SEN (AY 2023-24) Software Quality Assurance and Security

UNIT 5: SOFTWARE QUALITY ASSURANCE AND

SECURITY
5.1 Project Scheduling

Basic Principles
i. Compartmentalization: The project must be compartmentalized into a number of
manageable activities and tasks.
ii. Interdependency: The interdependency of each compartmentalized activity or task
must be determined.
iii. Time allocation: Each task to be scheduled must be allocated some number of work
units.
iv. Effort validation: Every project has a defined number of staff members.
v. Defined responsibilities: Every task that is scheduled should be assigned to a specific
team member.
vi. Defined outcomes: Every task that is scheduled should have a defined outcome.
vii. Defined milestones: Every task or group of tasks should be associated with a project
milestone. A milestone is accomplished when one or more work products has been
reviewed for quality.

Activity Network

Activity networks are graphical representation of project schedule. Activity networks, which
are network diagrams, show the dependencies between the different activities making up the
project. An activity network is a diagram of project activities that shows the sequential
relationships of activities using arrows and nodes.
(Example given during lecture)

Scheduling Techniques
There are two commonly used scheduling techniques-

CPM:
CPM stands for critical path method. A project of any kind involves a number of activities.
Some of them are interdependent while others are independent. It is important that project
management should effectively plan, schedule, co-ordinate and optimize the activities of the
various participants in the project. There are certain activities which are to be completed
within the stipulated time. If those critical activities are not completed within the prescribed
time line, the completion of the whole project is hampered.
If the project is quite large effective control over all the activities is difficult. To control such
projects, Network techniques have been developed.

PERT:
PERT stands for Program Evaluation and Review Technique. PERT is a project management
technique, used to manage uncertain activities of a project. It is a technique of planning and
control of time. It focuses of event. It is a probabilistic model. It is appropriate for high
precision time estimate. It manages Unpredictable Activities. PERT chart represent another
view of project. It does represent inter task relationships more effectively. Tasks and
milestones are included in the chart symbols such as circles; squares are used to depict tasks

ZEBA SYED Page 1

SEN (AY 2023-24) Software Quality Assurance and Security

and milestone. Microsoft uses rectangles to represent task. Each task rectangle is divided into
sections with task name at the top and task-id/duration in the middle.

Difference between PERT and CPM

Sr. PERT CPM

No.
1. Suitable for projects that have Suitable for projects that have
unpredictable activities. predictable activities
2. This technique of planning and control of This technique to control cost and time.
time.
3. PERT uses three estimates for the time CPM uses a single estimate for the time
that it can be completed. that a project can be completed.
4. This technique is event oriented. This technique is activity oriented.
5. It is non-repetitive in nature. It is repetitive in nature.

5.2 Project Tracking

1) Timeline Chart OR Gantt Chart

When creating software project schedule, we begin with a set of tasks. If automated tools are
used, the work breakdown is input as a task network or task outline. Effort, duration and start
date are then input for each task, In addition, tasks may be assigned to specific individuals.

As a consequence of this input, a time-line chart, also called a Gantt chart is generated. A
time-line chart can be developed for the entire project. The figure below depicts a part of a
software project schedule that emphasizes scoping task for a word-processing (WP) software
product. All project tasks are listed in the left-hand column. The horizontal bars indicate the
duration of each task. When multiple bars occur at the same time on the calendar, task
concurrency is implied. The diamond indicates milestones.

Once the information necessary for the generation of a time-line chart has been input, the
majority of software project scheduling tools produce project tables – a tabular listing of all
project tasks, their planned and actual start and end dates, and a variety of related
information. Used in conjunction with the time-line chart, project tables enable to track
progress.

ZEBA SYED Page 2

SEN (AY 2023-24) Software Quality Assurance and Security

Application of Gantt Chart

 The sheer simplicity and ease-of-access of all relevant information make Gantt charts
an ideal choice for teams to use them for organizing their schedules. Due to this,
Gantt charts are widely used in project management, IT and development teams.
 Apart from them, marketing, engineering, product launch, manufacturing teams can
also use Gantt charts to get an overview of how things are rolling on the work front.

2) Earned Value Analysis (EVA)

Earned Value Analysis takes into consideration the project context for planned and actual
expenditure. This analysis is made to find out project scope, schedule and resource
characteristics. The EVA acts as a measure for software project progress.
Various measures are determined during EVA. These measures are-
i. Planned Value (PV): It denotes the planned cost of the work. The planned value is
developed by first determining all of the work that must be accomplished for
successful project result.
ii. Earned Value (EV): It is project manager‘s estimate of the amount of originally
budgeted work completed.
iii. Actual Cost (AC): It represents the actual amount that the business has to expand on
the project
iv. Budget At Completion (BAC): It represents the total budget for your project.
v. Schedule Variance (SV): It indicates the status of the schedule. It represents whether
work is ahead or behind the plan.

ZEBA SYED Page 3

SEN (AY 2023-24) Software Quality Assurance and Security

If SV is negative = Project is behind the schedule

If SV is positive = Project is ahead of schedule
If SV is equal to zero = Project is one schedule
vi. Cost Variance (CS): It is the difference between earned value and actual cost.
If CV = 0, then project is on budget
If CV < 0, then project is over budget
If CV > 0, then project is under budget

5.3 Software Quality Management vs. Software Quality Assurance

Definition of Quality: Quality is measurable characteristics of a product. It can be defined

as- ‗a characteristic or attribute of something.‘

Definition of Quality Assurance:

Quality assurance consists of the auditing and reporting functions of management.
The goal of quality assurance is to provide management with the data necessary to be
informed about product quality, thereby gaining insight and confidence that product quality is
meeting its goals.

