Software Quality

Assurance
Uditha Landekumbura
Bsc. in Software Engineering
SCQF Level 7,8,9
EQF 5,6
Module Outline

1. Software Quality Concepts and Culture

2. Software Quality Standards
3. Software Quality Processes
4. Process and Product Assurance
5. Software Metrics
6. Process Metrics I
7. Process Metrics II
Software Quality Concepts and Culture
● Importance of software in everyday applications
● Overview of software quality concepts
WHAT IS SOFTWARE?
Software is a collection of instructions, data, or programs used to
operate computers and execute specific tasks. It contrasts with
hardware, which is the physical components of a computer system, such
as the processor, memory, and storage devices.

IEEE definition for “software” (IEEE, 1991)

Software is: Computer programs, procedures, and possibly associated
documentation and data pertaining to the operation of a computer
system.
Components of Software
01) Code/Programs: A set of instructions written by programmers in
various programming languages (e.g., Java, Python, C++) that tell a
computer how to perform tasks.
02) Data: Information processed or generated by programs, which can
be as simple as user input or as complex as databases.
03) Documentation: Instructions, guidelines, and notes that
accompany the software for users and developers, helping them
understand and use it effectively.
04) Procedures: to define the order and schedule in which the
programs are performed, the method employed, and the person
responsible for performing the activities that are necessary for
applying the software
Types of Software
01) System Software: This is the foundational software that manages and
controls the computer hardware so that application software can function.
Examples include operating systems (Windows, macOS, Linux), device drivers,
and utility programs.

02) Application Software: These are programs designed to perform specific

tasks for the user, such as word processors, web browsers, or games.

03) Embedded Software: This software is designed to operate within

machines or devices (like cars, medical equipment, and household
appliances) where the user may not directly interact with it but relies on its
functions.
Characteristics of Software

01) Intangible: Unlike hardware, software has no physical form. It exists

as code or digital entities that can be executed or used on devices.
02) Dynamic: Software can be updated, modified, or enhanced without
changing the underlying hardware, allowing for new features, bug fixes,
and performance improvements.
03) Reusable: Code can be reused across different programs and
projects, enabling efficient development processes and faster iterations.
Functions of Software

01) Processing Data: Software processes raw data into meaningful

information (e.g., turning raw sales data into sales reports).
02) Automation: Software allows tasks to be automated, such as sending
emails, running machines, or performing calculations.
03) User Interaction: Application software allows users to interact with
the system, perform tasks, and manipulate data through interfaces (e.g., a
word processor like Microsoft Word).
SOFTWARE ERRORS, FAULTS AND FAILURES
1. Software Errors:
An error refers to a human mistake made during the development or design process of
the software. It can happen during various stages, such as coding, designing, or even
defining requirements.
Cause: An error occurs because of incorrect assumptions, misunderstandings, or
mistakes made by developers, testers, or designers.
Example: A programmer miswrites a formula in the code, resulting in incorrect outputs.
Effect: Errors do not directly affect the functioning of the system until they manifest as
faults or failures. However, errors are the root cause of issues that can lead to faults.
Key Point: An error is a human action or decision that introduces a flaw into the software.
2. Software Faults (Bugs):
A fault (commonly known as a "bug") is the manifestation of an error in the software
code or design. It is a flaw or defect that exists in the system and can potentially
cause it to behave incorrectly.
Cause: A fault is introduced into the software when an error occurs. This may be a
defect in the code, algorithms, design, or requirements.
Example: The programmer’s miswritten formula (error) results in incorrect logic
within the code, creating a fault.
Effect: A fault might not always result in a failure. The software can have faults, but
they may not immediately affect the software's operation or user experience until
triggered by a specific condition.
Key Point: A fault is an incorrect state in the software caused by an error, and it can
remain dormant until triggered.
3. Software Failures:
A failure occurs when the software does not behave as expected, leading to a
deviation from the required output. It’s the visible consequence of a fault when the
system produces incorrect results or behaves abnormally.
Cause: A failure happens when a fault is executed or triggered during software
operation. A specific input or condition can activate the fault and cause the system
to malfunction.
Example: When a user tries to calculate using the faulty formula, the software
provides an incorrect result or crashes. This incorrect output is a failure.
Effect: Failures are typically observed by users or testers, as they cause the system
to malfunction, crash, or provide incorrect results, breaking the intended
functionality.
Key Point: A failure is a manifestation of a fault during software execution, where
the system behaves incorrectly or unexpectedly.
Error: A human mistake in the development process (e.g., coding, designing).

