
utilities, file viewers, data converters, screen
capture utilities, diagnostic routines, defect
trackers, configuration managers, project
management tools, coverage certifiers, flow
g r a p h g e n e r a t o r s , a n a l yz e r s , a n d
instrumentation facilities.
C Static Analyzers
C Code Auditors
C Assertion Processors
C Test Verifiers
C Test Harnesses
C Output Comparators
QUALITY COUNCIL OF INDIANA VIII-37 (481)
CSQE 2002
Test Strategies
Top-Down
The top-down testing strategy starts with the top, or
initial, module in the program. When selecting the next
module to be incrementally tested, at least one of the
modules superordinate (calling) modules must have
been tested previously.
Bottom-Up
The bottom-up test strategy starts with the terminal
modules in the program. Modules may need driver
modules that contain wired-in test inputs, calls for the
module, and displays for the outputs.
QUALITY COUNCIL OF INDIANA VIII-42 (482)
CSQE 2002
White Box
White box testing is a test case design method that
uses knowledge of the programs procedural design
control structure to derive test cases. Using white box
testing methods, the software engineer can derive test
cases that:
(1) guarantee that all independent paths within a
module have been exercised at least once,
(2) exercise all logical conditions on their true and
false sides,
(3) execute all loops in their boundaries and within
their operational bounds, and
(4) exercise internal data structures to ensure their
validity.
QUALITY COUNCIL OF INDIANA VIII-43 (483)
CSQE 2002
I/O First
I/O First testing is the use of every valid input condition
as a test case. Additional input conditions are also
used as test cases to demonstrate every valid output.
Beta Testing
Beta testing uncovers errors that only the end user
seems able to find. The beta test is conducted at one or
more customer sites by end users of the software.
Test Design
Fault Insertion
This method involves the seeding (injecting) of errors
into a program, testing the program for a while, and
then counting the number of seeded versus original
errors detected. The total number of original errors in
the program can then be estimated.
Fault-Error Handling
This method involves generating each condition for
which a program has error handling code to verify that
the program recognizes the condition and properly
deals with it.
Test Cases
Test cases are developed using black-box methods and
then supplementary test cases are developed as
necessary using white-box methods. An excellent test
case satisfies the following criteria:
C It is not redundant.
States
State testing strategies are based on the use of finite-
state machine models for software structure, software
behavior, or specifications of software behavior. States
are represented by nodes in the state graph. When the
model is subjected to inputs, the state changes, or is
said to have made a transition. Transitions are denoted
by links that join the states.
QUALITY COUNCIL OF INDIANA VIII-51 (489)
CSQE 2002
Localization
The translation and export of software is becoming
more common. Localization is the process of adapting
software for a new place. It might involve a change of
language, but it doesnt have to. The culture must be
considered as well. The localizer is the person who
executes or manages the translation and other
adaptations of the program to the new market.
Internationalization
Adapting software for the international marketplace
requires consideration of several localization strategies.
QUALITY COUNCIL OF INDIANA VIII-53 (490)
CSQE 2002
Test Environments
Test Libraries
Test libraries are used to manage various test
resources. Test cases can be controlled, so changes in
test cases can be tracked in a controlled manner.
Stubs/Drivers
A stub is used to simulate a called subroutine. When a
submodule is not available, a stub can be used to
simulate the called submodule. A driver is the opposite
of a stub. It simulates the calling module and perhaps
the entire submodule environment.
Harnesses
Harnesses are automated test tools that support
processing of tests in a test environment, feeding input
data, and simulating subsidiary modules by stubs.
Testing Supplier
Components and Products
Prior to evaluating and testing supplier software,
establish acceptance criteria to assure that the
software, when demonstrated, will meet the needs of
the organization. These may include:
Commercial-Off-The-Shelf (COTS)
Test cases should be developed to demonstrate the
software meets the functionality required,
documentation is accurate and complete, and the
suppliers problem resolution process is adequate and
timely.
Modified-Off-The-Shelf (MOTS)
Test cases should be developed to demonstrate the
software meets the functionality required, specified
requirements, documentation is accurate and complete,
and the problem resolution process is adequate.
QUALITY COUNCIL OF INDIANA VIII-57 (494)
CSQE 2002
Test Plans
A test plan describes the scope, resources, schedule of
intended testing activities, test items, features to be
tested, testing tasks, who will do each task, and any
risks requiring contingency planning.
Test Implementation
Scheduling
C Maximize productivity.
