6/21/2008

Software Engineering Standards Introduction

1028 9126

730 12207

9000 CMM

15288 CMMI J-016 1679

Outline 1. Definitions 2. Sources of Standards 3. Why Use Standards ? 4. ISO and Software Engineering Standards 5. IEEE Software Engineering Collection

Sources: IEEE Standards, Software Engineering, Volume Three: Product Standards, Introduction to the1999 Edition, pages i to xxiii. Horch, J., ‘Practical Guide to Software Quality management’, Artech House, 1996, chap 2. Wells, J., ‘An Introduction to IEEE/EIA 12207’, US DoD, SEPO, 1999. Moore, J., ‘Selecting Software Engineering Standards’, QAI Conference, 1998. Moore, J., ‘The Road Map to Software Engineering: A Standards-Based Guide’, Wiley-IEEE Computer Society Press, 2006. Moore, J.,’An Integrated Collection of Software Engineering Standards’, IEEE Software, Nov 1999. Gray, L., ‘Guidebook to IEEE/EIA 12207 Standard for Information Technology, Software Life Cycle Processes’, Abelia Corporation, Fairfax, Virginia, 2000. Coallier, F.; International Standardization in Software and Systems Engineering, Crosstalk, February 2003, pp. 18-22.

6/21/2008 2

1 6/21/2008

Exemple d’un système complexe Système de transport aérien Système de transport Système de Transport Aérien terrestre Système de Système de gestion du trafic réservation aérien

Système Système aéroportuaire de distribution du kérosène

SystèmeSystème avionique avion Système de Système de gestion de la Structure vie à bord

SystèmeSystème de de équipage propulsionpropulsion Système SystèmeNavigation de de SystèmeVisualisation Système de navigationsystem de visualisation contrôle de vol

SystèmeSystème de de réception réception Système de GPSGPS transport terrestremaritime

6/21/2008 3

Toward a Software Engineering Profession

• What does it take ? 1. Body of Knowledge (e.g. SWEBOK) 2. Standards 3. ‘Best practices’ (i.e. techniques proven to work) 4. Education 5. Code of Ethics 6. Certification mechanism 7. Licensing mechanism

Source: Steve McConnel, 1999

6/21/2008 4

2 6/21/2008

Standard: Définition

• Mandatory requirements employed and enforced to prescribe a disciplined uniform approach to software development, that is, mandatory conventions and practices are in fact standards.

(ISO/IEC 24765, Systems and Software Engineering Vocabulary)

http://pascal.computer.org/sev_display/index.action

6/21/2008 5

Standard: Définition • Formal mandatory requirements developed and used to prescribe consistent approaches to development (e.g., ISO/IEC standards, IEEE standards, and organizational standards). (source: CMMI) – Normative: “prescribing a norm or standard” (Webster) – Informative: Tell users something useful about the standard itself, or provide information that complements the normative parts (source: Gray 2000) Evaluation de la conformité Intrant

Extrant 6/21/2008 Processus 6

3 6/21/2008

Normes et Standards • Norme de jure – Norme définie et adoptée par une organisation officielle de normalisation, sur le plan national ou international. • Norme de facto – Norme qui n’a pas été définie ni entérinée par un organisme officiel de normalisation mais qui s’est imposée par la force des choses, parce qu’elle fait consensus auprès des utilisateurs, d’un groupe d’entreprises ou encore d’un consortium

Adapté de F Coallier

6/21/2008 7

Normes/Standards ouverts

•Sa définition est accessible à tous, • Son utilisation n’est pas sujette à des redevances de la part d’un propriétaire, • Au moins une implémentation de référence existe, • Il est possible de vérifier la conformité d’un système/processus à ce standard

Adapté de F Coallier

6/21/2008 8

4 6/21/2008

Software engineering: Definition

(1) The application of a systematic, disciplined, quantifiable approach to the development, operation and maintenance of software, that is, the application of engineering to software. -- IEEE Std 610.12

6/21/2008 9

Software engineering standards

• Approximately 315 software engineering standards, guides, handbooks, and technical reports are maintained by approximately 46 professional, sector, national, and international standards organizations. • In 1981, IEEE had one software engineering standard. By year end 1997, the collection had grown to 44.

