Software Quality Assurance Software Quality Assurance

					                            Software Quality Assurance
                                  Ramakrishnan Venkitaraman
                                       Graduate Student
                               Department of Computer Science
                               The University of Texas at Dallas

       Software Quality Assurance (SQA) involves the entire software development process -
       monitoring and improving the process, making sure that any agreed-upon standards and
       procedures are followed, and ensuring that problems are found and dealt with. It’s aimed
       towards prevention and if followed will result in the production of quality software. This
       paper emphasizes the importance of a quality process and also discusses about the
       ways in which it could be achieved.

1 Introduction                                      2 Importance of SQA
Though billions of dollars are spent                There is an increasing use of software, in
trying to develop quality software,                 all walks of life. From electronic devices
software bugs are very common. For                  like watches, and cell phones to
most computer systems, the cost of                  applications like ecommerce, banking,
software constitutes a major part of the            medical and what not? Computer
cost of the system. Since software is so            Systems are omnipresent and all
important and valuable, if software                 computers run some software. So,
development process lacks quality, then             software is omnipresent. Due to the
the software that’s developed will surely           widespread acceptance, and use of
lack    quality.    “Software    Quality            software systems, in various areas,
Assurance (SQA) involves the entire                 software bugs are proving to be costly,
software development PROCESS -                      and sometimes fatal. The Sustainable
monitoring and improving the process,               Computing Consortium, a collaboration
making sure that any agreed-upon                    of major corporate IT users, university
standards and procedures are followed,              researchers and government agencies,
and ensuring that problems are found                estimates that buggy or flawed software
and dealt with. It is oriented towards              cost businesses $175 billion worldwide
prevention [1]”. Software Quality                   in 2001 [3]. Interested readers are
Assurance is aimed at developing a                  referred to [1] for a list of some of the
sound        software       development             recent, major computer system failures,
methodology that will produce quality               caused by software bugs, and its
software.                                           consequences. Bugs have affected
                                                    banking systems, stock exchanges,
                                                    medical       institutions,    educational
institutions and even the Social Security
Administration. Most bugs, encountered             Software Quality Assurance is
during software development, can be           oriented towards „prevention‟ of bugs in
avoided, by adopting a sound software         the software, by following a software
development process, and having strict        development methodology. SQA is more
software quality control using Software       concerned with developing a quality
Quality Assurance. The process of SQA         process for software development,
is comparable to Software Testing.            which will prevent the generation of
                                              bugs, and will result in the production of
3 Software Quality                            quality software. SQA, when practiced,
                                              makes sure that all the standards are
  Assurance VS                                followed, and that all the problems that
  Software Testing                            arise during development are detected
                                              and are dealt with. Both SQA and
Software Testing involves operating a         Software testing are non- trivial tasks.
system, or an application, under
controlled conditions, and evaluating the          Software Quality Assurance is more
results. In most cases, software testing      challenging than Software Testing
will involve the development of a test        because, solving problems is a high-
bed, which tests the given software,          visibility process; preventing problems is
upon a set of test cases. The test bed will   a    low-visibility     process.   During
feed the test input to the software system,   Software Testing, we know what the
get the result that’s generated by the        problem is, and we are trying to fix the
software system, and compares the             problem, which is easier than,
generated result with the expected result.    preventing the problem before it
If the generated result is same as the        occurred, or even showed signs of
expected result, then the software is bug     occurrence.
free else, it has bugs that need to be
fixed.                                             Given the importance of software
                                              testing and SQA is one is left wondering
    Software testing is normally carried      why is software so error prone. Why do
out under controlled conditions. The          we always have software bugs?
controlled conditions should include
both normal and abnormal conditions.
The aim of testing is to try to break the     4 Reasons for Software
software, and find the bugs in it.              Bugs
Successful testing will discover all the
bugs in the software. Developing
automated test tools to perform testing is    Microsoft Chief Executive, Steve
an active area of research. Testing is        Ballmer said that any code of significant
oriented towards 'detection' of bugs in       scope and power will have bugs in it.
the software (An interesting article that     And only 1% of bugs in MS Software is
discusses about how extensive testing         causing half of all reported errors [2].
should be can be found in [4]). On the
other hand, SQA is aimed at avoiding          Find and fix 1% of your software bugs,
bugs.                                         and 90% of your system problems go
                                              away, say experts [3].
    The term “Software Crisis” [10] is             Time pressure and deadlines:
used in the software industry to                    The      software     development
emphasize the complexity in developing              industry is highly competitive,
quality software. There are five common             and schedule slippages are not
problems in the software development                acceptable. Some projects have
process. They are miscommunication,                 unrealistic schedules, which make
software complexity, programming                    the development methodology far
errors, changing requirements and                   from perfect and the developed
unrealistic schedule [1].                           software lacks quality.

      Miscommunication: There is                Given these problems, it’s apparent
       widespread miscommunication of        that software bugs are very common.
       information during all the phases     One is surely left wondering, “Did any
       of software development, because      one do anything to reduce software
       humans tend to assume and             bugs?” and make software more reliable.
       misinterpret a lot of things when     The answer is “yes”. The next section
       communicating.                        discusses one such successful attempt.