Fault: A defect or flaw in the code or design caused by an error. The fault may
remain latent until triggered.

Failure: The visible or functional consequence of a fault when the system does not
perform as expected during execution.

IEEE Definitions

Failure: External behavior is incorrect

Fault: Discrepancy in code that causes a failure.

Error: Human mistake that caused fault

CLASSIFICATION OF THE CAUSES OF SOFTWARE
ERRORS (Categories of Software Errors)
A. Requirement Errors
These errors occur during the requirements gathering phase when
developers misunderstand or incorrectly interpret user or business needs.
Example: Miscommunication leads to the omission of key functionalities
that the client wanted.
Consequence: The final product does not meet the user's expectations or
specifications.
Faulty definition of requirements
The faulty definition of requirements, usually prepared by the client, is one
of the main causes of software errors.

Client–developer communication failures

Misunderstandings resulting from defective client–developer
communication are additional causes for the errors that prevail in the
early stages of the development process.
B. Design Errors
These errors arise during the software design phase. They involve
incorrect or inefficient architecture, algorithms, or data structures.
Example: A poor system design that cannot scale properly as the user
base grows.
Consequence: Performance bottlenecks or system crashes under high
loads.
C. Coding Errors
These are mistakes made during the actual implementation or coding
phase. They are often due to syntax issues, logic flaws, or incorrect
implementation of algorithms.
Example: Using the wrong loop construct or incorrectly handling edge
cases in code.
Consequence: Bugs in the application that can lead to crashes, incorrect
outputs, or unintended behavior.
D. Testing Errors
These errors occur due to inadequate or incorrect testing, leading to
undetected bugs in the final product.
Example: Writing tests that fail to cover all edge cases or missing certain
scenarios during testing.
Consequence: Bugs go undetected and make it into production, causing
failures post-release.
E. Documentation Errors
Errors in documentation can mislead developers or users regarding how
the software should function or how to implement it.
Example: Incomplete API documentation that misguides developers using
the API, leading to integration errors.
Consequence: Developers build features incorrectly, leading to confusion
and rework.
F. Human Factors (Unclassified)
Some errors are due to non-technical human factors, such as
communication breakdowns, lack of experience, or poor project
management.
Example: Lack of collaboration between teams resulting in integration
issues.
Consequence: Delays in development or mismatched functionalities
between modules.
G. Procedure errors
Procedures direct the user with respect to the activities required at each
step of the process. They are of special importance in complex software
systems where the processing is conducted in several steps, each of
which may feed a variety of types of data and allow for examination of the
intermediate results.
SOFTWARE QUALITY
Software Quality refers to the degree to which a software product meets the
specified requirements and satisfies user needs while adhering to predefined
standards and best practices. It encompasses several dimensions that ensure
the software is functional, reliable, maintainable, efficient, and user-friendly.

Software quality – IEEE definition

Software quality is;
1. The degree to which a system, component, or process meets specified
requirements.
2. The degree to which a system, component, or process meets customer or
user needs or expectations.
Philip B. Crosby
“Quality means conformance to requirements” (Crosby, 1979).

Joseph M. Juran
“Quality consists of those product features which meet the needs of customers
and thereby provide product satisfaction. Quality consists of freedom from
deficiencies” (Juran, 1988)

Pressman’s definition
Key Aspects of Software Quality
Functionality:
This dimension assesses whether the software performs its intended functions correctly
and completely, meeting all specified requirements. It includes factors like suitability,
accuracy, interoperability, and compliance with standards.
Reliability:
Reliability measures the software's ability to perform its required functions under stated
conditions for a specified period. This includes factors like fault tolerance, recoverability,
and consistency of performance.
Usability:
Usability reflects how easy and user-friendly the software is. This includes aspects such as
the intuitiveness of the user interface, user satisfaction, and the learning curve required to
effectively use the software.
Efficiency:
Efficiency refers to how well the software utilizes system resources, including response
times, processing times, and resource consumption. It assesses how the software
performs in terms of speed and resource utilization.
Maintainability:
Maintainability denotes how easily the software can be modified, updated, or repaired. This
involves evaluating factors such as modularity, readability, and ease of diagnosing faults.
Portability:
Portability assesses the ease with which the software can be transferred from one
environment to another. This includes its ability to run on different platforms or with
different systems.
Security:
Security focuses on the software’s ability to protect data and maintain functionality despite
malicious attacks or accidental failures. This involves aspects like confidentiality, integrity,
availability, and authentication.
Testability:
Testability is the extent to which software can be tested to ensure its quality. It reflects how
easily the software can be subjected to tests for functionality, performance, and security.
Importance of Software Quality
User Satisfaction: High-quality software meets user expectations, leading to
increased satisfaction and trust.