Dependencies
Acceptance Testing
Test Documentation
Defect Recording
Defect Tracking
Test Reviews
Methods for Reviewing Testing Efforts
C Technical accomplishments
C Future planning
C Risk management
C Resource utilization
QUALITY COUNCIL OF INDIANA VIII-72 (505)
CSQE 2002
Condition
1
R-1
R-2
R-5
4
R-3
3
R-4
5
R-6
6
7
V(G) = E - N + 2 = 11 - 7 + 2 = 6
Path
Data
Customer Deliverables
Testing the Accuracy of
Customer Deliverables
a. System testing
b. Bottom-up testing
c. Integrated testing
d. Regression testing
a. 4
b. 5
c. 8
d. 10
a. Inspection
b. System test
c. Functional test
d. Integration test
a. Fully developed
b. MOTS
c. Shrink-wrapped
d. COTS
a. Branch-to-branch testing
b. Localization
c. Data-flow testing
d. Path testing
From the table estimate the number of weeks that testing will
take: a. 22 b. 12 c. 9 d. 4
a. Driver
b. Stub
c. Test library
d. Harness
HERACLITUS
540 - 480 BC
QUALITY COUNCIL OF INDIANA IX-2 (519)
CSQE 2002
C Introduction/Rationale
C SCM Definitions
C Configuration Infrastructure
C Configuration Identification
C Configuration Control
C Configuration Status Accounting
C Configuration Audits
C Release and Distribution Issues
QUALITY COUNCIL OF INDIANA IX-2 (520)
CSQE 2002
Introduction
Software configuration management (SCM) is a
discipline for managing the evolution of computer
products during the initial stages of development and
through to maintenance and final product retirement.
SCM Rationale
If each software configuration item (SCI) simply
spawned other SCIs, little confusion would result.
C Simultaneous update
C Double maintenance
C Shared code & work products
C Common code
C Versions
SCM Definitions
Configuration Infrastructure
C Configuration Management
C Library/Repository Processes
C Defect Tracking and Library Tools
QUALITY COUNCIL OF INDIANA IX-7 (525)
CSQE 2002
Configuration Management
SCM is divided into the following major functional areas
as illustrated below:
SCM Responsibilities
C Configuration manager
C Module ownership
C Configuration identification
C Configuration control
C Status accounting
C Co-chair audits and reviews
C Co-chair configuration control board (CCB)
C Establish and maintain engineering baselines
C Implement and maintain SCM plan
SCM Planning
Library/Repository Processes
Library control procedures are used to identify how
software configuration items are placed in formal
libraries for the project. These procedures describe
how:
Library/Repository (Continued)
Fundamentally three kinds should be considered,
dynamic, controlled, and static.
Types of Libraries
Concepts in Software
Configuration Management Tools
The Software Engineering Institute (SEI) has conducted
extensive research in software configuration
management (SCM) technology. They discovered that
there is no consistent SCM terminology and the
functionality provided by SCM systems was not
consistent. The SEI has identified 15 concepts that
enable people to discuss automated SCM support.
These concepts are listed below.
C Repository C Subsystem
C Distributed Component C Object Pool
C Context Management C Attribution
C Contract C Consistency
Maintenance
C Change Request C Work Space
C Life Cycle Model C Transparent View
C Change Set C Transaction
C System Modeling
QUALITY COUNCIL OF INDIANA IX-14 (533)
CSQE 2002
Version Control
Version control is a basic requirement for an SCM tool.
It ensures repeatability - the ability to reproduce any
version of the software at any given time. Version
control involves controlling the different versions of
software, uniquely identifying versions and
configurations, and providing version change history to
ensure traceability.
Configuration Support
A configuration is a collection of components that fulfill
a particular purpose. Tools provide mechanisms that
enable the user to correctly identify and model the
software system, as well as, track relationships between
items in the configuration. To establish traceability
between components, tools allow users to establish
links between components.
QUALITY COUNCIL OF INDIANA IX-17 (537)
CSQE 2002
Library/Repository
The library or repository captures SCM information and
stores versions of items. Tools provide mechanisms
that create an audit trail of all SCM activities and
database transactions.
Reporting/Query
Most tools have the capability to generate standard
reports and allow the user to develop customized
reports. Typical SCM reports include:
C Dependency Report
C Impact Report
C Build Report
C Change Status Report
C Difference Report
C History Report
C Access Control Report
C Conflict Detection Report
Security/Protection
Most tools allow the user to define varying levels of
access for each project. Mechanisms are also
implemented to provide protection from accidental or
intentional data corruption and loss. Several tools
provide backup, archive, and restore capabilities.
