This document discusses software quality measurement and outlines an ecosystem and objectives for the Center for Information-Driven Quality (CISQ). The objectives are to:
1. Raise awareness of the challenge of IT software quality.
2. Develop standard, automatable measures and anti-patterns for evaluating software quality.
3. Promote global acceptance of quality standards in acquiring software.
4. Develop infrastructure like authorized assessors and conforming products.
Software Measurement: Lecture 1. Measures and MetricsProgrameter
Materials of the lecture on metrics and measures held by Programeter leadership during the Software Economics course at Tartu University: courses.cs.ut.ee/2010/se
Software Measurement: Lecture 3. Metrics in OrganizationProgrameter
Materials of the lecture on metrics and measures held by Programeter CEO Mark Kofman during the Software Economics course at Tartu University: courses.cs.ut.ee/2010/se
This presentation provides a brief overview about object-oriented metrics such as LOC, NOC, LCOM, CBO, CC, and WMC. A few practical issues are discussed in the presentation such as metric threshold and tools. It also discusses "Abstractness and Instability" diagram.
Measure, Metrics, Indicators, Metrics of Process Improvement, Statistical Software Process Improvement, Metrics of Project Management, Metrics of the Software Product, 12 Steps to Useful Software Metrics
Software Measurement: Lecture 1. Measures and MetricsProgrameter
Materials of the lecture on metrics and measures held by Programeter leadership during the Software Economics course at Tartu University: courses.cs.ut.ee/2010/se
Software Measurement: Lecture 3. Metrics in OrganizationProgrameter
Materials of the lecture on metrics and measures held by Programeter CEO Mark Kofman during the Software Economics course at Tartu University: courses.cs.ut.ee/2010/se
This presentation provides a brief overview about object-oriented metrics such as LOC, NOC, LCOM, CBO, CC, and WMC. A few practical issues are discussed in the presentation such as metric threshold and tools. It also discusses "Abstractness and Instability" diagram.
Measure, Metrics, Indicators, Metrics of Process Improvement, Statistical Software Process Improvement, Metrics of Project Management, Metrics of the Software Product, 12 Steps to Useful Software Metrics
This presentation describes:
- What is software size?
- How to Measure Software size?
- Techniques and parameters in Software Size estimation
- Where and how to apply the techniques?
[2017/2018] Introduction to Software ArchitectureIvano Malavolta
This presentation is about a lecture I gave within the "Software systems and services" immigration course at the Gran Sasso Science Institute, L'Aquila (Italy): http://cs.gssi.infn.it/.
http://www.ivanomalavolta.com
Defect Prediction Over Software Life Cycle in Automotive DomainRAKESH RANA
Defect Prediction Over Software Life Cycle in Automotive Domain
Presented at:
9th International Joint Conference on Software Technologies (ICSOFT-EA), Vienna, Austria
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
Software Defect Prediction Techniques in the Automotive Domain: Evaluation, S...RAKESH RANA
Software Defect Prediction Techniques in the Automotive Domain: Evaluation, Selection and Adoption
PhD Defense, Göteborg, Sweden
Feb, 2015
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
Embedded software validation best practices with NI and RQMPaul Urban
Embedded control software is growing exponentially in mechanical systems, which forces test methods to evolve even faster. This presentation was part of the Rational Quality Manager enlightenment series describing how National Instruments and IBM provide end-to-end traceability and test component reuse for superior system quality and validation by enabling consistent testing, results analysis, and traceability throughout the development process.