Reduced Costs: Early detection and resolution of defects can reduce

maintenance costs and the costs associated with fixing issues
post-deployment.

Enhanced Reputation: Organizations that consistently deliver high-quality

software build a positive reputation, leading to greater customer loyalty and
business opportunities.

Compliance: Many industries have standards and regulations that require

certain levels of software quality to ensure safety and security.
Software Quality Assurance (SQA)
Software Quality Assurance (SQA) is a systematic process aimed at ensuring
that the software developed meets predefined quality standards and fulfills
the requirements of both users and stakeholders. It involves a set of planned
activities, procedures, and methodologies implemented throughout the
software development life cycle (SDLC) to monitor, assess, and improve
software quality.

SQA focuses not only on the product itself but also on the processes used to
develop and maintain it. Its primary goal is to prevent defects and ensure that
the software development process consistently produces high-quality
software.
Software Quality Assurance vs. Software Quality
Control
SQA Example:
An SQA team performs an audit of the software development process to
ensure that all steps are followed as per the defined methodology (e.g., Agile,
Waterfall). They might also recommend improvements to reduce the
likelihood of introducing defects in future releases.
SQC Example:
A quality control engineer performs testing on a software application before
it is released to production. The engineer identifies several bugs, reports
them to the development team, and ensures the issues are resolved before
release.
Software Quality Assurance (SQA):
SQA is a preventive process. It focuses on the overall software
development life cycle (SDLC) to ensure that all processes, methods, and
activities used in software development meet defined quality standards.
The goal is to prevent defects before they occur by optimizing and
improving the development process itself.
Software Quality Control (SQC):
SQC is a detective process. It involves identifying and fixing defects after
they have occurred, focusing specifically on the product. SQC verifies
whether the final software meets the specified requirements and quality
standards through testing and inspection activities.
Key Components of Software Quality Assurance
Process Definition and Improvement:
SQA involves defining, standardizing, and improving the processes used to create
software, ensuring they are followed correctly and optimized over time.
Standards Compliance:
SQA ensures that the software development process and the final product
comply with industry standards, regulations, and internal guidelines (e.g., ISO
9000, CMMI).
Testing and Validation:
Testing is a critical part of SQA. It includes verifying that the software behaves as
expected and validating that it meets user needs. This can involve various testing
techniques, such as unit testing, integration testing, system testing, and user
acceptance testing (UAT).
Documentation:

Proper documentation of the development process, quality procedures, and test results
is essential for tracking quality issues, changes, and improvements over time.

Quality Audits and Reviews:

Periodic audits and peer reviews are conducted to ensure compliance with defined
processes, identify issues early, and maintain accountability for quality at all levels of
development.

Metrics and Measurements:

SQA relies on software metrics (e.g., defect rates, code coverage, performance
metrics) to monitor and assess quality throughout the development process. These
metrics provide insights into the software's quality and the effectiveness of processes.
Objectives of Software Quality Assurance
Prevention of Defects:
SQA emphasizes preventing defects rather than just detecting and fixing them
later. By improving processes and implementing preventive measures, SQA
reduces the likelihood of errors and faults in the software.
Continuous Improvement:
SQA promotes continuous assessment and improvement of development
processes, ensuring that quality increases with each iteration of development.
Customer Satisfaction:
By ensuring the software meets user requirements and functions correctly, SQA
directly contributes to higher customer satisfaction and confidence in the
software product.
Cost Reduction:

Detecting and fixing defects early in the development process is more

cost-effective than addressing issues after deployment. SQA helps minimize the
cost of defects, which would otherwise escalate in later stages.