Build Support
SCM tools need to track each item and information
about each item that comprise the build. Several tools
implement their own build facility while others interface
with Make.
Configuration Identification
C Configuration Items
C Baselines
C Configuration Identification Methods
C Software Builds
QUALITY COUNCIL OF INDIANA IX-20 (542)
CSQE 2002
Configuration Items
Effective configuration identification is a pre-requisite
for the other configuration management activities.
C Computer programs
C Documents that describe the computer
programs
C Data structures
Baselines
The term baseline is an SCM concept that encompasses
the following:
Versions
From a formal definition standpoint, a baseline is a
specification or product that has been formally reviewed
and agreed upon, that thereafter serves as the basis for
further development, and that can be changed only
through formal change procedures.
Version Control
Version control combines procedures and tools to
manage different versions of the SCIs that are created
during the software engineering process. It ensures
repeatability and the ability to reproduce any version of
the software at any given time.
Naming Conventions
Another prime function of configuration identification
methods is to:
C Product Information
C Product Structure
C Product Identifiers
C Document Identification
C Baselines
C Interface Control
QUALITY COUNCIL OF INDIANA IX-34 (553)
CSQE 2002
Identification of Objects
Objects have distinct features that identify them: a
name, a description, a list of resources, and a
realization. The name is a unique character string.
The description is a list of data items that identify the
SCI type, project, and version. Resources are entities
that are used or become part of the object. The
realization is a pointer to the content of a basic object
and is not used for an aggregate object.
QUALITY COUNCIL OF INDIANA IX-36 (555)
CSQE 2002
Software Builds
The Software Build Process
Configuration Control
SOFTWARE
DESIGN
ANALYZE AND
BOARD
ASSESS IMPACT
REVIEW
ENGINEER-
ING CHANGE
PROPOSAL
PREPARATION
EVALUATE
ENGINEERING
CHANGE
PROPOSAL
SOFTWARE/CONFIGURATION
CONTROL BOARD
END
C Change Initiation
C Classification
C Change Evaluation
C Change Dispositioning
C Change History
C Implementation
C Verification
C Baseline Change Control
QUALITY COUNCIL OF INDIANA IX-47 (565)
CSQE 2002
Concurrent Development
Concurrent Process Model
Traceability
In Handbook of Software Quality Assurance, traceability
is defined as the linkage between project events.
Traceability (Continued)
Configuration management helps raise the visibility of
software projects and infuses them with traceability
through:
C Identification
C Control
C Auditing
C Status Accounting
C Version marking
C Labeling of documentation
C Labeling of executable software
C Project codes
C Project type designators and nomenclature
C Part/item identification numbers
C Firmware labeling
QUALITY COUNCIL OF INDIANA IX-53 (569)
CSQE 2002
Version Control
Baseline Change Control
Interface Control
Phase Interfaces
Hardware Interfaces
C An SCI index
C Change logs
C All discrepancy reports
C The interdependencies of the SCIs
C All change requests
QUALITY COUNCIL OF INDIANA IX-60 (578)
CSQE 2002
C Requirements
C Functional
C High-level design
C Design
C Product
C Operational
QUALITY COUNCIL OF INDIANA IX-62 (580)
CSQE 2002
Types of Baselines
Change control
authority
decides.
Developers check
out CIs, make
change, check in CIs.
SCM establishes
baseline for testing,
testing is performed.
Changes included in
new version, new
version distributed.
Documentation Control
Identification, Control, and Status Accounting
The IEEE Guide to Software Configuration Management
includes documentation identification, control, and
status accounting as part of software configuration
management. Software documents are identified by
SCM, released to SCM, and maintained in a controlled
library by SCM. SCM performs document distribution
and administers the document change control process.
Digital Data
Configuration Audits
C Configuration Audits
C Beta Testing
C Documentation
Post Release
C Hardware/Software Compatibility
Packaging
Packaging software and documentation follows the
same principles that apply to packaging hardware:
C Packaging standards
Production
Production can be taken in two contexts. The first is the
release of software developed for a specific application.
The second type of production is the physical creation
of a product that might include a CD-ROM,
documentation, marketing material, and packaging.
Distribution
9.5. Which of the following is NOT one of the four major areas
of configuration management ?
a. Configuration identification
b. Configuration audits
c. Tool utilization
d. Status accounting and reporting
I. Change to documentation
II. Fixes initiated through problem reports
III. Status accounting