Using Doors® And Taug2® To Support A Simplifiedcbb010
In order to become a market leader, it is imperative that all stakeholders (customers, financial sponsors, developers and testers) be aware of the customer’s needs as captured in the requirements of the products and/or services that are to be produced. This is especially so within both large and small globally distributed companies since the product development organizations often are separated by geography, time and communications. An efficient way to eliminate these potential issues is to develop a common and intuitive requirements management process, which can be deployed across the product development lifecycle. The object of developing a Common Simplified Requirements Management Process is to improve customer satisfaction, eliminate escaping defects and reduce the cost of the development lifecycle. This paper describes the problems of using localised procedures and how these problems can be eliminated by implementing a common requirements management process that is intuitive, scalable and deployed across the System Development Lifecycle. This process has been supported by the industry leading DOORS tool and more recently by the TauG2 tool. An auxiliary benefit of deploying this process is that the process was developed in compliance with standardized methods of documenting and tracing requirements as expected by TL9000 and CMM/CMMI. The net benefits of this simplified requirements process include: increased customer satisfaction due to systems being developed in accordance with the customer’s needs as captured in the requirements, compliance with industry acknowledged process standards and improved cost of quality by eliminating duplication of process maintenance since a common process has been deployed across the development organization.
This presentation describes:
- What is software size?
- How to Measure Software size?
- Techniques and parameters in Software Size estimation
- Where and how to apply the techniques?
[2017/2018] Introduction to Software ArchitectureIvano Malavolta
This presentation is about a lecture I gave within the "Software systems and services" immigration course at the Gran Sasso Science Institute, L'Aquila (Italy): http://cs.gssi.infn.it/.
http://www.ivanomalavolta.com
Defect Prediction Over Software Life Cycle in Automotive DomainRAKESH RANA
Defect Prediction Over Software Life Cycle in Automotive Domain
Presented at:
9th International Joint Conference on Software Technologies (ICSOFT-EA), Vienna, Austria
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
Software Defect Prediction Techniques in the Automotive Domain: Evaluation, S...RAKESH RANA
Software Defect Prediction Techniques in the Automotive Domain: Evaluation, Selection and Adoption
PhD Defense, Göteborg, Sweden
Feb, 2015
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
Embedded software validation best practices with NI and RQMPaul Urban
Embedded control software is growing exponentially in mechanical systems, which forces test methods to evolve even faster. This presentation was part of the Rational Quality Manager enlightenment series describing how National Instruments and IBM provide end-to-end traceability and test component reuse for superior system quality and validation by enabling consistent testing, results analysis, and traceability throughout the development process.
Using Doors® And Taug2® To Support A Simplifiedcbb010
In order to become a market leader, it is imperative that all stakeholders (customers, financial sponsors, developers and testers) be aware of the customer’s needs as captured in the requirements of the products and/or services that are to be produced. This is especially so within both large and small globally distributed companies since the product development organizations often are separated by geography, time and communications. An efficient way to eliminate these potential issues is to develop a common and intuitive requirements management process, which can be deployed across the product development lifecycle. The object of developing a Common Simplified Requirements Management Process is to improve customer satisfaction, eliminate escaping defects and reduce the cost of the development lifecycle. This paper describes the problems of using localised procedures and how these problems can be eliminated by implementing a common requirements management process that is intuitive, scalable and deployed across the System Development Lifecycle. This process has been supported by the industry leading DOORS tool and more recently by the TauG2 tool. An auxiliary benefit of deploying this process is that the process was developed in compliance with standardized methods of documenting and tracing requirements as expected by TL9000 and CMM/CMMI. The net benefits of this simplified requirements process include: increased customer satisfaction due to systems being developed in accordance with the customer’s needs as captured in the requirements, compliance with industry acknowledged process standards and improved cost of quality by eliminating duplication of process maintenance since a common process has been deployed across the development organization.
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...VMworld
VMworld Europe 2013
Enrico Boverino, VMware
Rodolfo Rotondo, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Quality Management and Quality StandardMurageppa-QA
In this Quality Assurance Training session, you will learn about Quality Standard. Topic covered in this session are:
• Quality Standard
• SEI-CMMI
• The CMM is organized into five maturity level
• IEEE
• Assignment 3
For more information, about this quality assurance training, visit this link: https://www.mindsmapped.com/courses/quality-assurance/software-testing-training-with-hands-on-project-on-e-commerce-application/
Automating your EdI Testing in Healthcare | QualiTest GroupQualitest
QualiTest hosts a webinar: Automating your EDI Testing in Healthcare
QualiTest gives an overview of automating your EDI testing. Exploring a case study with MultiPlan and QualiTest, we'll reveal how we solved the challenges associated with implementation, maximizing the benefits of test automation and more!