Risk Mitigation:

SQA helps identify and mitigate risks associated with software failures, reducing
the likelihood of financial loss, data breaches, or system outages.
 Aspect Software Quality Assurance (SQA) Software Quality Control (SQC)

Purpose Prevent defects Detect and fix defects

Focus Processes and methodologies Final product

Timing Throughout the SDLC After the product is built or coded

Objective Process improvement and defect Verification and validation of software

prevention

Activities Audits, process improvement, Testing, inspections, defect tracking

standardization

Role in Quality Proactive (prevention-focused) Reactive (detection-focused)

Scope Organization-wide and Product-specific and focused on output

process-based
Software Quality Assurance (SQA) and Software
Engineering
Software engineering is the technical discipline responsible for building
software systems that meet specified requirements. However, even
well-engineered software can have defects or issues if proper quality
controls and standards are not enforced. This is where SQA comes into
play.
Key Roles of SQA within Software Engineering

Process Standardization:
SQA ensures that software development processes within software engineering
adhere to standardized procedures, whether following Agile, Waterfall, or DevOps
methodologies. This guarantees consistency and reliability across development
projects.
Early Defect Prevention:
By embedding quality assurance activities throughout the software engineering
life cycle, SQA helps prevent defects from being introduced in the early stages of
development (e.g., requirements, design). This leads to fewer errors in coding and
testing stages.
Risk Management:

SQA helps identify potential risks early in the software development process by
enforcing thorough reviews, audits, and testing procedures. It ensures that
software engineers consider risks like security vulnerabilities, performance
bottlenecks, or integration issues before they escalate into critical failures.

Continuous Improvement:

SQA promotes continuous improvement of engineering practices through

feedback loops and lessons learned from testing, audits, and performance
metrics. Software engineers use this information to refine their processes, tools,
and techniques in future projects.
Key Benefits of Integrating SQA with Software
Engineering
Reduced Defects and Rework:

SQA helps software engineers avoid common mistakes, leading to fewer bugs in
the final product and reducing the need for rework.

Enhanced Software Performance:

By enforcing performance and efficiency standards early in the development

process, SQA helps engineers build faster, more responsive applications.
Higher Customer Satisfaction:

Ensuring that the software meets all requirements and quality benchmarks leads
to a product that users can trust and rely on, ultimately boosting customer
satisfaction.

Lower Development Costs:

Addressing defects early through SQA practices lowers the overall cost of fixing
issues during later stages of development, saving time and resources.
SQA Tools and Techniques in Software Engineering

Automated Testing Tools:

Tools like Selenium, JUnit, and TestNG help automate the testing process,
ensuring consistent and efficient validation of code.

Code Review Tools:

Platforms like GitHub, Gerrit, and Crucible facilitate peer code reviews, allowing
software engineers to detect and fix errors early.
Static Analysis Tools:

Tools like SonarQube and Checkmarx perform static code analysis to detect
potential defects, security vulnerabilities, and performance bottlenecks.

Performance Testing Tools:

Tools like JMeter and LoadRunner help test how well the software performs under
various workloads, ensuring that scalability and performance meet expectations.
Software Quality Standards
Software Quality Standards are internationally or organizationally recognized
guidelines, specifications, and best practices that define the required
characteristics and benchmarks for software quality. These standards ensure
that software products and development processes meet minimum quality
criteria related to functionality, reliability, performance, usability, and security.

The purpose of these standards is to provide a framework for consistent

quality assurance (QA) practices, helping organizations design, develop, and
maintain software that meets user requirements and adheres to industry
norms.
Examples of Software Quality Standards

● ISO/IEC 25010 (Software Quality Model)

● ISO/IEC 90003 (Software Engineering – Guidelines for Quality)
● Capability Maturity Model Integration (CMMI)
● IEEE Standards
● Six Sigma
Importance of Software Quality Standards

Improves Software Reliability: Standards ensure that software behaves

consistently and reliably under various conditions.
Enhances Security: Following security-related standards reduces vulnerabilities
and risks of breaches or attacks.
Fosters Continuous Improvement: Standards provide a basis for process
evaluation, allowing organizations to enhance their software quality over time.
Facilitates Communication: Common standards provide a universal language for
quality requirements, aiding communication between stakeholders, developers,
and QA teams.
ISO Standards
ISO Standards are internationally recognized frameworks developed by
the International Organization for Standardization (ISO) to ensure the
quality, safety, efficiency, and interoperability of products, services, and
systems across various industries, including software development. In the
context of software engineering, ISO standards provide structured
guidelines for achieving software quality and consistency.

ISO standards related to software ensure that processes, products, and

services meet global benchmarks for quality, ensuring consistency across
different teams, organizations, and countries.
ISO/IEC 9126 – Software Quality Model

This standard helps developers and organizations ensure that software meets
user needs and adheres to specific quality benchmarks.