Difference between Software Quality Management and Software Quality Assurance:

Sr. Software Quality Management Software Quality Assurance

No. (Control)
1. It is a corrective technique. Corrects the It is a preventive technique. Prevents the
faults when they occur. faults from occurring.
2. It is product focussed. It if process focussed.
3. It is detection oriented. It is prevention oriented.
4. Gives confidence to producer. Gives confidence to customer.
5. Only tester is responsible for QC Entire team is responsible for QA
6. Eg. Walkthroughs, inspections Eg. Defining process, automated
engineering.

Name software quality assurance activities OR Explain the phases of Software Quality
Assurance

i. Prepares a SQA plan.

ii. Participates in description of software process.
iii. Reviews software engineering activities.
iv. Audits designated software work products.
v. Ensures that deviations in software work.
vi. Records any noncompliance and reports to senior management.

1) Prepare an SQA plan for a project. The plan is developed during project planning and is
reviewed by all interested parties. Quality assurance activities performed by the software
engineering team and the SQA group are governed by the plan. The plan identifies
evaluations to be performed
audits and reviews to be performed
standards those are applicable to the project

ZEBA SYED Page 4

SEN (AY 2023-24) Software Quality Assurance and Security

procedures for error reporting and tracking

documents to be produced by the SQA group
amount of feedback provided to the software project team

2) Participate in the development of the project‘s software process description. The software
team selects a process for the work to be performed. The SQA group reviews the process
description for compliance with organizational policy, internal software standards, externally
imposed standards (e.g., ISO-9001), and other parts of the software project plan.

3) Review software engineering activities to verify compliance with the defined software
process. The SQA group identifies, documents, and tracks deviations from the process and
verifies that corrections have been made.

4) Audits designated software work products to verify compliance with those defined as part
of the software process. The SQA group reviews selected work products; identifies,
documents, and tracks deviations; verifies that corrections have been made; and periodically
reports the results of its work to the project manager.

5) Ensure that deviations in software work and work products are documented and handled
according to a documented procedure. Deviations may be encountered in the project plan,
process description, applicable standards, or technical work products.

6) Records any noncompliance and reports to senior management. Noncompliance items are
tracked until they are resolved.

5.4 Quality Evaluation Standards

Six Sigma
The Six Sigma strategy ―is a rigorous and disciplined methodology that uses data and statistical
analysis to measure and improve a company‘s operational performance by identifying and
eliminating defects‘ in manufacturing and service-related processes‖. The term Six Sigma is
derived from six standard deviations instances (defects) per million occurrences—implying an
extremely high quality standard. The Six Sigma methodology defines three core steps:
• Define customer requirements and deliverables and project goals via well-defined methods
of customer communication.
• Measure the existing process and its output to determine current quality performance
(collect defect metrics).
• Analyze defect metrics and determine the vital few causes.

If an existing software process is in place, but improvement is required, Six Sigma suggests two
additional steps:
• Improve the process by eliminating the root causes of defects.
• Control the process to ensure that future work does not reintroduce the causes of defects.
These core and additional steps are sometimes referred to as the DMAIC (Define, Measure,
Analyze, Improve, and Control) method.
If an organization is developing a software process (rather than improving an existing process),
the core steps are augmented as follows:
• Design the process to
a) Avoid the root causes of defects and
b) To meet customer requirements.

ZEBA SYED Page 5

SEN (AY 2023-24) Software Quality Assurance and Security

• Verify that the process model will, in fact, avoid defects and meet customer requirements.
This variation is sometimes called the DMADV (define, measure, analyze, design, and verify)
method.

ISO for Software

ISO (International Standards Organization) standards are concerned with the quality process
in organizations that design, develop and maintain the products.
The quality assurance systems are the organizational structures that are used to bring quality
in responsibilities, procedures, processes and resources.
ISO 9000 is a family of quality assurance system. It can be applied to all types of
organizations. It doesn‘t matter what size they are or what they do. It can help both product
and service oriented organizations to achieve standards of quality.
ISO 9000 is maintained by ISO, the International Organization for Standardization and is
administered by accreditation and certification bodies.
In ISO 9000, company‘s quality system and operations are scrutinized by third-party auditors
for compliance to the standard and effective operation. This process is called registration to
ISO 9000.
On successful registration, the company gets a certification from accreditation bodies of ISO.
Such a company is then called ―ISO certified company‖.
ISO 9001:2000 is a quality assurance standard which is applied to software engineering
systems.
It focuses on process flows, customer satisfaction, and the continual improvement of quality
management systems.

CMMI
The Capability Maturity Model Integration (CMMI)

Level 1: Initial. The software process is characterized as ad hoc and occasionally even
chaotic. Few processes are defined, and success depends on individual effort.

Level 2: Repeatable. Basic project management processes are established to track cost,
schedule, and functionality. The necessary process discipline is in place to repeat earlier
successes on projects with similar applications.

ZEBA SYED Page 6

SEN (AY 2023-24) Software Quality Assurance and Security

Level 3: Defined. The software process for both management and engineering activities is
documented, standardized, and integrated into an organization wide software process. All
projects use a documented and approved version of the organization's process for developing
and supporting software. This level includes all characteristics defined for level 2.

Level 4: Managed. Detailed measures of the software process and product quality are
collected. Both the software process and products are quantitatively understood and
controlled using detailed measures. This level includes all characteristics defined for level 3.

Level 5: Optimizing. Continuous process improvement is enabled by quantitative feedback

from the process and from testing innovative ideas and technologies. This level includes all
characteristics defined for level 4.

ZEBA SYED Page 7