Hosted by:
Alex Riordan - Test Specialist at QualiTest
Nadia Othman - Manager of SQA at MultiPlan
Hosted on: October 28th, 2015
QualiTest is the world’s second largest pure play software testing and QA company. Testing and QA is all that we do! visit us at: www.QualiTestGroup.com
When created early in the product development lifecycle, a trace matrix can do more than just help you gain FDA approval for your device. Unfortunately, many companies create the matrix sporadically during a project, mainly right before regulatory submission—too late to capture the benefits a well-maintained matrix can deliver.
During this recorded webinar, guest speaker Steve Rakitin, President of Software Quality Consulting, discussed five of the benefits gained by maintaining a matrix throughout the project. A software engineer with more than 20 years of experience in the medical device industry, Steve explains how a trace matrix can help you:
- Plan and estimate testing and validation needs
- Ensure all requirements are implemented
- Verify that all requirements have been tested
- Manage change throughout product development
- Provide evidence that hazard mitigations are implemented and validated
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixSeapine Software
When created early in the product development lifecycle, a trace matrix can do more than just help you gain FDA approval for your device. Unfortunately, many companies create the matrix sporadically during a project, mainly right before regulatory submission—too late to capture the benefits a well-maintained matrix can deliver.
During this recorded webinar, guest speaker Steve Rakitin, President of Software Quality Consulting, discussed five of the benefits gained by maintaining a matrix throughout the project. A software engineer with more than 20 years of experience in the medical device industry, Steve explains how a trace matrix can help you:
- Plan and estimate testing and validation needs
- Ensure all requirements are implemented
- Verify that all requirements have been tested
- Manage change throughout product development
- Provide evidence that hazard mitigations are implemented and validated
Continuous Integration and Continuous Delivery on AzureCitiusTech
Healthcare organizations are increasingly turning to cloud computing to address business and patient needs of their rapidly evolving environment and modernize legacy applications. With Azure DevOps, healthcare IT teams can drive innovation, build new products and modernize their application environment.
Mindtree leverages its performance engineering services to develop software products and applications that perform optimally in normal as well as extreme load conditions. This reduces the number of failures related to performance and availability. We offer performance engineering services across a wide range of verticals and applications based on client server, Web technologies, Web services and ERP.
La plataforma Azure está compuesta por más de 200 productos y servicios en la nube diseñados para ayudarle a dar vida a nuevas soluciones que permitan resolver las dificultades actuales y crear el futuro. Cree, ejecute y administre aplicaciones en varias nubes, en el entorno local y en el perímetro, con las herramientas y los marcos que prefiera.
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data CenterAtlassian
How do you coordinate the work of thousands of users, balance the need for teams to innovate, optimize performance, and comply with reporting standards and industry regulations?
At Johnson & Johnson we were faced with such a challenge. With 15 Atlassian application instances and tens of thousands of users, we needed to find a viable way to manage applications and our users efficiently. Come hear about our journey—the challenges, best practices, lessons learned, and ROI during one of the largest data transformation migrations we've ever embarked on.
