A summary of the key results of the Quamoco project that enabled an integrated software quality assessment from high-level quality attributes down to concrete measures.
Risk assessment for computer system validationBangaluru
A risk assessment is a process to identify potential hazards and analyze what could happen if a hazard occurs.
Computer system validation (sometimes called computer validation or CSV) is the process of documenting that a computer system meets a set of defined system requirements.
Computer System Validation - The Validation Master PlanWolfgang Kuchinke
Computer System Validation (CSV) is the process used to ensure and document that a computerbased system is operating according to predefined requirements. CSV is necessary when replacing paper records, like
Case Report Forms for clinical trials, with an electronic system within the highly regulated data zone that impacts public health and safety. Necessary validation documents are for example the Standard Operating Procedures (SOPs), which outline how the computer system should be used. Here, we describe in detail the System Validation Master Plan, the most important document in Computer System Validation. In contains topics, like: Validation Policy, Definition of Validation, Rules and Regulations in CSV, Legal basis, FDA 21 CFR Part 11, FDA Guidance for industry, ICH Guideline GCP, Annex 11 EU-GMP, Validation Philosophy, Organisation validation document, Audit Reports, Organisation guidelines, Organisation quality management handbook, etc.
The steps of the Validation Life Cycle are: 1. System Specification, 2. System Classification, 3. Validation Planning, 4. Establishing of the validated state, 5. Maintaining the validated state, 6. System Retirement.
Chuck Blair, Regional Automotive Program Manager, and Mike Brannock, Automotive SBU Director, go through the highlights of the changes from TS 16949 to IATF 16949.
Risk assessment for computer system validationBangaluru
A risk assessment is a process to identify potential hazards and analyze what could happen if a hazard occurs.
Computer system validation (sometimes called computer validation or CSV) is the process of documenting that a computer system meets a set of defined system requirements.
Computer System Validation - The Validation Master PlanWolfgang Kuchinke
Computer System Validation (CSV) is the process used to ensure and document that a computerbased system is operating according to predefined requirements. CSV is necessary when replacing paper records, like
Case Report Forms for clinical trials, with an electronic system within the highly regulated data zone that impacts public health and safety. Necessary validation documents are for example the Standard Operating Procedures (SOPs), which outline how the computer system should be used. Here, we describe in detail the System Validation Master Plan, the most important document in Computer System Validation. In contains topics, like: Validation Policy, Definition of Validation, Rules and Regulations in CSV, Legal basis, FDA 21 CFR Part 11, FDA Guidance for industry, ICH Guideline GCP, Annex 11 EU-GMP, Validation Philosophy, Organisation validation document, Audit Reports, Organisation guidelines, Organisation quality management handbook, etc.
The steps of the Validation Life Cycle are: 1. System Specification, 2. System Classification, 3. Validation Planning, 4. Establishing of the validated state, 5. Maintaining the validated state, 6. System Retirement.
Chuck Blair, Regional Automotive Program Manager, and Mike Brannock, Automotive SBU Director, go through the highlights of the changes from TS 16949 to IATF 16949.
This is chapter 3 of ISTQB Advance Agile Technical Tester certification. This presentation helps aspirants understand and prepare the content of the certification.
This is chapter 1 of ISTQB Advance Test Manager certification. This presentation helps aspirants understand and prepare the content of the certification.
This is chapter 3 of ISTQB Advance Agile Technical Tester certification. This presentation helps aspirants understand and prepare the content of the certification.
This is chapter 1 of ISTQB Advance Test Manager certification. This presentation helps aspirants understand and prepare the content of the certification.
These are the slides for a second-year 2-hour lecture in the CS2010 "Group Project" module explaining software quality through the ISO 25010 standard and giving some basics of software testing. The talk illustrates software quality concepts through relevant videogames, in line with the "strategy game" theme chosen for this year's group coursework.
