SPONSORS: In This Issue: Fourth Quarter 2007 ARTICLES & NEWS Chair Message: ICSQ - David Walker What’s the Latest Understanding of CMMI Performance Models? – Robert W. Stoddard Taking the Plunge: Implementing Session-Based Exploratory Testing Techniques on a High-Priority/Short-Turnaround Project Brenda S. Lee and James A. Reitzel from the 2007 International IQSP “Live” Webinar CSQE Conference on Software Quality (ICSQ) Refresher Course, $495pp Why Software Quality Assurance Practices Become Evil! - Gregory plus on-site or on-line self Pope study course at A Closer Look at the Pareto Principle for Software - Mechelle Gittens www.iqps.net and David Godwin from the Software Quality Professional (SQP) Journal Practical Statistical Process Control for Software Metrics - Diane Manlove and Stephen H. Kan from the Software Quality Professional (SQP) Journal Benefits of a Higher Quality Level of the Software Process: Two Organizations Compared - Daniel Galin and Motti Avrahami from the Software Quality Professional (SQP) Journal The Westfall Team provides A Methodology for Tracing the Requirements in the Object-Oriented Software Engineering, Software Design Process Using Quality Function Deployment Quality & Project article Xiaoqing (Frank) Liu, Yan Sun, Praveen Inuganti, Chandra Management consulting & Sekhar Veera, and Yuji Kyoya from the Software Quality Professional training, including ASQ (SQP) Journal CSQE Refresher training. CONFERENCES & WEBINARS Software Division Webinar Report – Introduction to ISO 27001 Information Security Management System – Robin L. Dudash Conference Report: Synopsis of 2007 FAA National Software Conference – Mike Kress ANNOUNCEMENTS Announcing the Publication of Fundamental Concepts for the Software Quality Engineer, Volume 2, Sue Carroll and Taz Daughtrey, Editors SQP Journal Articles – Sue Carroll ASQ Software Engineering Training Courses New – Division Product Page on Web Site Next Newsletter Deadline – 2/22/2008 COLUMNS GET CERTIFIED o Progress on the CSQE BOK Update – Kathy Harris o Winter 2007/2008 CSQE Quiz – Linda Westfall o Recruiting CSQE Volunteers – Kathi Harris AEROSPACE o Aerospace Corner: DO-178C Update – Gene Kelley STANDARDS o Standards Chair Report – Theresa Hunt FROM THE REGIONS Region 1 New England- Peter Schulz Region 4 Canada - Chris Fitz Gibbon Region 5 Mid Atlantic – Scott Ankrum Region 10 Michigan – Louise Tamres Region 13 Mid Central States – Gene Kelly Region 14 Southwest & Mexico – David Peercy ARTICLES & NEWS Chair Message: ICSQ - David Walker It was exciting to receive so much positive feedback from attendees at the International Conference on Software Quality in Denver in October. This was truly one of the best programs in terms of the technical program, networking, exhibitors, and just having fun. On the weekend before the conference, the Software Division Council held our quarterly meeting and a special strategic planning session. To summarize, we are very concerned with the circumstances our members face with their employers, clients, and the software intensive product industry in general. Too many of our members are telling us that their employers will not pay for conferences, training, or any travel to improve software quality skills and knowledge. Further, we are concerned at the focus on software validation testing, when we know that with software, it’s too late by then to ensure quality. We believe that there is a significant need to change the focus of our publications, materials, and discussion board support to provide members with more resources to sell the economic case for quality in their organizations. The Software Division already subscribes as a division to the ASQ’s Economic Case for Quality (ECQ) initiative. Going forward, we plan to strengthen our support for this initiative and provide our members with guidance in this area of focus. Software Quality Assurance professionals need to know how to sell quality principles and practices and provide data to support it. Please watch our web site for related updates: www.asq.org/software What’s the Latest Understanding of CMMI Performance Models? – Robert W. Stoddard For those in the process improvement world, the Software Engineering Institute’s Capability Maturity Model Integrated (CMMISM) remains a dominant force as a framework for evaluating and increasing the maturity of a software-intensive organization. Within the CMMI High Maturity Levels 4 and 5, a concept of a process performance model exists as the engine of high maturity. This article in intended to shed some light that will increase your insight and understanding of CMMI process performance models. Hopefully, it will also motivate your organization to consider building some to predict key performance outcomes. Read more… Taking the Plunge: Implementing Session-Based Exploratory Testing Techniques on a HighPriority/Short-Turnaround Project - Brenda S. Lee and James A. Reitzel Session-Based Exploratory Testing (SBET) is a widely used test methodology developed by James Bach and Jonathan Bach. SBET formalizes ad hoc testing by providing charters that describe areas of functionality to investigate and then allows pairs of testers to determine how to approach testing the functionality. This technique was used to test a web-based application developed by Sandia National Laboratories to provide inventory management capabilities for an external customer. The test team deviated from traditional exploratory testing by including the applicable