Source: Moore 98 6/21/2008 10

5 6/21/2008

Roles of Software Engineering Standards 1. Specify techniques to develop software faster, cheaper, More better, IEEE 982.1 (Measures for Reliable SW) exciting 2. Provide consensus validity for “best practices”that cannot be scientifically validated, IEEE 1008 (Unit Testing) 3. Provide a systematic treatment of “ilities”, IEEE 730 (SW Quality Assurance) 4. Provide uniformity in cases where agreement is more important than small improvements, IEEE P1320.1 (IDEF0) 5. Provide a framework for communication between buyer and seller, IEEE/EIA 12207 (SW Life Cycle Processes) 6. Give precise names to concepts that are fuzzy, complex, detailed and multidimensional, IEEE 1028 (SW Reviews) More Source: J Moore 98 6/21/2008 effective11

Software Engineering Standards - Scope Process Technique/Tool Applicability 1. Acquisition 1. CASE tools 1. General 2. Requirements 2. Languages and 2. Defense definition Notations 3. Financial 3. Design 3. Metrics 4. Medical 4. Code and Test 4. Privacy 5. Nuclear 5. Integration 5. Process 6. Process Control Improvement 6. Maintenance and 7. Scientific Operations 6. Reliability 8. Shrink-wrap 7. CM 7. Safety 9. Transportation 8. Documentation 8. Security 9. Project Management 9. Software reuse 10. Quality Assurance 10. Vocabulary 11. V & V

Most software engineering standards are practice standards rather than the more familiar product standards in other fields (e.g. chemistry). 6/21/2008 12 Source: Moore 98

6 6/21/2008

Software Engineering Standards Organizational Goals

1. Improve and evaluate software competence 2. Framework for two-party agreements 3. Evaluation of software products 4. Assurance of high integrity levels for software products

Source: Moore 05 6/21/2008 13

Why Use Standards? 1. Establish uniform requirements and vocabulary for development and documentation 2. Define a common framework for software life cycle processes 3. Clarify the roles and interfaces of participants 4. Clarify the types and contents of documentation 5. Identify the tasks, phases, baselines, reviews, and documents needed 6. Follow the lessons learned and proven (best) practices of the industry 7. Avoid the pitfalls and problems of the past 8. Save time and $ by not reinventing the wheel again (NRH vs. NIH). 9. Select a supplier or a developer (e.g. ISO 9000) 10. Impose requirements in a contract 11. Impose a trade barrier ! 6/21/2008 (NRH= Not Re-Invented Here; NIH = Not Invented here) 14

7 6/21/2008

Software Engineering Standards in Courts (US)

• Courts generally view the application of standards as important evidence that engineers performed their work with appropriate diligence and responsibility.

•If suedfor negligence or reckless conduct, an engineer can cite the standards used when he or she conducted the work to demonstrate that it was performed in accordance with codified professional practices.

Moore, J.,’An Integrated Collection of Software Engineering Standards’, IEEE Software, Nov 1999. 6/21/2008 15

The Frameworks Quagmire

People CMM SDCE SCE PSP DOD- DOD- DOD- STD- STD- SW-CMM STD- 2167A 2168 CBA IPI TSP 7935A Process Stds Quality Stds SCAMPI ISO/IEC Maturity or CMMI Capability J-STD MIL-STD- 15504 Models ISO 016 498 FAA- Appraisal 15939* # SA- iCMM methods CMM SSE- RTCA Guidelines PSM CMM DO-178B FAM** IEEE/EIA Six IPD- 12207 Sigma CMM* SE-CMM Baldrige SECAM ISO 9000 ISO/IEC EIA/IS SAM series 12207 731 IEEE Q9000 EIA/IS 1220 MIL-STD 632 499B* TL9000 ISO/IEC 15288* EIA 632 Italic = obsolete boxed = integrating *not released **based on CBA IPI, SAM, and others supersedes # Source: Sarah Sheard, SPC V2 also based on many others based on 6/21/2008 See www.software.org/quagmire uses/references 16

8 6/21/2008

Sources of Standards

1. Within an organization – Documented from day-to-day activities 2. From consultants mandated to develop them 3. From manufacturers’ user groups (e.g. IBM) 4. From a group of companies working together (e.g. Telecom) 5. From professional groups (e.g. IEEE) 6. From government agencies (e.g. NASA, Transport) 7. From Standards Organizations (e.g. ISO) 8. From Countries (e.g. Conseil canadien des normes)

6/21/2008 17

Outline

1. Definitions 2. Sources of Standards 3. Why Use Standards ? 4. ISO and Software Engineering Standards • Name of organization ISO comes from ‘ISOS’ a greek word ‘Equal’ 5. IEEE Software Engineering Collection

6/21/2008 18

9 6/21/2008

International Software Standards Developers

ISO IEC ITU

TC176 JTC1 TC56 SC65A

Quality Information Technology Dependability Functional Safety

SC1 SC7 SC22 Terminology Software Language, OS Engineering WG7 Other WGs WG9 WG15

Life cycle processes Ada POSIX

Members of these committees are “national bodies,” i.e. countries, represented by “national delegations.”