Similar to CISQ and Software Quality Measurement - Software Assurance Forum (March 2010) (20)
Dr. Bill Curtis SVP & Chief Scientist, CAST Director, Consortium for IT Software Quality, reveals the topic "Standardize Software Quality and Productivity Measurement"
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
3. OBJECTIVESOBJECTIVES
Raise international awareness of the critical
challenge of IT software quality1
Develop standard, automatable measures and
anti-patterns for evaluating IT software quality2
Promote global acceptance of the standard in
acquiring IT software and services3
Develop an infrastructure of authorized
assessors and products using the standard4
6. STANDARDSSTANDARDS
INFRASTRUCTUREINFRASTRUCTURE
Architecture Modernization
Platform Task Force
OMG
Software Assurance
Platform Task Force
IT Application
Software Quality
Standard
ISO 9126
series
ISO 25000
series
Defined metrics
Weaknesses &
anti-patterns
Common
Vulnerability
Scoring
System
Common
Weakness
Enumeratio
n
Structured Metrics
Meta-model
Knowledge
Discovery Meta-
model
Abstract Syntax
Tree Meta-model
6
7. Develop a definition for
automating Function Points
Size
Measure elements affecting
maintenance cost, effort, & time
Maintainability
Measure elements affecting
availability and responsiveness
Reliability &
Performance
Measure elements affecting
vulnerability to attack and loss
Security
Define methods for using code
measures internally and externally
Best Practices
for Metrics
Use
Technical Working Groups
8. CERTIFICATIONS
Purpose Options
Developers
Certify that developers
understand how to
develop software
possessing desirable
quality attributes
OMG offers
certifications for
developers on many of
their existing
standards
Appraisers
Certify that appraisers
are capable of using the
standards effectively in
providing professional
diagnostic services
SEI has developed
licensing services for
appraisers in areas
such as CMMI
Tools
Certify that tools which
implement the defined
measures and anti-
patterns provide
accurate results
Proven difficult in the
past, but options will
be explored
9. BusinessBusiness
LogicLogic
TierTier
Software Quality is Contextual
Application Logic
Java, C++, …
Frameworks Struts MVC, Spring
DataData
TierTier
Presenta-Presenta-
tion Tiertion Tier
Web / Client Server Applications
ASP/JSP/VB/.NET
DatabasesDatabasesFilesFiles
Legacy Applications
COBOLCOBOL
CICS Monitor (Cobol)
Tuxedo Monitor (C)
Web
Services
CICS
Connector
Middleware
Batch
Shell Scripts
Database
Data Management Layer
EJB – Hibernate - Ibatis
Enterprise Applications
Drivers of business disruption risk and cost thrive at the interfaceDrivers of business disruption risk and cost thrive at the interface
between technologies, beyond siloed skill sets and expertisebetween technologies, beyond siloed skill sets and expertise
10. J2EE
Technologies
.NET
Technologies
Legacy /
Mainframe
Database
(SQL,
PL/SQL..)
Packaged
(Oracle, SAP,
SIEBEL..)
28 native +
universal
analyzer
Static Analysis
Layer
Reconciliation
Layer
Application Structure Meta-Model
Architecture
Checker
Complexity
Calculators
Inference
Engine
Risk
Identification
Function Point
Calculator
Quantification
Layer
Application
Intelligence
Layer
Business
Impact
Layer
Productivity
Measurement
Vendor Quality
Gate
Compliance
Analysis
Health Factors Cost DriversRisk Drivers
Risk &
Security
Analysis
Quality
Benchmarking
Third Party
Solutions
Rules From Industry
Research (700+)
Rules from CAST
Research (200+)
Custom Rules
Engine
Work Effort
Estimation
Quality Quantity
Application Analysis Engine
Best Practices
Monitor
Software Quality is Structural
11. Software Quality: From Symptom to Cause
TESTQUALITYEVAL
QUALITYQUALITY
SYMPTOMSSYMPTOMS
QUALITYQUALITY
CHARACTERISTICSCHARACTERISTICS
poor response timedegraded performance
program structureprogram structure
complexitycomplexity
coding practicescoding practices
couplingcoupling testabilitytestability
maintainabilitymaintainability
understandabilityunderstandability
flexibilityflexibility
reusabilityreusability
defects outages
architecturearchitecture
cohesioncohesion
securitysecurity
robustnessrobustness interoperabilityinteroperability
scalabilityscalability
overruns
excessive costs
Steve McConell (1993), Code Complete.