Slides used for presenting the paper "Quality Models for Web [2.0] Sites: a Methodological Approach and a Proposal, at Quality in Web Engineering 2011 Workshop, at ICWE 2011, June 2011, Paphos (Cyprus)
Evaluating and Improving Software UsabilityXBOSoft
Presented at Software Test Professionals, New Orleans 2012;
Today’s web-based applications (WebApps) containing complex business logic and which are sometimes critical to operating the business, now must have an increased focus on usability as well as the newer and broader term, user experience. Especially with SaaS based business models where users can switch applications at a heartbeat and pay by the month (or even a free trial), both usability and user experience become paramount as there is no up-front investment forcing a user to stay. The ISO 25010 standard describes a model for general usage in specifying and evaluating software quality requirements, one of which is usability, but there are no models or formal definitions for user experience, nor its relation to usability. For usability, ISO 25010 is intended as a general guideline to be adapted based on a specific context and lacks implementation specifics. UX, on the other hand, does not have any formal standard definition, although some models have been developed regarding its elements. Models and research have been used mostly for the purpose of understanding, rather than evaluating improvements. In this session, we draw relationships between usability and user experience and explore measurement and evaluation methods that can be used as the first step toward improvement.
This presentation is about non-functional requirements in application to architectural styles, like REST or microservices.
These requirements (which are informally called the "ilities") are fundamental for development of enterprise applications.
So, understanding of these requirements is important for development of software.
Also, it's important for improving communication between product owner and development team.
Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...PECB
Knowledge of the uncertainty of measurement of testing and calibration results is fundamentally important for laboratories, their clients and all institutions using these results for comparative purposes. Uncertainty of measurement is a very important metric of the quality of a result or a testing method.
Main points covered:
• To introduce the basic concepts related to measurement results and measurement uncertainty
• Explain the relevance of these concepts to chemical analysis data
• Introduce mathematical concepts, uncertainty sources and important approaches for estimation of measurement uncertainty
Presenter:
This webinar was presented by Dotun Bolade, who is an Analytical Chemist/Environmental Scientist by training and practice with years of experience in laboratory instrumentation and automation. For him, ISO management systems have become second nature having worked in environments where ISO 9001, 14001, 18001 and 17025 have been fully implemented. He is a Certified PECB ISO/IEC 17025 Lead Assessor.
Link of the recorded session published on YouTube: https://youtu.be/AOpFou7_FVI
Non-Functional Requirements are as important as Functional Requirements. Requirement that cannot be measured is not a requirement. NFR's are critical for successful software architecture development
Exigences de qualité des systèmes / logicielsPierre
Présentation visant les objectifs suivants:
- Objectifs généraux:
-- Réduire les pertes (reworks), la difficulté et le risque d’échec de nos projets TI
-- Améliorer la qualité de nos TI (systèmes / logiciels)
- Objectifs spécifiques:
-- Présenter les normes et exigences de qualité des systèmes / logiciels selon ISO/IEC
-- Améliorer nos exigences de qualité, pour l’atteinte des objectifs généraux ci-dessus mentionnés
Analyser la sécurité de son code source avec SonarSourceSébastien GIORIA
Présentation dans le cadre de l'Application Security Forum de Yverdon 2014.
La présentaiton indique comment se service de Sonar pour effectuer des analyses sécurité. Et présente aussi le projet OWASP SonarQube
Find out about the requirement for ISO 26262 unit testing for car item improvement. Our Functional Safety experts additionally share with you the unit testing techniques and suggestion table, as characterized by ISO 26262 standard.
https://www.embitel.com/blog/embedded-blog/iso-26262-compliant-unit-testing-strategies-achieving-functional-safety-in-automotive
The role of Software Quality Assurance (SQA) has transformed significantly in the context of modern software development life cycle, particularly with the rise of Agile and Scrum methodologies. SQA teams are now integrated into the development process from the beginning, working collaboratively with developers to identify and address quality issues. This agility is critical in ensuring high-quality software products that meet the needs of end-users.
DevOps practices have also played a significant role in the transformation of SQA. By integrating development and operations, DevOps enables SQA teams to work more closely with both teams and ensure that quality is maintained throughout the entire software development life cycle.
To ensure agility in SQA, teams can also implement test automation, continuous integration and delivery, and other DevOps practices. These strategies help to reduce the time and effort required to test software, while also improving accuracy and reliability.