      Software Complexity: Any
       software, that’s developed to         5 Capability Maturity
       serve some useful purpose, is
       enormously complex and no
                                               Model (CMM)
       single person can fully understand
       it [2].                               The 'Software Engineering Institute'
                                             (SEI) [5] at Carnegie-Mellon University,
      Programming Errors: Software          was initiated by the U.S. Defense
       is created by people, and people      Department, to help improve the
       are inherently prone to making        software development processes. The
       errors. So, software bugs are also    SEI came up with a model with five
       created due to programming            levels. These levels are used to gauge the
       errors.                               maturity of a software development
                                             organization. The CMM model was
      Changing           requirements:      mainly aimed at making sure that
       Software functionality changes,       organizations, which bid for contracts
       when the requirements change.         with the US Department of Defense
       When we have a system with            (DOD), followed a good process, and
       rapidly changing requirements,        developed         quality        software.
       additional functionality that’s       Organizations receive CMM rankings,
       added to the system, can affect the   by undergoing assessment by qualified
       already existing modules in           auditors. Any organization, that does a
       unforeseen ways. High level of        contract for the DOD, must reach at least
       interdependencies between the         level 3 in the CMM model [1].
       modules, makes the system error
       prone.                                      The five levels quantify the
                                             software development methodology,
                                             followed by the organization. The
following subsection will discuss on           5.4 Level 4 – Managed
what ratings at each level mean.
                                               If an organization reaches level 4 in the
                                               CMM model, then it means that metrics
5.1 Level 1 - Initial or chaotic               are used, to track productivity, processes,
                                               and products. Project performance is
Level 1 means that the software                predictable,               and quality is
development methodology, followed by           consistently high. [1]
an organization is in its novice stage, and
is filled with chaos, and periodic panics.
Due to lack of any methodology, heroic         5.5 Level 5 – Optimized
effort is required by individuals, to
successfully complete projects. No             At level 5 of the CMM model, the focus
software process is in place, and even if      is on continuous process improvement.
the organization meets with success in a       The             impact of new processes,
project, successes may not be repeatable       and technologies, can be predicted, and
in other projects. [1]                         effectively implemented when required.
                                               Moreover, as and when required, the
                                               software development methodology
5.2 Level 2 – Repeatable                       that’s practiced is optimized to suit the
                                               changing needs. [1]
Level 2 in the CMM model means that,
some software development process is in               Organizations which comply
place, and is being followed. Software         with the CMM process (Level 3 and
project       tracking,       requirements     higher); will surely produce quality
management,                        realistic   software,       when       compared       to
planning, and configuration management         organizations at lower levels of the
are part of the process in place. The          model.      Software       developed     by
success achieved by the organization in a      organizations, that have attained level 3,
project is repeatable in other projects. [1]   or higher, is less likely to be error prone.
                                               Despite its advantages, CMM also has
                                               some disadvantages.
5.3 Level 3 – Defined
                                                      CMM describes what an
Level 3 in the model signifies that            organization should have, does not say
standard software development, and             how to get there. Also, a clearly defined
maintenance processes are integrated           process is not equal to a good process.
throughout an organization. It also            For a discussion on the drawbacks of
means that, a Software Engineering             CMM refer [12].
Process Group is in place, to oversee
software processes, and training                       CMM      is   not    the   only
programs        are used    to    ensure       methodology, that’s in place to improve
understanding, and compliance. Any             the software development process. There
organization that does contracts for the       are also other approaches suggested by
US Department of defense, must reach           IEEE, ANSI and the ISO [1]. But the
this level. [1]                                CMM model is the most popular, and is
an industry standard, with wide spread     5. Carnegie Mellon Software
use and acceptance.                        Engineering Institute (Source:

6 Conclusion                               6. Resources for Busy Testers (Source:
Software development is complex, and is
error prone. Many problems that are        7. Software Testing Hotlist (Source:
faced during software development can
be tackled, by adopting a good software
development      process.   From     our   8. Storm (Source:
discussion, it’s apparent that good
processes are essential. The software
industry is still learning, about good     9. Internet/Software Quality Hotlist
processes for software development.        (Source:
CMM was developed, to assess, and to
give organizations, a framework to
improve. Despite some flaws, CMM is a      10. The Software Crisis (Source:
significant contribution to the software
industry. The second version of CMM        /1999/july99 /crisis.htm)
(CMMv2) is currently in progress at the
Software Engineering Institute at the      11. Software Testing and Quality
Carnegie Mellon University.                Assurance (Source:
7 References:                              12. CMM information (source:
1. Rick Hower’s “Software QA and           uet /teaching/342/CMM.ppt)
Testing Resource Center” (Source:

2. Any software code will have bugs-
Microsoft (Source:

3. Biting Back (Source:

4. Finding Your Sweet Spot (Source:
etopics/ software/story/0,