12. CAST Application Quality Metrics
Business Risk Exposure
Performance
Security
Robustness
Cost Efficiency
Transferability
Changeability
Maintainability (as defined
by the SEI)
Methodology Maturity
Architecture Compliance
Documentation Compliance
Standards Compliance
Application Size
Size in KLOC
Size in Back-Fired Function
Points
Size in CAST-Computed
Function Points
Application Complexity
Cyclomatic: Number of Objects
of Low, Medium, High, and Very
High Cyclomatic Complexity
CAST Complexity: Number of
Objects of Low, Medium, High,
and Very High CAST
Complexity
Structural Integrity
Number of Passed Checks
Number of Failed Checks
Number of Critical Violations
13. Reduced Development and Maintenance Costs
Actual Defects/BFP
CAST Violations/BFP
0
2
4
6
8
10
12
14
0
0.005
0.01
0.015
0.02
0.025
0.03
3.2 3.3 3.4 3.6
GCS Versions
CAST Violations vs. Actual QA Defects
ActualDefects/BFP
CASTViolations/BFP
Industry: Technology/Services
Application Analyzed: Global,
comprehensive tracking system
of requests from the first receipt
of the credit request to the final
approval of the request by the
appropriate parties.
Technologies: J2EE, DB2
CUSTOMER EXAMPLE
14. ~10x Reduction in Cost of Fixing Defects
Industry: Financial Services
Applications: 75 supported
application/functions run by
the Business Groups and
Batch Operations
Very complex technology
environment, grown over
last 15 years (J2EE, .NET,
COBOL, Oracle, DB2)
CUSTOMER EXAMPLE
15. AppMarQ Benchmark and Prioritization
Driver is at or exceeds Median of World-Class
Driver is between Median of Peer Group and
World-Class
Driver is below Peer Group Median
Other
Companies
Benchmark
customer
Robustness
Performance
Security
Risk Drivers
RiskDrivers
H
World-ClassWorld-Class
L
H
Cost Driver Scores
Transferability
Changeability
CAST Complexity
Cost Drivers
Cost & Risk Matrix
Maintenance Cost
Development Cost
Duration
Customer
Satisfaction
16. 2010 AND BEYOND2010 AND BEYOND
• CISQ will pursue member-driven objectives
– Determined by CISQ Executive Forum
– Consensus among CISQ members of problem to be addressed
• Early requests for additional objectives:
– Defect and failure-related definitions
– Business value measures related to application quality
– Productivity/Size measurement
• Use of Executive Forum for addressing industry
issues
– Outsourcing quality SLAs
– Benchmarking
– Regulatory compliance
16
Hello everyone! Good Afternoon. I’m Jitendra Subramanyam from CAST Software. I work closely with Bill and unfortunately, Bill couldn’t be here – he wrenched his shoulder and had to have some surgery. [He does send his regrets.] Bill is the Director of CISQ – the Consortium for IT Software Quality. In his absence, I’m going to give you an update on CISQ quality metrics and some examples of what those metrics might look like in the field. As you can tell, I’m not from Texas, and I’m not as loud as Bill, but I’ll do my best to convey the letter and the spirit of his message! [“Confidence As a Product” Confidence in measuring against a standard. Clearly defining *WHAT* to measure and specifying *HOW* to measure it. (Soley: Standards create a market and an ecosystem around that market) – Reliability (automation is the key to consistency). Confidence that you’re measuring things that matter – Validating the metrics: Verifiability Confidence that the standard is being applied properly – Certification]
CISQ is a global consortium of IT executives from private and public sector organizations, IT service providers, and technical experts coming together to define the metrics for measuring quality (the *WHAT*) and specifying *HOW* to measure them. These groups are brought together by the SEI and OMG. This brings us to the main objectives of CISQ.
CISQ has 4 main objectives. Objective 1: to raise awareness of software quality issues. Objective 2: Develop an automated standard for software quality. Automation is key because it increases repeatability, makes measurement cost effective, and enables benchmarking. Objective 3: To promote acceptance of the standard – Bill was instrumental in doing this for the CMM standard and he wants to take a similar approach here as well. (Involve all parties, make sure the standards are clear and applicable to how people do their work.) Objective 4: A system to assess and certify if services and products are up to the CISQ standard. Both SEI and OMG have a lot of experience doing this.