requirements as part of the charter, as well as providing recommended test cases to execute during the session. As a result of these modifications, the test team was able to validate 41 requirements and execute over 200 test cases using 17 test charters during a 7-day test window. In addition, a high-level summary of the test results was provided for customer review only two days after the conclusion of system test. This paper reports on the specific modifications made during our use of SBET and evaluates its success. Read more… Why Software Quality Assurance Practices Become Evil! - Gregory Pope This paper explores the challenge of determining the best practices for software development and why the topic usually sparks a lively debate. The premise is that best practices are application specific and are not easily portable from one industry to another. He considers a case study of three different types of software developments and contrasts their differences. This article examines how to apply an alternative method to best practices, which is a common set of principles that are turned into appropriate best practices based on project risk. Read more… A Closer Look at the Pareto Principle for Software - Mechelle Gittens and David Godwin The first SQP article is “A Closer Look at the Pareto Principle for Software” by Mechelle Gittens and David Godwin. This article discusses evidence of the Pareto principle as it relates to the distribution of software defects in code. The authors look at evidence in both the context of the software test team and the software users. They also investigate two related principles. The first principle is that the distribution of defects in code relates to the distribution of complexity in code. The second hypothesis discusses how one defines complexity and whether that definition relates to the distribution of complexity in code. The authors present this work as an empirical study of three general hypotheses investigated for large production-level software. They show that the essence of the principle holds and precise percentages do not. Read more… Practical Statistical Process Control for Software Metrics - Diane Manlove and Stephen H. Kan from the Software Quality Professional (SQP) Journal The second SQP article: Software metrics are an essential tool for project and quality management, but when are metrics signaling to take action? How can one identify significant trends and process changes or deviations? How does one know if process shifts are statistically significant? Statistical limits help take the guesswork out of metrics analysis and empower project members to knowledgeably control development processes and achieve product quality objectives. In this article, some of the challenges of implementing SPC for software processes are discussed, several methods for addressing the problems unique to SPC use within software development are described, and practical examples of SPC implementation across the software development life cycle are explained. Other traditional quality tools, such as Pareto analysis, are used to augment metrics analysis. Read more… Benefits of a Higher Quality Level of the Software Process: Two Organizations Compared Daniel Galin and Motti Avrahami from the Software Quality Professional (SQP) Journal The third SQP article: Software quality assurance professionals believe that a higher quality level of software development process yields higher quality performance, and they seek quantitative evidence based on empirical findings. The few available resources that present quantitative findings use a methodology based on a comparison of “before-after” observations in the same organization. A limitation of this methodology is the long observation period, during which intervening factors may substantially affect the results. The authors’ study employed a methodology based on a comparison of observations in two organizations simultaneously (Alpha and Beta). Six quality performance metrics were employed: 1) error density, 2) productivity, 3) percentage of rework, 4) time required for an error correction, 5) percentage of recurrent repairs, and 6) error detection effectiveness. Read more… A Methodology for Tracing the Requirements in the Object-Oriented Software Design Process Using Quality Function Deployment - article Xiaoqing (Frank) Liu, Yan Sun, Praveen Inuganti, Chandra Sekhar Veera, and Yuji Kyoya from the Software Quality Professional (SQP) Journal The fourth SQP article: It has been widely acknowledged that software products should be developed based on customer requirements in order to achieve a high level of software quality and customer satisfaction. However, customer requirements, as well as the software artifacts at later stages of the software development life cycle, are not equally important. Tracing these differing customer requirements and their impacts through the software development life cycle is not a well-explored area. In this article, a framework is presented that uses quality function deployment (QFD) to trace customer requirements explicitly through various phases, such as requirements elicitation, analysis, and design in object-oriented software development, by assessing their impact on software artifacts of the next stages. Degrees of impact are clearly calculated and presented in QFD, and an objectoriented software design example is developed to illustrate and validate the framework. Read more… Back to top CONFERENCES & WEBINARS Software