Software Quality Management

Software Quality Engineering Tackles Security Issues

Taz Daughtrey
03/19/2013

Software quality engineering involves:

  • identifying required software attributes,
  • specifying the degree to which each must be present,
  • designing and implementing software with these attributes, and
  • applying appraisal techniques to assure their presence.

Security issues arise when software defects can be exploited to compromise the accessibility of a system or the confidentiality or the integrity of its information.

Applying well-established software quality engineering approaches to security issues can provide insights into how software needs to be built and used in the face of security threats.  Specifically, these approaches support allocation of development and assurance resources, as well as informed release or revision decisions. The safest automobile may well be the one parked in your driveway, but it is scarcely useful for transportation. So, too, a fully secure system would have to sacrifice all usability and functionality.

What is needed is to strike an appropriate balance between security and other attributes. An engineering approach to software quality supports customer- and data-driven tradeoffs among various quality attributes.

From Audit Requirements to Checklist Items to Evidence Gathering Plans

03/01/2011

This presentation presents a “how-to” method for translating the audit criteria requirements into useful checklists that auditors can use to organize their audit effort.  Attendees will then learn how those translate checklist items into objective evidence gathering plans to ensure that they gather relevant facts that allow them to effectively evaluate adherence to the audit criteria requirements.

The Blame Game

Manfred (Fred) Hein
08/04/2003

We don't look often enough at the aspects of our personal and business lives that hinder our ability to function, to develop relationships, to interact with others (i.e., to become productive and effective individuals). These neglected or overlooked aspects can become "roadblocks" in our personal and business lives - roadblocks that keep us from “being who we can be.” Often we look at new, “state-of-the-art” ideas, concepts, and technology silver bullets to help change/improve ourselves or our corporations. We always think of “adding” these things to our lives to make a difference. We never seem to think that if we “subtract” or get rid of some things - roadblocks - in our lives, they might make more of a difference. One such roadblock we should think of subtracting is The Blame Game. Our individual and organizational propensity to blame can be a significant factor that weakens our foundations. This session describes how we can become aware of the blaming techniques of The Blame Game, the harm they cause, how much we are engaged in them, and how we can change these practices.

Certification: A Competitive Advantage In Any Economy

Eric Patel & Darin Kalashian
04/26/2003

Have you every considered enhancing your career through professional development activities? Most of us say that we’re too busy to do our day job let alone anything in addition to it, but what if by doing some “extra” things you could make your job easier, faster, and increase your job satisfaction (and maybe your paycheck)? Certification is one value-added activity. It’s commonly defined as formal recognition by an institution that an individual has demonstrated proficiency within and comprehension of a specified body of knowledge at a point in time.  Certification is a tool and when utilized to its full potential, can define career paths, contribute to a company’s bottom line, and drive product quality and customer satisfaction upwards.

Making Sense of ISO 15504 (and SPICE)

Scott Duncan
01/29/2003

ISO 15504 was initiated in 1993 as the SPICE (Software Process Improvement and Capability dEtermination) Project, then formally moved into ISO/IEC as JTC1/SC7’s Working Group 10. The first draft appeared around June of 1995 and the second, around October of 1996. Several ballot and comment periods followed and ISO 15504 was issued as a Technical Report (TR) in 1998. Immediately thereafter, work was begun to plan the implementation of changes deemed needed to move the TR to full International Standard (IS) status. This work continues today and, during this time, activities under the name "SPICE" have continued as well such as a series of trials, which have used various versions of ISO 15504, including the TR. Though SPICE activities are not under ISO/IEC auspices, many of the people involved in the ISO 15504 standards effort are also associated with SPICE activities.

This paper describes the work which has been going on to move ISO 15504 from a TR to full IS status including reducing the document set from 9 to 5 documents and removing the Process Dimension from the standard in favor of Process Reference Models.   Since ISO 15504 is still being developed and the target completion of the parts spans 2003-2004, the presentation will attempt to provide the most up to date information with regard to the provisions of the standard as well as the schedule for its completion.