The standard is organized into four parts:

1. Quality Model
2. External Metrics
3. Internal Metrics
4. Quality in Use Metrics
1. Quality Model

The core part of ISO/IEC 9126 is its Quality Model, which breaks down software
quality into six main characteristics, each of which has sub-characteristics. These
characteristics provide a structured way to evaluate software quality based on
functionality, reliability, usability, and more.
The Six Main Quality Characteristics

01) Functionality:

The ability of the software to provide functions that meet stated and implied
needs when used under specified conditions.

● Suitability: Does the software offer the appropriate functions?

● Accuracy: Does the software produce the correct or agreed-upon results?
● Interoperability: Can the software work with other systems or products?
● Security: How well does the software protect data from unauthorized access?
● Compliance: Does the software adhere to industry regulations and laws?
02) Reliability:
The ability of the software to perform its required functions under stated conditions for a
specified period of time.
Maturity: How frequently does the software fail?
Fault Tolerance: Can the software continue operating under unexpected conditions?
Recoverability: How easily can the software recover from a failure?

03) Usability: The effort required to learn, operate, and use the software effectively.
Understandability: How easily can users understand the software’s functionalities?
Learnability: How easy is it for users to learn to use the software?
Operability: Can users efficiently operate and control the software?
04) Efficiency:
The relationship between the performance of the software and the amount of resources used.
Time Behavior: How fast does the software respond and process requests?
Resource Utilization: How efficiently does the software use system resources?
05) Maintainability:
The ease with which the software can be modified to fix defects, improve performance, or adapt
to a changing environment.
Analyzability: How easily can issues be diagnosed?
Changeability: How easily can the software be modified?
Stability: How stable is the software after modifications?
Testability: How easily can the software be tested?
06) Portability:

The ease with which the software can be transferred from one environment to
another.

Adaptability: Can the software be adapted to different environments?

Installability: How easy is it to install the software?

Co-existence: Can the software coexist with other independent software?

Replaceability: Can the software be easily replaced by another product?

2. External Metrics
External metrics measure the behavior of the software from an external point of
view, typically through user feedback or system tests during operation. These
metrics focus on how well the software performs in real-world conditions.

3. Internal Metrics
Internal metrics assess the software’s quality from a developer’s perspective,
analyzing the code, architecture, and other internal components. These metrics
are often used to measure how maintainable and testable the software is
during the development process.
4. Quality in Use Metrics

These metrics measure the user experience when interacting with the software,
focusing on effectiveness, efficiency, satisfaction, and freedom from risk. This
category helps assess how well the software meets its intended purpose from the
end-user's perspective.
ISO/IEC 25010 – Systems and Software Quality Model
This standard defines a comprehensive model for software and system
product quality. It describes eight main characteristics that define quality:
● Functional suitability: How well the software performs its intended
functions.
● Performance efficiency: Response time, resource usage, and scalability.
● Compatibility: Ability to work in diverse environments or with other
systems.
● Usability: Ease of use and learnability for the user.
● Reliability: Stability and fault tolerance.
● Security: Protecting data and ensuring access control.
● Maintainability: How easily the software can be modified, fixed, or
improved.
● Portability: Ability to transfer the software across different platforms.
ISO/IEC 90003 – Software Engineering Guidelines for Quality

This standard provides guidelines for applying ISO 9001 to software development.
It offers a comprehensive framework for developing, managing, and maintaining
software with an emphasis on meeting customer and regulatory requirements.

● Ensures quality management principles are followed in software engineering.

● Encourages continuous process improvement.
ISO Certification

ISO Certification is a formal recognition granted to organizations that

demonstrate adherence to the standards developed by the International
Organization for Standardization (ISO). These certifications verify that an
organization's processes, products, or services meet specific quality, safety,
efficiency, or security benchmarks as defined by ISO standards.

ISO certification serves as evidence that an organization follows internationally

recognized best practices, which can enhance credibility, customer trust, and
compliance with regulatory requirements.
Steps to ISO Certification
1. Gap Analysis: Assess your current processes against the requirements of the
selected ISO standard.
2. Implement Necessary Changes: Develop or update processes, procedures, and
policies to meet the standard’s criteria.
3. Training: Ensure employees understand the ISO requirements and follow the updated
processes.
4. Internal Audits: Conduct internal audits to verify that processes comply with the
standard.
5. Corrective Actions: Address any non-conformities identified during internal audits.
6. Certification Audit: Engage a third-party certification body to audit and verify
compliance with the standard.
7. Receive Certification: Upon successful audit, the organization receives its ISO
certification.
8. Maintenance: Continuously improve processes and undergo periodic surveillance
audits to maintain certification.
Chapter 03 - Software Quality Processes
Software Quality Processes encompass all the activities, procedures, and
methodologies used to ensure that software products meet predefined quality
standards. These processes are designed to ensure that software functions
correctly, is reliable, and meets the expectations of users and stakeholders
while being delivered on time and within budget.