Division Webinar Report – Introduction to ISO 27001 Information Security Management System by John Weaver – Robin L. Dudash The fifth ASQ Software Division Webinar, “Introduction to ISO 27001 Information Security Management System” was conducted on Friday, October 19, from noon to 1pm, eastern standard time. John Weaver, an IRCA Certified Lead Auditor for ISO 27001 Information Security, presented a very formative discussion on the ‘who, what, when and why’ of ISO 27001, and even a brief how on getting your Information Security Management System (ISMS) third-party registered. The John’s presentation is available for downloaded from the ASQ Software Division website, http://www.asq.org/software/training-education/index.html. Read more… Conference Report: Synopsis of 2007 FAA National Software Conference – Mike Kress This year’s 2007 FAA National Software Conference covered over 50 papers outlining the advancement of processes, methodologies and regulations within the FAA for airborne software. In addition, complex electronic hardware, aeronautical data bases and software security are addressed. Such topics have not been addressed in any depth previously. The complete proceedings are on CD and are available from the author. This synopsis summarizes some of these papers deemed most relevant to the certification, configuration control and conformity processes for airborne software for commercial aircraft. Read more… Back to top ANNOUNCEMENTS Announcing the Publication of Fundamental Concepts for the Software Quality Engineer, Volume 2, Sue Carroll and Taz Daughtrey, Editors This volume provides selected articles gathered from the last five volumes of Software Quality Professional (SQP), a peer-reviewed quarterly publication applying quality principles to the development and use of software and software-based systems. This collection of articles provides you with insights from authors around the globe -- which is vital in today's global economy. As with SQP and this series' first volume, this book follows the categories of the ASQ Certified Software Quality Engineer Body of Knowledge. The articles are each related to one of the seven knowledge areas and provided in numbers proportional to the relative weights assigned to each category in the certification exam. Software engineers should use this book to broaden their knowledge in several important aspects of software quality. The field keeps growing and expanding to meet the changing needs of technology; the insights presented in this book can help you meet the challenge and begin your journey. To order this book visit http://www.asq.org/quality-press/display-item/index.html?item=H1313. SQP Journal Articles – Sue Carroll Software Quality Professional (SQP) Journal is an ASQ journal supported by the ASQ Software Division. In each quarterly issue there is an article that is available to non-subscribers. We’ll include the abstract and a pointer to that article in each quarterly Software Division newsletter. The fourth issue of the SQP each year has all articles available – that is the issue highlighted this month. So, there is a pointer to four articles instead of one! You can find this quarter’s articles in the articles and news section of this newsletter. If you would like to write an article for the journal – see the author guidelines. If you would like to volunteer to review articles or books, or write a letter to the editor contact Sue Carroll. ASQ Software Engineering Training Course ASQ announces the public offerings of its popular Software Engineering course. Students earn CEUs and ASQ RUs by attending these courses. Click on the ASQ website links below for more information or to register for these courses: Software Quality Engineering (SQE) o Atlanta, Georgia • May 19-23, 2008 Building Software Quality Skills o Software Functional Testing and Test Management o Houston, Texas • May 7-9, 2008 Cincinnati, Ohio • April 7-9, 2008 Software Requirements Engineering o Atlanta, Georgia • May 19-21, 2008 In addition to these public courses, ASQ can bring these and other Software Engineering, Software Quality and Software Project Management course on-site to your organization. For a complete course list … New – Division Product Page on Web Site The Software Division has created a new Division product page with items specifically tailored for Division members. Two new items are now available: International Conference on Software Quality (ICSQ 2007) CDs for $25.00 Software Division Pens for $4.00 You can visit this site at http://www.asq.org/software/products/index.html Next Newsletter Deadline – 3/20/2008 If you would like to submit an article, including shorter “tips and techniques” submissions, have information or events that you would like to see posted or anything else you would like to contribute to the Software Division Newsletter that you think might be of interest to our members, please send your submissions to Linda Westfall. Back to top COLUMNS - GET CERTIFIED Progress on the CSQE BOK Update – Kathy Harris Volunteers from the Software Division are making progress on the update to the CSQE Body of Knowledge (BOK). We held a successful Job Analysis workshop in Milwaukee in July 2007 where volunteers and I worked with ASQ’s consultant and our test developer to assemble the CSQE survey that many of you recently received. Thanks to Helene Babich, Dan Bernstein, Anita Kenworthy, Thomas Oglesby, N. Rhodes Gardner, Jim Turner and Greg Zimmerman for a great job at the