In the future, emerging technologies such as artificial intelligence and machine learning will create new opportunities for innovation in SQA, and new challenges for SQA teams to overcome. However, by embracing agility and DevOps practices, SQA teams will be well-equipped to meet these challenges and continue to ensure the high-quality software products that users demand.
In summary, this presentation will cover the transformation of SQA in modern software development life cycle, with a particular focus on agility, Agile and Scrum methodologies, DevOps practices, and emerging technologies. Attendees will gain a clear understanding of the strategies and technologies that can be used to ensure high-quality software products in an increasingly fast-paced and complex development landscape.
Overview of the proposed Photovoltaic Solar Quality Management System standardGovind Ramu
The goal of this Technical Specification (standard) is to provide a guideline for manufacturers of PV modules to produce modules that, once the design has proven to meet the quality and reliability requirements, replicate such design in an industrial scale without compromising its consistency with the requirements. Expected timeline for release is June 2015.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
The Quamoco Quality Modelling and Assessment Approach
1. The Benchmark for Software Quality
www.uni-stuttgart.de
The Quamoco
Product Quality Modelling
and
Assessment Approach
Stefan Wagner
Institute of Software Technology
ICSE 2012
Zürich, Switzerland
8 June 2012
2. "Quality is a complex and multi-faceted concept...
it is also the source of great confusion."
–David A. Garvin
3. Software Quality Models
IEC 61508
Siemens Technical
Topic
CMMI Classification
COQUALMO ISO 15504 -
SPICE
ISO 9126
Maintainability Index
Musa basic SAP Q-Index
Visser et al.
Activity-Based
Musa-Okumoto Quality Models Littlewood-Verall
Bayesian
iDAVE Avizienis et al.
Marinescu & Boehm et al. MISRA
Ratiu
McCall & Dromey Common Criteria
Walters
NHPP ISO 15005
SAP Quality
Capgemini sd&m Standards SQUID
Software-Blutbild ISO 25000 ROSQ
Models
4. ISO 9126
Reliability
Functionality Performance
Quality
model
Maintainability Usability
Portability
5. Quality Models
in Practical Use
Percentages of answers, multiple answers possible
Company-specific 71
ISO 9126 28
Domain-specific 20
None 4
Wagner et al., 2010
6. „The -ilities are good
for management talk only.“
–Anonymous developer
Wagner et al., ESEM'09
7. ISO 9126
ISO 25010
Quality
attribute
Comment Clone
ratio coverage
Measure Cyclomatic
complexity
8. ISO 9126
ISO 25010
Quality
attribute
?
Comment Clone
ratio coverage
Measure Cyclomatic
complexity
9. Quality attribute
ISO 9126
ISO 25010
Measure
Comment Clone
ratio coverage
Cyclomatic
complexity
10. Quality attribute Multitude of models
ISO 9126
ISO 25010
Measure
Comment Clone
ratio coverage
Cyclomatic
complexity
11. Quality attribute Multitude of models
ISO 9126 Too abstract
ISO 25010
Measure
Comment Clone
ratio coverage
Cyclomatic
complexity
12. Quality attribute Multitude of models
ISO 9126 Too abstract
ISO 25010 Not operationalised
Measure
Comment Clone
ratio coverage
Cyclomatic
complexity
13. Quality attribute Multitude of models
ISO 9126 Too abstract
ISO 25010 Not operationalised
Not adaptable
Measure
Comment Clone
ratio coverage
Cyclomatic
complexity
14. Quality attribute Multitude of models
ISO 9126 Too abstract
ISO 25010 Not operationalised
Not adaptable
Unreproducible
assessments
Measure
Comment Clone
ratio coverage
Cyclomatic
complexity
15. Quality attribute Multitude of models
ISO 9126 Too abstract
ISO 25010 Not operationalised
Not adaptable
Unreproducible
assessments
Measure
Differing definitions
Comment Clone
ratio coverage
Cyclomatic
complexity
16. Quality attribute Multitude of models
ISO 9126 Too abstract
ISO 25010 Not operationalised
Not adaptable
Unreproducible
assessments
Measure
Differing definitions
Comment Clone
ratio coverage Unclear relationship
to quality goals
Cyclomatic
complexity
37. Calibration for Java
6000 compilable open source systems
Random selection
110 open source systems
38. Calibration for Java
6000 compilable open source systems
Random selection
110 open source systems
Measurement
39. Calibration for Java
6000 compilable open source systems
Random selection
110 open source systems
