The future challenges for Software Quality assurance (SQA) follow a few software trends, including:
- Complex and large software packages
- Integration with external components and interfaces
- The need to deliver quickly
- The need to deliver bug free software
The standard software quality activities defined by IEEE, such as verification and validation, are integrated into the software development cycle. We see dedicated SQA roles and resources in major organizations. Also, many multi-national companies are pushing to have a central team drive and manage the quality processes, methodologies, and tools across all their sites and teams.
The centre of excellence is an example of such a central team, which are focused on defining and driving SQA activities, process, methods, and tools within the organization. They introduce specific software metrics to measure their key process areas (KPAs) at every phase of the software development life cycle. The main idea is to reduce cost of software production and quality, and therefore improve the overall productivity.
With the emerging software system architecture which is mainly oriented around mobile, cloud or SaaS, the need to better understand, manage, and adopt the SQA activities is increasing.
Organizations have started to understand, define, and implement quality models which are specific and relevant to their line of business. There is a strong push to study and apply the appropriate quality model, which could be based on either a standard model such as McCall’s factor model, or a specific quality model to address few quality requirements such as security or reliability within every organization. For example: The McCall’s factor model classifies all software requirements into eleven software quality factors. These eleven factors are grouped into three categories as follows (Galin, 2004):
- Product operation factors: Correctness, Reliability, Efficiency, Integrity, Usability.
- Product revision factors: Maintainability, Flexibility, Testability.
- Product transition factors: Portability, Reusability, Interoperability.
There are few challenges in terms of adoption of these processes, methodologies, and tools mainly due to the following reasons:
- Multiple development sites – This challenge is pretty common because the processes working at one site may not work at another site due to several reasons, including lack of resources, not enough expertise on process, not sharing the same priority, etc.
- Integration of many external components or third parties – Today many organizations promote the use of external components or open source software within their development teams, and forget to anticipate the risks around testing them and getting them the proper support.
- Not enough standards for software requirements – Although we have seen many standards defining processes including the CMM, CMMI, and ISO, when it comes to quality requirements, we see a lack of software quality standards. There are many institutes which focus on specific areas of software like security, networking, accessibility, and performance.
- Examples of such institutes are Mitre Corporation, which has defined the popular security vulnerabilities which must be tackled by every software system. They are referred to as Common Weakness Enumeration (CWE). You can find more information at http://cwe.mitre.org/top25/
- The evolving CISQ standards for software systems led by Object Management Group (OMG). The first version of the CISQ standard was published last year. The CISQ requirements are mainly based on four key quality characteristics -- reliability, performance and efficiency, security, and maintainability. You can find more information at http://it-cisq.org/standards-page/
- Not enough support from management in terms of strategy for SQA processes – There are organizations which still need to mature in terms of defining and implementing the right SQA for their business. They tend to fail due to lack of focus on quality processes.For example, organizations which compromise on testing by reducing or skipping non-functional testing, system testing, or integration testing may face issues in terms of dependencies or other problems linked to environment and platform, security, and performance, which are very critical for business to run smoothly.
The advantages of overcoming the challenges described above include process improvement, optimization, and higher productivity.
The use of standard SQA processes (based on Capability Maturity Model or Testing Maturity Model) should be recommended to develop an efficient SQA function within the organization. And the requirements of test automation should be promoted and enforced.
Based on experience, I would strongly recommend introducing static and dynamic code analysis as part of the QA activities to detect major violations early in the development phase. For example: There are many SCA tools such as CAST Application Intelligent Platform, Fortify, and Coverity which can be integrated into the daily or weekly software development testing activities.
This will have a positive impact on the overall productivity and quality of the software delivered.
Be it on-premise, on-demand, on-mobile, or on-cloud the requirements will evolve. Therefore we have to align the SQA process and tools to better suit these requirements. The software development team is still in charge or responsible for ensuring the quality of the system he is delivering to the market.
No matter which process we try to adopt or follow, as humans we need time to coach ourselves and practice the new process before we can really become the process champions.
Please feel free to leave any feedback/suggestions in a comment below.