Software Quality Management

Software Quality Engineering Tackles Security Issues

Taz Daughtrey
03/19/2013

Software quality engineering involves:

  • identifying required software attributes,
  • specifying the degree to which each must be present,
  • designing and implementing software with these attributes, and
  • applying appraisal techniques to assure their presence.

Security issues arise when software defects can be exploited to compromise the accessibility of a system or the confidentiality or the integrity of its information.

Applying well-established software quality engineering approaches to security issues can provide insights into how software needs to be built and used in the face of security threats.  Specifically, these approaches support allocation of development and assurance resources, as well as informed release or revision decisions. The safest automobile may well be the one parked in your driveway, but it is scarcely useful for transportation. So, too, a fully secure system would have to sacrifice all usability and functionality.

What is needed is to strike an appropriate balance between security and other attributes. An engineering approach to software quality supports customer- and data-driven tradeoffs among various quality attributes.

From Audit Requirements to Checklist Items to Evidence Gathering Plans

03/01/2011

This presentation presents a “how-to” method for translating the audit criteria requirements into useful checklists that auditors can use to organize their audit effort.  Attendees will then learn how those translate checklist items into objective evidence gathering plans to ensure that they gather relevant facts that allow them to effectively evaluate adherence to the audit criteria requirements.

Tips for Taking the CSQE Exam

Linda Westfall
04/01/2010

If you are taking the next offering of the ASQ Certified Software Quality Engineer (CSQE) exam or are considering taking the CSQE exam in the future, this useful webinar can provide you with advice on how to perpare for the exam and tip for taking the exam.  It also covers what to bring and not to bring to the exam.  

The types of questions on the exam are reviewed with examples and pointers to practice exam questions are provided.  CSQE Recertification is also discussed.

Join us for the informative webinar for the lady who "wrote the book" literally.  Linda Westfall is the author of "The Certified Software Quality Engineering Handbook" available from ASQ Quality Press.

PDF File on Changes to ISO 9001:2008

Larry Whittington
08/01/2008

Reprinted with permission from Whittington Newsletter September 2008 from Whittington & Associates who are specialists in QMS, EMS, Information Security, Services Management and Six Sigma. To subscribe to their newsletter, visit their website at www.whittingtonassociates.com.  

According to a joint announcement by the ISO (International Organization for Standardization) and the IAF (International Accreditation Forum), the two organizations have agreed to an implementation plan for a smooth migration to ISO 9001:2008.

1) Certification to ISO 9001:2008 will only be issued after publication of ISO 9001:2008 (expected before the end of 2008) and after a routine surveillance audit or re-certification audit against ISO 9001:2008.

2) One year after publication of ISO 9001:2008, all certifications issued (new certifications and re-certifications) must be to ISO 9001:2008.

3) Two years after publication of ISO 9001:2008, existing ISO 9001:2000 certifications will not be valid.

This transition plan is possible, because ISO and IAF have agreed that ISO 9001:2008 introduces no new requirements. The revised quality standard only introduces clarifications to the existing ISO 9001:2008 requirements, and changes to improve consistency with ISO 14001:2004, the environmental standard.

ISO 9001:2008 Differences:  You can read about the changes in ISO 9001:2008 vs. ISO 9001:2000 by downloading Larry Whittington's paper, ISO 9001:2008 Differences.  It is a PDF file with 19 pages describing every text change throughout the standard. Deleted ISO 9001:2000 text is indicated by strikethroughs. New ISO 9001:2008 text is highlighted and underlined. The underlining will allow readers to distinguish the new text, even if the paper is printed without color.  Most of the text in ISO 9001:2000 has not been affected by ISO 9001:2008 and is not repeated in the paper. Revised text is shown in Italics to distinguish it from comments.  Note: The ISO 9001:2008 differences are explained using the content of ISO/FDIS 9001:2008 and may change when ISO 9001:2008 is published.

The Blame Game

Manfred (Fred) Hein
08/04/2003

We don't look often enough at the aspects of our personal and business lives that hinder our ability to function, to develop relationships, to interact with others (i.e., to become productive and effective individuals). These neglected or overlooked aspects can become "roadblocks" in our personal and business lives - roadblocks that keep us from “being who we can be.” Often we look at new, “state-of-the-art” ideas, concepts, and technology silver bullets to help change/improve ourselves or our corporations. We always think of “adding” these things to our lives to make a difference. We never seem to think that if we “subtract” or get rid of some things - roadblocks - in our lives, they might make more of a difference. One such roadblock we should think of subtracting is The Blame Game. Our individual and organizational propensity to blame can be a significant factor that weakens our foundations. This session describes how we can become aware of the blaming techniques of The Blame Game, the harm they cause, how much we are engaged in them, and how we can change these practices.