Measurement
Distributions for all measures
40. Calibration for Java
6000 compilable open source systems
Random selection
110 open source systems
Measurement
Distributions for all measures
Calculations and reviews
41. Calibration for Java
6000 compilable open source systems
Random selection
110 open source systems
Measurement
Distributions for all measures
Calculations and reviews
Evaluation functions
42. Interpretation with School Grades
10
Worst
6
Assessment
5
4
3
2
Best
1
0.80 0.82 0.84 0.86 0.88 0.90 0.92 0.94 0.96 0.98 1.00
Evaluation (Utility)
Fig. 7. Interpretation Model
48. Experiment with OSS Projects
Ranking Ranking
Model Experts
Good Checkstyle Checkstyle
Log4J RSSOwl Log4J
RSSOwl
TV-Browser TV-Browser
Bad
JabRef JabRef
49. Experiment with Industry System
Ranking Ranking
Model Expert
Good Subsystem D Subsystem D
Subsystem A Subsystem A
Subsystem C Subsystem B, E
Subsystem E Subsystem C
Bad Subsystem B
50. Visibility of Quality
Improvements
Grade
4.2
2.8
Investment in
quality improvement
1.4
0
1.9.0 2.0.0 2.0.1 2.0.2 2.1.0 2.2.1
Version
53. Drill-Downs
„Modeled relations are comprehensible
and reasonable.“
„It is good to get an overall view on the
quality of a software product.“
54. Drill-Downs
„Modeled relations are comprehensible
and reasonable.“
„It is good to get an overall view on the
quality of a software product.“
„It clarifies software metrics.“
55. Drill-Downs
„Modeled relations are comprehensible
and reasonable.“
„It is good to get an overall view on the
quality of a software product.“
„It clarifies software metrics.“
„It is the best that can be done
with static code analysis.“
64. The Benchmark for Software Quality
www.uni-stuttgart.de
The Quamoco
Product Quality Modelling
and
Assessment Approach
Stefan Wagner, Klaus Lochmann, Lars Heinemann, Michael
Kläs, Adam Trendowicz, Reinhold Plösch, Andreas Seidl,
Andreas Goeb and Jonathan Streit
65. Linear Utility Function
1.0
Measure M4
Linear decreasing
0.74
utility function
Utility
0.0
min = 0.0 M4 = 2.17E-06 max = 8.50E-6
Editor's Notes
I‘m delighted to present to you the results on quality modelling and assessment of our three year research project Quamoco.\nI‘ve always found quality an interesting concept because it determines so much about a system, but also it is very complex.\n
As David Garvin pointed out: Quality is complex and multifaceted and therefore it is also the source of great confusion“.\nSo what do computer scientists do to handle complexity? They abstract! Researchers have developed a variety of software quality models.\n\n
The range of quality models goes from collections of metrics over academic models, domain standards to company-specific models. But none of them has been able to get really broad acceptance. When we set out to work on quality assessments, we wanted to find a good basis. What do you do when there is no clear leader? You looked at the ISO standard, here 9126.\nISO 15005: Road vehicles - Ergonomic aspects of transport information and control systems - Dialogue management principles and compliance procedures\nNHPP: Non-homogeneous Poisson process (reliability growth models)\n
It breaks down quality into quality attributes such as reliability or maintainability – the „-ilities“. It then breaks them further down and gives some metrics to measure them.\nHow well is it doing in practice? We asked over a hundred practicioners.\n
And the result is not pretty good.\nOnly 28% of the respondents of our international survey said that they use ISO 9126. Only 28%. A bit more than a quarter.\nWhy is that so? We asked in detailed interviews about the reasons.\n
The developers told us taht there is a huge gap between the abstract quality attributes of ISO 9126 and the concrete implementation and assessment on the product. Operationalising the quality attributes is considered extremely difficult. Hence, they use some metrics.\nThe existing metrics are concrete but lack a clear connection to quality goals.\n
Hence, we have the abstract quality attributes of ISO 9126 or similarly the new standard 25010 as well as various measures.\n
And there is this gap that prevents quality attributes from being assessed and measures from clearly contributing to quality goals.\n
The Quamoco project has worked three years on providing – among other things – four results to help to overcome this problems.\n