Software quality processes play a vital role in the Software Development Life
Cycle (SDLC) by integrating quality checks and balances at every stage of
development, from requirements gathering to maintenance.
Software Quality Management (SQM)

Software Quality Management (SQM) is the overarching framework that

defines how an organization will achieve and maintain software quality. It
includes the strategies, policies, and processes that ensure software meets
both functional and non-functional requirements.

SQM defines the principles, practices, and procedures required to ensure the
quality of the software throughout its life cycle. It integrates quality planning,
quality assurance, and quality control activities, focusing on continuous
improvement to meet customer satisfaction and compliance with standards.
SQM Comprises Four Subcategories
01) Quality Planning:

The process of identifying which quality standards are relevant to the project and
determining how to meet them.

Key Activities:

● Setting quality objectives for the software product.

● Defining roles and responsibilities related to quality.
● Selecting the tools and methods to ensure quality throughout the
development process.

Importance: Quality planning ensures that quality is considered early in the project,
preventing issues that may arise in later stages.
02) Quality Assurance (QA):

A proactive process focused on ensuring that the development processes are

being followed correctly to meet quality requirements.

Key Activities:

● Defining and enforcing standards and procedures for software development.

● Conducting process audits to check for adherence to established guidelines.

Importance: QA helps in preventing defects by ensuring the development process

is reliable and aligned with best practices.
The SQA plan identifies
● Documents,
● Standards,
● Practices, and
● Conventions governing the project and
● How these items are checked and monitored to ensure adequacy and compliance.
The SQA plan also identifies
● Measures;
● Statistical techniques;
● Procedures for problem reporting and corrective action;
● Resources such as tools,
● Techniques, and Methodologies
● Security for physical media;
● Training
● SQA reporting and documentation.
03) Quality Control (QC):
A reactive process that involves detecting defects or issues in the software
product by testing and reviewing it.
Key Activities:
● Conducting tests (unit, integration, system, and acceptance testing).
● Reviewing the software code, design, and documentation.
Importance: QC ensures that defects and deviations from requirements are
identified and corrected before software delivery, thus improving the final product
quality.
04) Quality Improvement:
The ongoing effort to improve the quality of the software and the processes used
to create it.
Key Activities:
● Conducting root cause analysis of defects.
● Implementing corrective and preventive actions.
● Updating processes based on lessons learned.
Importance: Continuous improvement leads to fewer defects, more efficient
processes, and better software quality over time.
Verification & Validation

● Verification is the process of evaluating work products

(documents, design, code, etc.) at different stages of development
to ensure that the software is being built correctly.

● Validation is the process of evaluating the final product to check

whether it meets the user’s needs and expectations.
 Verification Validation
Focus Processes and Final product and user needs
specifications
Goal Ensure the software is built Ensure the right software is
correctly built
When During development (static After development (dynamic
activities) activities)
Methods Reviews, inspections, Testing, user acceptance,
walkthroughs simulations
Outcome Conformance to design and Meeting user expectations
specifications and requirements
Reviews and Audits in SQA
Reviews
Reviews are a systematic examination of software artifacts (such as
requirements, design, code, or test plans) conducted to find and resolve problems
early. They are typically performed by a team of peers or experts and are aimed at
improving the quality of the product.
Types of Reviews:
01) Peer Review:
Involves colleagues reviewing each other's work. For example, developers review
each other’s code.
Purpose, To identify defects, improve product quality, and share knowledge among
team members.
02) Technical Review:
A formal examination of technical aspects, such as system architecture or
design, to ensure compliance with technical requirements.
Purpose: To evaluate and ensure technical soundness of the product.

