Software Assurance Models & Software Quality Assurance Trends
Models for Quality Assurance (QA Models)
Quality Assurance models define systematic activities to ensure that software processes and products meet specified quality standards.
Objectives
- Prevent defects rather than detect them later
- Improve development processes
- Ensure customer satisfaction
Common QA Models
| Model | Focus |
|---|---|
| ISO Models | Standardization & documentation |
| CMM / CMMI | Process maturity |
| TMM | Testing maturity |
| SPICE | Process assessment |
| Malcolm Baldrige | Organizational excellence |
| P-CMM | Workforce capability |
Real-life example: Just like a restaurant follows hygiene standards daily to avoid customer complaints, QA models help software teams avoid defects early.
ISO 9000 Series
ISO 9000 is an international quality management standard developed by the International Organization for Standardization (ISO).
Purpose
- Ensure consistent product quality
- Improve customer satisfaction
- Standardize processes
Important ISO Standards
| Standard | Description |
| ISO 9000 | Fundamentals & vocabulary |
| ISO 9001 | Quality Management System (QMS) requirements |
| ISO 9004 | Performance improvement guidelines |
Key Principles
- Customer focus
- Leadership
- Process approach
- Continuous improvement
Example: A software company certified with ISO 9001 follows documented procedures for coding, testing, and delivery.
Capability Maturity Model (CMM)
CMM evaluates the maturity of software development processes in an organization.
Five Levels of CMM
| Level | Name | Description |
| 1 | Initial | Ad-hoc, chaotic processes |
| 2 | Repeatable | Basic project management |
| 3 | Defined | Documented & standardized processes |
| 4 | Managed | Process measured & controlled |
| 5 | Optimizing | Continuous process improvement |
Example: Level 1 = No fixed study routine Level 5 = Daily study plan + performance analysis
Capability Maturity Model Integration (CMMI)
CMMI is an improved and integrated version of CMM, combining multiple process areas.
CMMI Models
| Model | Focus |
| CMMI-DEV | Development |
| CMMI-SVC | Services |
| CMMI-ACQ | Acquisition |
CMMI Maturity Levels
Same 5 levels as CMM but broader and more flexible.
Benefit:
- Higher productivity
- Better quality products
- Reduced rework cost
Test Maturity Models (TMM / TMMi)
Test Maturity Models measure the maturity of testing processes in an organization.
Levels of TMM
| Level | Focus |
| 1 | Ad-hoc Testing |
| 2 | Test Planning |
| 3 | Test Integration |
| 4 | Test Measurement |
| 5 | Test Optimization |
Example: Manual testing without planning → Mature automation with metrics
SPICE (ISO/IEC 15504)
SPICE stands for Software Process Improvement and Capability Determination.
Purpose
- Assess software process capability
- Improve processes systematically
Capability Levels
| Level | Description |
| 0 | Incomplete |
| 1 | Performed |
| 2 | Managed |
| 3 | Established |
| 4 | Predictable |
| 5 | Optimizing |
Difference from CMM: SPICE focuses on process capability, not organizational maturity.
Malcolm Baldrige Quality Model
A framework for organizational performance excellence developed in the USA.
Seven Criteria
- Leadership
- Strategy
- Customers
- Measurement & Analysis
- Workforce
- Operations
- Results
Example: Used by large IT firms to benchmark overall performance, not just software quality.
People Capability Maturity Model (P-CMM)
P-CMM focuses on improving workforce capability and human resource practices.
P-CMM Levels
| Level | Focus |
| 1 | Initial |
| 2 | Managed |
| 3 | Defined |
| 4 | Predictable |
| 5 | Optimizing |
Benefits
- Skill development
- Reduced employee turnover
- Better team performance
Real-life example: Training employees systematically instead of learning only on the job.
Comparison Summary Table
| Model | Main Focus |
| ISO 9000 | Quality standards |
| CMM | Process maturity |
| CMMI | Integrated process improvement |
| TMM | Testing maturity |
| SPICE | Process capability |
| Baldrige | Organizational excellence |
| P-CMM | People & skills development |
Software Process – PSP and TSP
Personal Software Process (PSP)
PSP is a self-improvement process designed for individual software engineers to improve their personal work quality.
Objectives of PSP
- Improve estimation accuracy
- Reduce defects
- Increase productivity
PSP Levels
| Level | Focus |
|---|---|
| PSP0 | Basic measurement |
| PSP1 | Planning & estimation |
| PSP2 | Quality management |
| PSP3 | Cyclic development |
Example: Like a student tracking daily study time and mistakes to improve exam scores.
Team Software Process (TSP)
TSP extends PSP concepts to software development teams.
Objectives
- Build self-managed teams
- Deliver high-quality software on time
- Improve team accountability
TSP Activities
- Team planning
- Quality goals setting
- Regular performance tracking
Example: A cricket team planning roles, strategy, and performance metrics.
Object-Oriented (OO) Methodology
OO methodology organizes software using objects, which combine data and behavior.
Key Concepts
- Encapsulation
- Inheritance
- Polymorphism
- Abstraction
Impact on Quality
- High reusability
- Easy maintenance
- Reduced complexity
Real-life example: A mobile phone object containing camera, calling, and apps as features.
Cleanroom Software Engineering
Cleanroom is a defect prevention approach, not defect removal.
Key Principles
- Formal specification
- Incremental development
- Statistical quality control
Benefits
- Very low defect rate
- High reliability
Example: Manufacturing medicines in a sterile environment to avoid contamination.
Defect Injection and Prevention
Defect Injection
Introducing known defects deliberately to:
- Measure testing effectiveness
- Improve defect detection capability
Defect Prevention
Activities performed to avoid defects:
- Root cause analysis
- Training
- Process improvement
Example: Fire drills to prepare people before real emergencies.
Internal Auditing and Assessments
Systematic examination of processes to ensure compliance with standards.
Objectives
- Identify process gaps
- Ensure quality standards
- Support continuous improvement
Types
| Audit Type | Purpose |
| Process Audit | Check workflows |
| Product Audit | Check deliverables |
| Compliance Audit | Check standards adherence |
Inspections & Walkthroughs
- Inspections: Formal peer review technique to identify defects early.
- Walkthroughs: Author-led review to explain work products.
Comparison
| Feature | Inspection | Walkthrough |
| Formality | High | Medium |
| Moderator | Required | Not mandatory |
| Defect Detection | Very high | Moderate |
Example: Teacher checking answer sheets vs student explaining answers.
CASE Tools and Their Effect on Software Quality
CASE (Computer-Aided Software Engineering) tools support automation of SDLC activities.
Types of CASE Tools
| Tool Type | Function |
| Upper CASE | Requirement & design |
| Lower CASE | Coding & testing |
| Integrated CASE | End-to-end support |
Impact on Quality
- Reduced human error
- Better documentation
- Improved consistency
Examples
- Jira – issue tracking
- Selenium – test automation
- Git – version control
Summary Table
| Trend | Main Benefit |
| PSP/TSP | Individual & team improvement |
| OO Methodology | Reusability & maintainability |
| Cleanroom | Defect prevention |
| Defect Prevention | Reduced rework |
| Audits | Compliance & improvement |
| Reviews | Early defect detection |
| CASE Tools | Automation & quality consistency |