Aligned Empowerment - Could it become a Buzzword

Jim Austin
11/04/2002

Sit down with today’s manager and get into a discussion about “empowerment” and see what kind of reaction you get.  Generally a yawn, right?  You might get a shrug, a nod, or maybe even rolling eyes but it would probably be a rare day to find anyone getting genuinely exited about such a dated topic.  While the word "empowerment" may no longer be in vogue, the “concept” behind empowerment remains strong. Empowerment is a basic staple of good management and in a growing number of organizations power is shifting from managers to employees.  Jim's article discusses empowerment and how to ensure that empowerment is "aligned" through information sharing.

Process Definition Template

Linda Westfall
09/11/2002

Utilize this template to document your software process definitions.  This template can be used to implement the techniques described in the How to Create Useful Software Process Documentation paper.  This paper also includes an example of a completed version of this template.

How to Create Useful Software Process Documentation

Linda Westfall
03/25/2002

Whether our organization is using ISO 9001, the Software Engineering Institutes Capability Maturity Model - IntegratedSM, Total Quality Management, Six Sigma or some other quality framework, one of the cornerstones of any of these frameworks is to document our processes.  Unfortunately efforts to document our process often end up in voluptuous volumes of verbosity that sit on the shelf and gather dust.   How to Create Useful Software Process Documentation introduces the reader to a simple, practical method for defining and documenting software processes that are easy to understand, easy to use and easy to maintain.

This paper was presented as an invited speaker paper at the 11th International Conference on Software Quality (11ICSQ).

Recommended References

The Certified Software Quality Engineer Handbook, 2nd Edition, Linda Westfall, ASQ Quality Press, Milwaukee, WI, 2017.

Fundamental Concepts for the Software Quality Engineer, Taz Daughtrey, editor, ASQ Quality Press, Milwaukee, Wisconsin, 2002.

The Certified Manager of Quality/Organizational Excellence Handbook, 3rd Edition, ASQ Quality Management Division, Russell T. Westcott editor, ASQ Quality Press, Milwaukee, WI, 2006.  

The Certified Quality Process Analyst Handbook, Eldon H. Christensen, Kathleen M. Coombes-Betz and Marilyn S.Stein, ASQ Quality Press, Milwaukee, WI, 2007.  

Handbook of Software Quality Assurance, 4th Edition; Edited by G. Gordon Schulmeyer; Artech House, Boston, MA, 2007.

The Six Sigma Handbook, 3rd Addition; Thomas Pyzdek and Paul Keller; McGraw-Hill Professional, New York, 2009.

The Quality Improvement Handbook, 2nd Edition, ASQ Quality Management Division, John E. Bauer, Grace L. Duffy and Russell T. Westcott, editors, ASQ Quality Press, Milwaukee, WI, 2006.

The ASQ Auditing Handbook, 4th Edition, ASQ Quality Audit Division, J. P. Russell editor, ASQ Quality Press, Milwaukee, WI, 2013.

Quality Audits for Improved Performance, 3rd Edition, Dennis R. Arter, ASQ Quality Press, Milwaukee, WI, 2003.

The Quality Toolbox, 2nd edition, Nancy R. Tague, ASQ Quality Press, Milwaukee, WI, 2005.

Recommended Links

American Society for Quality (ASQ) - asq.org

CMMI Institute - cmmiinstitute.com

Crosstalk, The Journal of Defence Software Engineering - crosstalkonline.org

Cyber Security & Information Systems Information Analysis Center (CSIAC) - thecsiac.com

Dilbert - dilbert.com

The Institute of Internal Auditors (IIA) - theiia.org

International Organization for Standards (ISO) - iso.org

The IT Metrics and Productivity Institute - itmpi.org

Six Sigma DMAIC Quick Reference - isixsigma.com/new-to-six-sigma/getting-started/what-six-sigma

Software Assurance, Community Resources and Information Clearing House Sponsored by the US Department of Homeland Security Cyber Security Division - buildsecurityin.us-cert.gov/swa/

Software Engineering Institute - sei.cmu.edu

Software Testing and Quality Engineering - stickyminds.com

ITIL (Information Technology Infrastructure Library) itil-officialsite.com

 

© 1999-2018 Westfall Team, Inc.