Certification: A Competitive Advantage In Any Economy

Eric Patel & Darin Kalashian
04/26/2003

Have you every considered enhancing your career through professional development activities? Most of us say that we’re too busy to do our day job let alone anything in addition to it, but what if by doing some “extra” things you could make your job easier, faster, and increase your job satisfaction (and maybe your paycheck)? Certification is one value-added activity. It’s commonly defined as formal recognition by an institution that an individual has demonstrated proficiency within and comprehension of a specified body of knowledge at a point in time.  Certification is a tool and when utilized to its full potential, can define career paths, contribute to a company’s bottom line, and drive product quality and customer satisfaction upwards.

Making Sense of ISO 15504 (and SPICE)

Scott Duncan
01/29/2003

ISO 15504 was initiated in 1993 as the SPICE (Software Process Improvement and Capability dEtermination) Project, then formally moved into ISO/IEC as JTC1/SC7’s Working Group 10. The first draft appeared around June of 1995 and the second, around October of 1996. Several ballot and comment periods followed and ISO 15504 was issued as a Technical Report (TR) in 1998. Immediately thereafter, work was begun to plan the implementation of changes deemed needed to move the TR to full International Standard (IS) status. This work continues today and, during this time, activities under the name "SPICE" have continued as well such as a series of trials, which have used various versions of ISO 15504, including the TR. Though SPICE activities are not under ISO/IEC auspices, many of the people involved in the ISO 15504 standards effort are also associated with SPICE activities.

This paper describes the work which has been going on to move ISO 15504 from a TR to full IS status including reducing the document set from 9 to 5 documents and removing the Process Dimension from the standard in favor of Process Reference Models.   Since ISO 15504 is still being developed and the target completion of the parts spans 2003-2004, the presentation will attempt to provide the most up to date information with regard to the provisions of the standard as well as the schedule for its completion.

Aligned Empowerment - Could it become a Buzzword

Jim Austin
11/04/2002

Sit down with today’s manager and get into a discussion about “empowerment” and see what kind of reaction you get.  Generally a yawn, right?  You might get a shrug, a nod, or maybe even rolling eyes but it would probably be a rare day to find anyone getting genuinely exited about such a dated topic.  While the word "empowerment" may no longer be in vogue, the “concept” behind empowerment remains strong. Empowerment is a basic staple of good management and in a growing number of organizations power is shifting from managers to employees.  Jim's article discusses empowerment and how to ensure that empowerment is "aligned" through information sharing.

Process Definition Template

Linda Westfall
09/11/2002

Utilize this template to document your software process definitions.  This template can be used to implement the techniques described in the How to Create Useful Software Process Documentation paper.  This paper also includes an example of a completed version of this template.

How to Create Useful Software Process Documentation

Linda Westfall
03/25/2002

Whether our organization is using ISO 9001, the Software Engineering Institutes Capability Maturity Model - IntegratedSM, Total Quality Management, Six Sigma or some other quality framework, one of the cornerstones of any of these frameworks is to document our processes.  Unfortunately efforts to document our process often end up in voluptuous volumes of verbosity that sit on the shelf and gather dust.   How to Create Useful Software Process Documentation introduces the reader to a simple, practical method for defining and documenting software processes that are easy to understand, easy to use and easy to maintain.

This paper was presented as an invited speaker paper at the 11th International Conference on Software Quality (11ICSQ).

Recommended References

The Certified Software Quality Engineer Handbook, Linda Westfall, ASQ Quality Press, Milwaukee, WI, 2009.

Fundamental Concepts for the Software Quality Engineer, Taz Daughtrey, editor, ASQ Quality Press, Milwaukee, Wisconsin, 2002.

The Certified Manager of Quality/Organizational Excellence Handbook, 3rd Edition, ASQ Quality Management Division, Russell T. Westcott editor, ASQ Quality Press, Milwaukee, WI, 2006.  