03) Code Review:

A thorough examination of source code by developers to identify potential
bugs, improve performance, and maintain code quality.
Purpose: To ensure the code adheres to coding standards and best practices,
preventing defects from reaching production.
04) Design Review:
A review of the software's design, focusing on the structure and how well it
meets the requirements.
Purpose: To ensure that the design can effectively solve the problem and
meet performance and scalability requirements.
05) Management Review:
Focuses on the project’s progress, ensuring alignment with project goals,
schedules, and resource plans.
Purpose: To provide management with feedback on project status and
adherence to objectives.
Audits
Audits are an independent evaluation of software processes and products to
ensure compliance with standards, regulations, or contractual obligations. They
are typically performed by an external party or internal quality team to provide an
unbiased assessment.
Types of Audits:
01) Internal Audits:
Conducted by internal auditors or the quality assurance team within the
organization.
Purpose: To ensure the project follows internal procedures and policies, and that
the processes are effective and compliant with internal standards.
02) External Audits:
Conducted by an independent third-party auditor.
Purpose: To ensure that the software product and processes comply with external
standards (e.g., ISO, IEEE) or regulatory requirements.
03) Compliance Audits:
Ensure adherence to industry-specific regulations, such as ISO standards, GDPR, or
healthcare regulations like HIPAA.
Purpose: To validate that the organization complies with external laws, guidelines, or
standards.
04) Product Audits:
Focus on the final product to ensure it meets specifications and quality standards.
Purpose: To verify that the software product conforms to the intended design and
meets the needs of the end user.
Chapter 04 - Process and Product Assurance

Process Assurance and Product Assurance are critical components of

software quality management aimed at ensuring the development
process and the final product meet specified quality standards. These two
forms of assurance work to improve both the development process and
the final software product, ensuring high quality at every stage.
Process Assurance
Process Assurance focuses on evaluating and ensuring that the software
development processes are correctly implemented, efficient, and compliant
with established methodologies, standards, and best practices. It ensures that
the right procedures are followed to create the product.

Product Assurance
Product Assurance ensures that the end product, the software itself, meets
the required quality standards and specifications. This involves verifying that
the product functions as intended, is free from defects, and satisfies user
needs.
Methods and Supporting Technologies

01) Audit
An audit is a formal review of processes, products, or systems conducted to
verify adherence to standards, procedures, and regulations. It provides an
independent assessment of how well the development process is being
followed.

Process Assurance: Audits ensure that the software development processes

comply with predefined standards (e.g., ISO, CMMI). They evaluate process
efficiency, documentation, and compliance.
Product Assurance: Audits also assess whether the final product meets its
specifications and quality standards, ensuring that the product is delivered as per
customer expectations.

Key Types of Audits:

1. Internal Audit: Conducted by internal quality teams to check compliance with

organizational standards.
2. External Audit: Performed by third parties to ensure adherence to industry
standards like ISO.
3. Compliance Audit: Ensures that both the process and product follow external
regulatory requirements.
02) Embedded SQA Error Detection Methods

Embedded Software Quality Assurance (SQA) Error Detection Methods are

techniques integrated into the development process to detect defects early and
continuously. Formal Inspection, Reviews, Walkthroughs, Testing.

Process Assurance: These methods ensure that the development process

incorporates automated error detection tools, like static code analysis or
continuous integration (CI) systems, which verify the code without executing it.

Product Assurance: Embedded methods can also monitor the final product’s
behavior in real-time, detecting issues like memory leaks, performance
bottlenecks, or incorrect functionality during execution.
03) Assessment
Assessments evaluate both the process and product to ensure they meet
quality objectives. This involves analyzing the effectiveness of processes and
the quality of deliverables at key milestones.

Process Assurance: Assessments ensure that the development process is

capable of delivering the expected quality, by checking if the process steps
are correctly followed and if they are achieving the desired outcomes.

Product Assurance: Product assessments focus on evaluating whether the

product meets its functional, performance, and usability requirements. This
can involve user testing, system testing, or benchmarking.
Types of Assessments:

Process Maturity Assessment: Evaluates how well the organization’s

processes are defined, implemented, and optimized.

Product Quality Assessment: Measures whether the software product meets

the defined quality attributes (e.g., reliability, security, performance).
04) Analysis

Analysis involves systematically examining both the process and the product
to identify defects, weaknesses, or areas for improvement. It is used to
diagnose issues and refine the development process.

Process Assurance: Process analysis looks at metrics and data from the
development lifecycle to understand where bottlenecks or inefficiencies exist.
This helps improve future project workflows.

Product Assurance: Product analysis involves testing and reviewing the

software to find defects, evaluate performance, and ensure conformance with
requirements.
Common Analytical Techniques

Root Cause Analysis: Identifies the underlying causes of defects or process

inefficiencies.

Statistical Process Control (SPC): Uses metrics and statistical methods to monitor
and control the development process.

