Software Quality is More than Good Code


Over the past decade, advancements in static analysis tools from both commercial and open source communities have dramatically improved the detection of developer violations of good coding practices. The ability to detect these issues in coding practices provides the promise of better software quality.

Yet many of these static analysis tools cannot detect the critical violations that exist in multilayer architectures, across transactions and multi-technology systems. These are the violations that lead to 90% of a systems reliability, security and efficiency issues in production.

(Figure 1 illustrates these rules at the Unit and Technology/System Levels.)


CISQ Software Quality Characteristics Measures

Ovum Analyst Chandranshu Singh points out, “Holistic system approach, looking at the architecture, transactions, control, and data flow across multiple technologies, may be very beneficial, with numerous engineering studies showing that bad software engineering practices in the ways components are interrelated and interact…account for only 10% of total defects, but can lead to 90% of production issues.”

Code Checking is not enough.

Structural quality weaknesses – such as those enumerated in the table below aligned with the characteristics they may affect – can manifest themselves in many different ways across languages and technologies…and some weaknesses may not be relevant to some languages. Large, modern business applications are architected in multiple layers, each of which may be developed in a different language or technology. Consequently, the analysis of software quality at the system level is challenging. It requires parsing several languages and rebuilding an abstract representation of the application system, from which patterns and other markers of structural weakness can be detected.

The problem with traditional testing approaches and tools is that even though software quality characteristics generally describe external behavior, the internal weaknesses in the system are most often the root cause of undesirable behaviors: performance, reliability and security issues.

A software quality standard for IT business applications published by the Consortium for IT Software Quality (CISQ), a consortium co‐sponsored by the Object Management Group and the Software Engineering Institute at Carnegie Mellon University, defines the underlying rules of good architectural and coding practice that must be checked.

They classify software engineering best practices in two categories:

  1. Rules of good coding practice within a program at the Unit Level without context in which the program operates
  2. Rules of good architectural and design practice at the Technology or System level that take into consideration the broader architectural context within which a unit of code is integrated.

To learn more about CISQ Software Quality standards and how to supplement your testing and development processes with Architectural and Structural Quality Analysis, view this video:

  This report describes the effects of different industrial factors on  structural quality. Structural quality differed across technologies with COBOL  applications generally having the lowest densities of critical weaknesses,  while JAVA-EE had the highest densities. While structural quality differed  slightly across industry segments, there was almost no effect from whether the  application was in- or outsourced, or whether it was produced on- or off-shore.  Large variations in the densities in critical weaknesses across applications  suggested the major factors in structural quality are more related to  conditions specific to each application. CRASH Report 2020: CAST Research on  the Structural Condition of Critical Applications Report
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
New code

You've already submitted a review for this item