workshop. And thanks also to all of you who took the time to reply to the survey invitation; we couldn’t do this update without the contributions from each of you! Our next step is to take the results of the survey and build the new BOK. Over the next six months, volunteers will be participating in workshops to craft the BOK and to create or update questions for the exam bank as needed. CSQE Practice Quiz – Linda Westfall Want to practice for the ASQ Certified Software Quality Engineer (CSQE) Exam or just test your knowledge of Software Quality Engineering? Try this practice quiz. Take the CSQE 4Q2007 Quiz… Recruiting CSQE Volunteers – Kathy Harris One good way to earn 2 RUs and have fun while doing it is to participate in an exam development workshop! If you’d like to get involved, please contact our CSQE liaison, Brenda Richardson, at Brenda_Richardson@bmc.com; she’ll be happy to provide you with more information. Back to top COLUMNS – AEROSPACE Aerospace Corner: DO-178C Update – Gene Kelly RTCA/DO-178B, “Software Considerations in Airborne Systems and Equipment Certification”, is the recognized means of compliance for airborne software by regulatory authorities in the US, Europe and other countries. However, DO-178B has been in existence since 1992, and the RTCA/EUROCAE SC205/WG71 working group has been working since 2005 on the next version, DO-178C. To summarize the objectives of SC-205/WG71, as described in the RTCA Terms of Reference, are: 1) To promote safe implementation of aeronautical software, 2) To provide clear and consistent ties with the systems and safety processes, 3) To address emerging software trends and technologies (such as tool qualification, formal methods, and object-oriented technology) 4) To implement an approach that can change with the technology. This group, with nearly 1300 members, conducts joint meetings at least twice each year, with subgroups addressing specific technologies that meet more frequently. The Sixth Joint Meeting of SC-205/WG71 was held at the Technical University of Vienna in Vienna, Austria from 10 to 14 September 2007. The minutes state that a major outcome of this meeting was the general plenary agreement that DO-278/ED-109 (CNS/ATM) for ground based avionics and DO178/ED-12 for airborne should be merged, with appropriate risk mitigation monitored and managed. Progress was also made on tool qualification and integration of formal methods. The next joint meeting is scheduled for 14 to 18 January 2008 in Vancouver, British Columbia, Canada. The final deliverable of DO-178C/ED-12C is scheduled for delivery to RTCA/EUROCAE by 1 December 2008. More information can be found at the SC-205/WG71 website at http://ultra.pr.erau.edu/SCAS/. Back to top COLUMNS – Standards Standards Chair Report – Theresa Hunt Greetings and Happy New Year! Yes, after 10 years of planning our annual conference, I have moved positions from Vice-Chair Programs to Standards Chair, leaving the Programs committee in the very capable hands of Stuart Yarost. This report addresses the US Technical Advisory Group (TAG) SC7 meeting held September 18-20, 2007 and future planned meeting dates/locations. Read more … Back to top FROM THE REGIONS The following links will provide you with a snapshot of the latest activities in the regions. Region 1 New England - Peter Schulz The Software Quality Group of New England (SQGNE) The Boston Software Process Improvement Network (SPIN) Read the Region 1 Report for 4Q2007… Region 4 Canada – Chris Fitz Gibbon Calgary-based IEEE/ASQ Discussion Group for Software Quality Software Quality Assurance Vancouver User Group (VanQ) Toronto Association of Systems and Software Quality (TASSQ) Toronto Software Process Improvement Network Montreal Software Process Improvement Network (SPIN) Information Systems Audit and Control Association’s (ISACA) Ottawa Valley Chapter. Ottawa Software Process Improvement Network (SPIN) Read the Region 4 Report for 4Q2007… Region 5 Mid-Atlantic – N. Moreau ASQ Washington, DC & Maryland Metro Section ASQ Baltimore Section ASQ Philadelphia Section Mid-Atlantic Collaboration Network (MACN) Washington DC Process Improvement Network (SPIN) Read the Region 5 Report for 4Q2007… Region 6 Pacific Northwest – Tom Gilchrist Seattle Software Process Improvement Network (SeaSpin) Seattle Area Software Quality Assurance Group (SASQAG) Region 10 Michigan, Northeast Indiana & Northwest Ohio – Louise Tamres Great Lakes SPIN Ann Arbor Software Quality Professionals (AASQP) Southeastern Michigan Software Quality Assurance Association (SEMISQAA) Read the Region 10 Report for 4Q2007… Region 13 Mid Central States – Gene Kelly Read the Region 13 Report for 4Q2007… Region 14 Southwest & Mexico – David Peercy ASQ Greater Fort Worth Section ASQ Dallas Section ASQ Albuquerque Section Association for Software Engineering Excellence (ASEE) Dallas/Fort Worth (SPIN) Read the Region 14 Report for 4Q2007… Region 15 South Eastern US – Mark Neal Huntsville, AL Software Process Improvement Network (SPIN) Jacksonville, FL Software Process Improvement Network (SPIN) Tampa Bay, FL Software Process Improvement Network (SPIN) Atlanta, GA Software Process Improvement Network (SPIN) Back to top Questions or comments? See: Software Division Web Site Software Division Leadership Or Contact: David Walker, Chair Rufus Turpin, Chair-Elect Robert Stoddard, Secretary Eva Freund, Treasurer How can we improve Software Quality Live? Did the 3Q2007 issue provide helpful information? Let us know!