The Certified Quality Process Analyst Handbook, Eldon H. Christensen, Kathleen M. Coombes-Betz and Marilyn S.Stein, ASQ Quality Press, Milwaukee, WI, 2007.  

Handbook of Software Quality Assurance, 4th Edition; Edited by G. Gordon Schulmeyer; Artech House, Boston, MA, 2007.

The Six Sigma Handbook, 3rd Addition; Thomas Pyzdek and Paul Keller; McGraw-Hill Professional, New York, 2009.

The Quality Improvement Handbook, 2nd Edition, ASQ Quality Management Division, John E. Bauer, Grace L. Duffy and Russell T. Westcott, editors, ASQ Quality Press, Milwaukee, WI, 2006.

The ASQ Auditing Handbook, 4th Edition, ASQ Quality Audit Division, J. P. Russell editor, ASQ Quality Press, Milwaukee, WI, 2013.

Quality Audits for Improved Performance, 3rd Edition, Dennis R. Arter, ASQ Quality Press, Milwaukee, WI, 2003.

The Quality Toolbox, 2nd edition, Nancy R. Tague, ASQ Quality Press, Milwaukee, WI, 2005.

Joseph M. Juran - The Father of Modern Day Quality Management (December 24, 1904 - February 28, 2008)

The world lost one of its great quality leaders and thinkers on February 28, 2008 when Joseph M. Juran passed away at age 103.  Juran was one of the 20th centuries great thought leaders in quality and is widely credited for adding the human dimension to quality management. He was also a thought leader in the areas of management theory, human resources and consulting.

Juran authored many books during his more than 70-year active career.  My favorite is his Quality Control Handbook, which is a classic reference and "must own" book for anyone in the quality engineering profession.

Juran was instrumental in revolutionizing the Japanese philosophy of quality management and the founder of the Juran Institute.  He is credited with:

    The definition of quality as "fitness for use"
    Expanding the Pareto principle by applying it to quality issues
    Recognizing the need for top management involvement in quality
    The project-by-project approach to quality improvement
    Championing the human side of Total Quality Management
    Emphasizing training in quality management
    The Juran Trilogy: Quality Planning - Quality Improvement - Quality Control

To read more about Joseph M. Juran:

    http://www.juran.com/

    http://www.asq.org/juran/

    http://www.skymark.com/resources/leaders/juran.asp

    http://en.wikipedia.org/wiki/Joseph_M._Juran

    http://www.qualitydigest.com/feb99/html/body_juran.html

Recommended Links

American Society for Quality (ASQ) - asq.org

American Society for Quality (ASQ) Software Division - asq.org/software

Association for Computer Machinery - www.acm.org

Crosstalk, The Journal of Defence Software Engineering - stsc.hill.af.mil/crosstalk

Cyber Security & Information Systems Information Analysis Center (CSIAC) - thecsiac.com

Dilbert - dilbert.com

European Strategic Programme of Research & Development in Information Technology - cordis.europa.eu/esprit

Excellence for Suppliers of Telecommunications Forum - questforum.org

The Institute of Internal Auditors (IIA) - www.theiia.org

International Organization for Standards (ISO) - www.iso.org

The IT Metrics and Productivity Institute - itmpi.org

Malcolm Baldridge National Quality Award - www.quality.nist.gov

NASA Standards for Software Assurance - hq.nasa.gov/office/codeq/doctree/87398.htm

Six Sigma DMAIC Quick Reference - isixsigma.com/new-to-six-sigma/getting-started/what-six-sigma

Software Assurance, Community Resources and Information Clearing House Sponsored by the US Department of Homeland Security Cyber Security Division - buildsecurityin.us-cert.gov/swa/

Software Engineering Institute - sei.cmu.edu

Software Testing and Quality Engineering - www.stickyminds.com

ITIL (Information Technology Infrastructure Library) www.itil-officialsite.com

TickIT International: The quarterly newsletter of the TickIT software sector quality certification scheme.  The objectives of TickIT International are to keep readers up to date with the latest certification topics and with best practices experienced among TickIT-certified companies - http://www.tickit.org/international.htm

Book Reviews

Two Books for Thinking About Software:

  • Great Software Debates (Alan Davis)

  • The Laws of Software Process (Philip Armour)

Download Scott Duncan's review below.

© 1999-2017 Westfall Team, Inc.