The Quamoco project has worked three years on providing – among other things – four results to help to overcome this problems.\n
The Quamoco project has worked three years on providing – among other things – four results to help to overcome this problems.\n
The Quamoco project has worked three years on providing – among other things – four results to help to overcome this problems.\n
The Quamoco project has worked three years on providing – among other things – four results to help to overcome this problems.\n
The Quamoco project has worked three years on providing – among other things – four results to help to overcome this problems.\n
The Quamoco project has worked three years on providing – among other things – four results to help to overcome this problems.\n
\n
\n
Schließen der Lücke, durchgängie Zusammenhänge\n
Beispiel\n
The higher in this quality model, the more general the model should be. So on the top level, we have ISO 25010 quality attribute, which are almost applicable to all software products.\nThe product factors should be quite generally applicable but on the measure level, we are often specific for technologies or languages. To have general measures and to decouple them from technical implementations, we introduced instruments.\n
For example, we have a product factor „Uselessness of Methods“, which we measure, for example, with „Statically unused method“. This measure is applicable to different languages. Hence, we refine this with an instrument that uses Gendarme for C# and PMD for Java.\n
Base model describes qualities important for almost any kind of software\nAim is to use it as basis for more specific quality models and also to be able to apply it directly for very popular paradigms and technologies\nIt has a modular structure\nroot contains quality attributes and very general product factors, modules for object-oriented factors and operationalisation for Java and C#\nmostly static analysis tools and inspection\nprototypical development for C, C++ and GUI\n 284 Faktoren\n 524 Maße\n
\n
With that, we can do an actual assessment or evaluation of a software product.\nWe measure using the instruments and collect values for all the measures.\nNow, we need evaluations and aggregations for the product factors and quality attributes.\n
With that, we can do an actual assessment or evaluation of a software product.\nWe measure using the instruments and collect values for all the measures.\nNow, we need evaluations and aggregations for the product factors and quality attributes.\n
\n
\n
\n
From over a hundred systems, found typical distributions, eliminated outliers and analysed quartiles\nThe result of an evaluation function is a value between 0 and one.\n
From over a hundred systems, found typical distributions, eliminated outliers and analysed quartiles\nThe result of an evaluation function is a value between 0 and one.\n
From over a hundred systems, found typical distributions, eliminated outliers and analysed quartiles\nThe result of an evaluation function is a value between 0 and one.\n
From over a hundred systems, found typical distributions, eliminated outliers and analysed quartiles\nThe result of an evaluation function is a value between 0 and one.\n
From over a hundred systems, found typical distributions, eliminated outliers and analysed quartiles\nThe result of an evaluation function is a value between 0 and one.\n
From over a hundred systems, found typical distributions, eliminated outliers and analysed quartiles\nThe result of an evaluation function is a value between 0 and one.\n
The model was a dictation in school, if you have some errors you will get a bad grade\nHere: German school grades but you could plug in any interpretation wodel\n
\n
\n
\n
\n
\n
Eine solche Bewertung muss valide sein, um Entscheidungen darauf abzustützen. Haben wir eine gute Aussage über das System gemacht?\nHier haben wir unsere Bewertungen mit Expertenbewertungen verglichen.\nEs ergab sich fast exakt die gleiche Rangfolge. Wir waren in dieser Auflösung also bereits so gut wie Experten.\n
Hier für fünf Subsysteme eines kommerziellen Systems für den Maintainability-Teil.\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
And with that I want to close with a a thanks to all the Quamoco partners and supporters!\n