Professional Documents
Culture Documents
Mark Stein
Keymind, A Division of Luminpoint
Davide Falessi
Fraunhofer Center for
Experimental Software Engineering
Agenda
2
• 25-person division of a 500-person
umbrella organization, Luminpoint,
Inc.
• IT and Creative division of
Luminpoint
• Specializes in Web-based application
development with strong focus on
user-centered design and full
Section 508 compliance
• Achieved CMMI-DEV v1.3 Maturity
Level 5 in March 2012
3
• A not-for-profit applied research &
technology transfer organization
• Affiliated with the University of Maryland
• Our philosophy: understanding the context
and suggesting appropriate improvements
• Our Process Improvement approach
– Understanding the effort (e.g., gap analyses)
– Planning the improvement initiative
– Implementing the improvement initiative plan
– Conducting an assessment
• Other Competencies
– Software/Systems Management, Measurement and
Empirical Studies
– Knowledge Management
– Software Architecture, Testing, and IV&V
4
The Importance of a Good Defect
Classification Schema
5
Prediction Model (Defects in Production)
Understanding the
effectiveness of different
testing activities was
essential to designing the
next version of the
model.
6
Classification Schema (BEFORE)
Title:
Description: Our original
classification schema
Priority:
supported our
Severity: organization well
through ML 2 and 3
Defect Category:
Version Injected:
Version Fixed: As we focused on
some of the high
Phase Detected: maturity process
Tool/Method Used: areas, limitations of
the schema became
Component: apparent.
Assignee:
Reported By:
7
Classification Schema (BEFORE)
Title:
Good at telling us
Description: what type of defects.
Priority: Not as good at telling
Severity: us where they were
coming from, or
Defect Category: helping us determine
Version Injected: which ones to include
in our HM analyses.
Version Fixed:
Phase Detected:
Tool/Method Used: Good at telling us how
Component: we found the defects.
8
Defect Categories (BEFORE)
Describes Describes
Failure Source
Accessibility Defect X
Code Defect – Content X X
Code Defect – HTML X X
Code Defect – Formatting X
Code Defect – Logic X X
Code Defect – Data Access X X
Code Defect – Data Migration X
Configuration Defect X X
Misunderstood Requirement X
Missed Requirement X
Non-Standard Compliance X X
Usability Defect X
Security Finding X
Supplier Defect X
9
Defect Categories (BEFORE)
Describes Describes
Failure did this
When Source
Which process would we
Accessibility Defect X originate?
defect
focus on to prevent this
Code Defect – Content X X
kind of defect in the
Code Defect – HTML X X future?
Code Defect – Formatting X a defect we
Is this
Code Defect – Logic X consider for
should X
Code Defect – Data Access our prediction
X model? X
Code Defect – Data Migration X improvements to
Are past
Configuration Defect X ourXanalysis & design
Misunderstood Requirement Was this defect processes
X reducing
Missed Requirement unavoidable? software
X defects?
Non-Standard Compliance X X
Usability Defect X Is this a defect?
Security Finding X IS a defect?
What
Supplier Defect X
10
Defect Failure (AFTER)
Missing, Incorrect, or Incomplete Functionality/Results:The functionality or results
Missing, Incorrect, or Incomplete
are different from the expected ones whether missing, or incomplete (e.g., search Must describe the
resultsFunctionality/Results
presented are incomplete, email not automatically generated, or other manifestation of the
documented requirements and wireframed features are not provided to the user). defect
Unexpected
However, when formattingTermination (error)
is incorrect, use "Incorrect Formatting" failure option.
Unexpected Termination (error): The system unexpectedly stops during processing
(e.g., system crash, 404-page not found, page not displayed, or system is
Incorrect Formatting
unresponsive).
Is a required attribute
when initially logging
Incorrect Formatting: The output is incorrectly displayed.
Usability
Usability: Any feature, function, or facet of the user interface or its organization the defect
that violates established principles of usability (e.g., visibility, feedback, etc.,) or
that isAccessibility
likely to lead to user error, delay, confusion, or the failure to complete a task.
Accessibility: Defects that prevent full accessibility of an application or web site Has to be from the
(e.g., Section 508, using a screen reader, or other assistive technologies). perspective of the end
Performance
Performance: A system feature does not meet requirements in terms of speed or user or customer
capacity (e.g., export of data is too slow).
Security/Vulnerability
Security/Vulnerability: A feature or information is available to an unintended user.
Non-compliance to Standard: A defect related to non-adherence to a standard Is a helpful
eitherNon-compliance
official, e.g., SCORM, or anto Standard
internal one such as our various coding standards, discriminator when
naming conventions, and standard architecture. Note that this type of defect including or excluding
cannot be identified by the user. It does NOT include 508 which has its own
Other
category–see "Accessibility" failure type.
data from analysis
11
Defect Source (AFTER)
Requirement - Incomplete from Customer: The customer provided an unclear or
Requirement - Incomplete from Customer
incomplete requirement.
Must describe the
Requirement - Incomplete Internally:
Requirement - IncompleteThe requirement was not documented or not
Internally
clearly specified.
cause of the defect, or
the point at which the
Requirement
Requirement - NotThe
- Not Implemented: Implemented
requirement was documented and included
defect was injected
in the wireframes, but was not implemented in the software.
Information
Information Architecture:Architecture
Issues with the wireframes and/or work flow diagrams
including insufficient detail and/or misrepresentation of a requirement.
Content:Content
Incorrect or incomplete content provided. Less about blame,
Data Migration: Problems related to data migration. more about
Data Migration
Partner/Supplier: Defects found in deliverables or services provided by a partner determining which
or supplier. processes to focus on
Partner/Supplier to prevent defects in
Interface Design: Issues with the implementation of HTML, CSS, images, colors,
Interface
etc., related Designof the design, NOT mistakes in the design process.
to the execution the future
For the latter use "Information Architecture" source.
Configuration
Configuration - Application: –Incorrect
Application
software configuration, i.e.., missing
component or module, incorrect version, incorrect Web config file, a script that Is also a helpful
shouldConfiguration
have been run that was - Server/Environment
not. discriminator when
Configuration - Server/Environment: Incorrect server or network configuration, including or excluding
Codesecurity settings, ports, IIS, DNS, etc.
i.e., incorrect data from analysis
Code: Requirements have been defined and implemented but software is not
Other
functioning correctly due to incorrect logic, calculations, or other coding errors.
12
Defect Detection Method (BEFORE)
Measured number of defects per Measured level of effort (hours) for each
method, per software version testing activity, per software version
13
Defect Detection Method (AFTER)
Now we have both number of defects found per method, plus the amount of effort
expended per method. Helps us make decisions on how to allocate V&V resources.
14
Validation Methodology
15
Validation Results
39%
Agreement using the
new schema:
64%
Statistical difference:
Note: participants received no training prior to taking survey. P-value < 0.001
16
Rollout
17
When to Implement the Change
– Old schema brought challenges, but these were not show-stoppers when it came
to achieving our level 4/5. However, they did limit our ability on improving both our
models and testing effectiveness.
18
Conclusions
19
References
20
Q &A
21