Any organization can become a member of CISQ and have their folks join CISQ technical groups and attend executive webinars and meetings. I’ll tell you about the technical groups in just a moment. So far, CISQ participants have come from corporations like FedEx, IBM, Morgan Stanley, McKesson; system integrators like Capgemini, Booz, TCS; govt agencies like DHS, HHS; and universities likes the Technical University Munich and the University of Memphis. You can also sign up for membership on the CISQ web site at www.it-cisq.org.
You’ve probably seen some version or the other of this widely-reproduced cartoon. One scientist is saying to the other, “I think you should be more explicit here in step two.” Indeed! To create a standard means to define it clearly and have a repeatable way to measure it. As you know, there’s already a considerable amount of “infrastructure” around a quality standard. CISQ is not trying to reinvent the wheel.
Let me describe the elements of what’s already out there. To the right are the two tangible outputs of CISQ -- A set of defined metrics, and a living repository of weaknesses and anti-patterns. To get there we piggy back on several elements that are already in place. OMG has two task forces that are suitable for CISQ: The Architecture Modernization Platform and the Software Assurance Platform Task Force. In addition, there are three OMG meta-models that provide guidance on how to write the definitions: The Structured Metrics Meta-Model, the Abstract Syntax Tree Meta-Model, and the Knowledge Discovery Meta-Model. As much as possible, we also plan on incorporating and staying consistent with existing standards – ISO 9126 and the newer ISO 25000 series, the Common Vulnerability Scoring System, and the Common Weakness Enumeration from MITRE. So we’re not building from scratch but standing on the shoulders of giants. CISQ will get the bulk of its work done through technical groups. And there are 5 of them.
CISQ work products will be created by these 5 Technical Working Groups: Size, Maintainability, Reliability & Performance, Security, and Metrics Best Practices. These five focus areas were decided during the two inaugural meetings for CISQ that took place late last year – one in Frankfurt, Germany and the other in Arlington, Virginia. Any organization can become a member of CISQ and have their folks join these technical groups. Bill is finalizing the 2010 calendar for Technical Group meetings and work products. He’ll have an update on the CISQ web site very shortly.
CISQ aims to create three types of certification – for developers, appraisers, and the tools themselves. For the developer and appraiser certifications CISQ will again leverage existing knowledge from OMG and SEI. Tools has proven difficult in the past, but we’re hoping to explore some options with SEI and OMG.
CAST Application Intelligence 08/07/13 In addition to defining quality metrics clearly, specifying how to automate their measurement, and certification, a quality standard like CISQ must specify how to aggregate quality measures from the component level up to the application level. Two facts about software quality make this non trivial. The first is that software quality is contextual. A module can be excellent in quality or highly dangerous depending on the context in which it operates. And context depends on interactions that cross component, interface, language, and technology boundaries [A module that does connection pooling can be just fine until you add a database around it that doesn’t like that specific way in which the connections are handled. That’s not the poor component’s problem, but that’s the contextual nature of quality. Calls to tables that look fine one day start to look terrible when those same tables have grown by 100x (or contain binary files like images).] So CISQ will take the entire application into account when defining and measuring quality and provide clear rules for aggregating from one layer to another. The second condition of quality that makes aggregation difficult is that software quality cannot simply work at the physical level – it must be aware of the logical structure of the application as well.