Failure Mode and Effect Analysis (FMEA): Analyzes potential failure points in the
product and assesses their impact on system performance.
Chapter 05 - Software Metrics
Software Metrics are quantitative measures used to assess various aspects of
software development and performance. They provide insight into the quality,
efficiency, and effectiveness of the software development process and the software
product itself.
Importance of Software Metrics
Quality Improvement: Metrics help identify areas of improvement in both the
software and the development process.
Performance Monitoring: They provide a way to track project progress and
performance over time.
Decision Making: Metrics offer objective data to guide decision-making regarding
resource allocation, timelines, and project scope.
Classification of Software Metrics
01) Product Metrics
Product Metrics measure attributes of the software product itself. They focus
on the software's functionality, complexity, performance, and reliability.
● Size Metrics: Measure the physical size of the software.
Example: Lines of Code (LOC), Function Points (FP).
● Complexity Metrics: Assess how difficult the software is to understand
and maintain.
Example: Cyclomatic Complexity (measures the control flow of the
program).
● Quality Metrics: Evaluate aspects like defects, maintainability, and
reliability.

Example: Defect Density (number of defects per thousand lines of code),

Mean Time to Failure (MTTF) (average time between failures).

● Performance Metrics: Measure how the software performs in real-world

conditions, focusing on speed, resource consumption, or response time.

Example: Response Time

02) Process Metrics

Process Metrics measure the efficiency and effectiveness of the software

development and maintenance process. They help in improving and optimizing
development workflows and team productivity.
● Effort Metrics: Track the resources used during the development process.
Example: Effort in Person-Hours (how much time is spent on each phase of
development).
● Defect Metrics: Monitor how defects are handled during the process.
Example: Defect Removal Efficiency (DRE) (percentage of defects removed
during development before release).
Time Metrics: Measure the time spent on various tasks within the development
cycle.

Example: Time to Fix Defects, Cycle Time (total time taken to develop a feature).

Productivity Metrics: Assess the output produced by the development team

relative to input.

Example: Code Production Rate (LOC or FP per developer-hour).

03) Project Metrics
Project Metrics focus on the overall management of a software project. They
combine product and process metrics to evaluate project health, progress, and risk.
● Cost Metrics: Measure the financial aspects of software development.
Example: Cost per Defect (how much it costs to find and fix a defect).
● Schedule Metrics: Track the project timeline and adherence to schedules.
Example: Schedule Variance (difference between planned and actual time for
completing tasks).
● Risk Metrics: Assess potential risks to the project's success.
Example: Risk Exposure (probability of risk occurrence multiplied by its impact).
● Internal metrics: Internal metrics are the metrics used for measuring
properties that are viewed to be of greater importance to a software
developer. For example, Lines of Code (LOC) measure.

● External metrics: External metrics are the metrics used for measuring
properties that are viewed to be of greater importance to the user, e.g.,
portability, reliability, functionality, usability, etc.

● Hybrid metrics: Hybrid metrics are the metrics that combine product, process,
and resource metrics. For example, cost per FP where FP stands for Function
Point Metric.
Advantage of Software Metrics

● Improved quality control

● Objective decision-making
● Performance tracking and improvement
● Risk management
● Enhanced productivity
● Better project estimation
● Accountability and transparency
● Continuous improvement
● Better resource allocation
● Increased customer satisfaction
Disadvantage of Software Metrics
● Overemphasis on Metrics: Focusing too much on metrics can lead to
neglecting other important aspects of software quality.
● Misinterpretation: Metrics can be misinterpreted or misused, leading to
incorrect conclusions and decisions.
● Cost and Time: Collecting and analyzing metrics can be time-consuming
and costly, diverting resources from development activities.
● Quality vs. Quantity: There may be a tendency to prioritize quantity (e.g.,
lines of code) over quality, which can negatively impact the software.
● Inflexibility: Rigid adherence to metrics may stifle creativity and
adaptability in the development process.
● False Sense of Security: Relying solely on metrics can give a false sense
of security, as they may not fully capture the software’s quality.
● Data Overload: Excessive metrics can lead to information overload,
making it difficult for teams to focus on the most critical aspects.
● Cultural Resistance: Team members may resist metrics if they perceive
them as tools for micromanagement or blame.
● Limited Scope: Some metrics may not capture the full picture of software
quality, leading to incomplete assessments.
● Short-term Focus: There can be a tendency to focus on immediate
metrics rather than long-term quality improvements.
THANK YOU !!