Software quality is structural. What do I mean by that? Think about how you would sum 1+2+3+ and so on +100. Now think about summing to 1 billion. The point is, the software we deal with has billions and billions of states. At best, performance tests cover only a tiny fraction of these states. To have any confidence in our software, we have to rise to the structural or meta-model level. It’s at the structural level that we get a better grip on these billions of states. So back to the addition problem. You can simply add the numbers by brute force. But the reliable way to do it is to take advantage of a structural pattern. In this instance, put the 100 aside. 1+99 is 100; 2+98 is 100. You get 49 of these – that’s 49 hundred. Add the remaining 50 and the 100 you set aside, you get 5050. You solve the problem at the structural level. It’s much more reliable to do it this way and you’re much more confident that you’ve got it right. At CAST we’re committed to full compatibility with the CISQ standard. Our metrics already take context and structure into account and we’ll continue to work closely with CISQ to ensure complete compatibility. To give you a concrete sense of existing software quality metrics, I’ll quickly cover the ones we use at CAST.
The metrics at the tip of the iceberg is what usually gets measured – defects, response time, outage duration. The submerged part – complexity, robustness, and maintainability, are the root causes of the problems that show up above the waterline. At CAST we make these root causes of outages – what’s below the waterline -- explicit. We make them measurable; and we automate their measurement.
At the highest level, these are the quality metrics we automate and make measureable. I’ll give you a moment to scan the slide. If you look at the bottom right, you’ll see the term “Critical Violations”. Critical violations occur when the software deviates from well accepted rules of software engineering. To put it simply – more critical violations, the lower the quality of the software. When critical violations are fixed, software performance, robustness, transferability – in other words, QUALITY -- will improve.
We’ve tested this out in the field. This is a large technology company’s internal global accounts system which tracks credit requests as they flow through the system. It is a large, important, and highly-visible corporate system. We measured the number of new violations introduced per back-fired function point. That’s the Y axis on the RIGHT. The Y axis on the LEFT shows production defects per back-fired function point as recorded in IBM’s defect tracking system. There’s a strong correlation between CAST quality metrics and actual production defects. So we’re not just making it up. The way we define and measure software quality tracks what goes on in the real world. Tracking CAST quality metrics has enabled the internal IT team at this company to reduce their development and M&E costs on the global credit management system. It’s something I’m sure their CFO appreciates!
A second example from the field. The Retirement Services arm of a large bank has been using CAST for 8 years. Performance is key to them because even minor business disruption can lead to large losses of revenue. When a problem is found, there’s a premium on fixing it quickly. Tracking quality enables them to find and fix problems more efficiently. In the period spanning Q4 of 2007 to Q2 of 2009, the cost of fixing a defect per 100 resource hours has dropped dramatically, almost by an order of magnitude. There may be some ups and downs, but the overwhelming trend is a significant drop in cost of defects – a clear sign of rising quality despite the very diverse technology environment in which they operate – a result of multiple acquisitions over the last 15 years. Quality and size trends are used in Agile development to check quality at the end of each sprint. They’re also setting objective, precise, actionable quality targets for their outsource providers. So different CAST customers, different technology landscapes, similar quality results.
Over the last 10 years, we’ve analyzed literally thousands of applications. We’re building the biggest software quality database in the world with quality data from these applications. The database is called AppMarQ – short for Application Quality Benchmark. We’ve started to use AppMarQ to generate benchmarking reports at the company level. Here’s an example from a retail company in the UK. A benchmark like this one can quickly highlight and prioritize areas for improvement. For example: * Test the 20% of modules that contribute to 80% of problems * Train developers to correct the 3 most common critical violations With quality benchmarks on the right and additional information like maintenance costs, development costs, and customer satisfaction on the left, we can begin to answer questions like – if I improve quality by 10%, how much will maintenance costs drop? How much quality is enough ? We’ve looked at some of the ways CAST quality metrics are used in the field. Let me wrap up by looking ahead.
CISQ is a member-driven organization. Members shape the particular metrics to focus on and their uses in the field. Of late we’ve had requests for additional objectives and topics for the executive forums.
[Watts Humphrey is a software metrics process pioneer and guru.] CISQ is the map. Measuring against these well-defined metrics tells you where you are. The CISQ standard gives us reliability, verifiability, and certification – greatly improving confidence in the software product. Let me stop there. Thank you for your attention.