6/21/2008 19

International Organization For Standardization • ESTABLISHED: 1947 • OBJECT: Promote the development of standardization ... in the world ... to facilitating international exchange of goods and services • MEMBERS: 148 countries • Over 14,000 Standards • TECHNICAL COMMITTEES (TCs): Carry out technical work • TCs THAT MAY IMPACT SOFTWARE ENGINEERING: - TC 10: Technical Drawings - TC 20: Space and aircraft vehicles - TC 46: Information and documentation - TC 145: Graphical symbols - TC 154: Documents and data elements in administration, commerce and industry - TC 159: Ergonomics - TC 176: Quality management and quality assurance - TC 184: Industrial automation systems 6/21/2008 20

10 6/21/2008

Joint Technical Committee 1 Information Technology ISO IEC

JTC1

ESTABLISHED: 1987 OBJECT: TO CARRY ON STANDARDIZATION WORK IN INFORMATION TECHNOLOGY

SC1 - Vocabulary SC2 - Character sets & information coding SC6 - Telecommunications & information exchange between systems SC7 - Software and System Engineering SC11 - Flexible magnetic media for digital data interchange SC14 - Representation of data elements SC15 - Labeling and file structure SC17 - Identification cards & related devices SC18 - Document processing and related communication SC21 - Information retrieval, transfer & management for OSI SC22 - Programming languages, their environments & systems software interfaces SC23 - Optical disk cartridges for information interchange SC24 - Computer graphics and image processing SC25 - Interconnection of information technology equipment SC26 - Microprocessor systems SC27 - IT security techniques SC28 - Office equipment SC29 - Coded representation of picture, audio and multimedia/hypermedia information 6/21/2008 21

SC7 - Terms of Reference

Standardization of processes, methods and Standardization of processes, methods and supporting technologies for the supporting technologies for the engineering and management of software engineering and management of software and systems throughout their life cycles. and systems throughout their life cycles.

6/21/2008 22

11 6/21/2008

ISO/IEC JTC 1/SC7

Industrial Quality Project Engineering Management Management (ISO TC 176)

SOFTWARE and SYSTEMS APPLICATION ENGINEERING DOMAINS (many TCs) Computer Sciences and Safety Engineering Dependability (IEC TC65), Engineering Security, other (IEC TC 56) mission-critical

6/21/2008 23

SC7 SWG 1 Prof F. Coallier BPG Secretariat SWG 5 Prof W Suryn Architecture Management WG 17 WG 19 ODP ODP and Modeling Enterprise Language Languages WG2 WG 4 SYSTEM SOFTWARE TOOLS AND DOCUMENTATION ENVIRONMENT WG6 , WG12 & WG13 WG 7 EVALUATIONS AND LIFE CYCLE MEASUREMENTS PROCESSES Prof J-M Desharnais WG 9 WG 18 SYSTEM Quality Management INTEGRITY Prof W. Suryn WG 20 WG 21 WG 10 Certification of Software Asset Management Engineers PROCESS ASSESSMENT Prof C Laporte WG24 Very Small Enterprises 6/21/2008 Prof C Laporte 24

12 6/21/2008

Standards Produced and Maintained by SC7 100 90 Standards Published 80 Standards Maintained 70 60 50 40 30 20 10 0 1987 1989 1991 1993 1995 1997 1999 2001 2003 2005 2007

SC7 Secretariat Report Moscow, May 2007. 6/21/2008 25

Standards Collection Product Systems Engineering Process Product packaging Implementation and 15288 9127 Foundation Assessment 19760 Documentation 19759 12182 Software 15289 15504 Software Body Vocabulary Engineering Product Evaluation of Knowledge Process 12207 (SWEBOK) Assessment 12119 15271 Software Quality 90003 9126 14598 14756 Software Functional size 3535 6592 15846 16085 19770 14764 16326 15939 measurement 14759 9294 15026 Asset Configuration Project Measurement 14143 Management Software 15910 Management maintenance Management SC7’s Risk & Integrity 19761 legacy 18019 20926 20968 Documentation 24570 Tools, Methods

5806 – 5807 – 6593 14102 10746, 13235 14568 15437 8631 – 8790 – 11411 14471 14750, 14752 15474 15909 15940 14753, 14769 15475 19501 SC7 Legacy Standards 18018 14771, 15414 15476 8807 15935, 19500 Tools and CDIF Modeling environment Specifications 6/21/2008 From SWG5 26

13 6/21/2008

Relationships between ISO/IEC software engineering standards

6/21/2008 SURYN, W., HAILEY V, COSTER, A., Huge potential user base for ISO/IEC 90003 27 the state of the art for improving quality in software engineering, ISO Focus, July-August 2004

Outline

1. Definitions 2. Sources of Standards 3. Why Use Standards ? 4. ISO and Software Engineering Standards 5. IEEE Software Engineering Collection • http://standards.computer.org/sesc/ • Bibliothèque de l’ÉTS • IExplore donne accès à toutes les normes IEEE

6/21/2008 28

14 6/21/2008

IEEE Computer Society Software Engineering Standards Committee (SESC) • Mission 1. Identify and understand user needs in the field of software engineering 2. Develop an integrated family of standards that respond effectively to user needs 3. Support implementation of these standards 4. Facilitate meaningful evaluation of resulting implementations – Using the IEEE processes to achieve consensus and compatibility with other IEEE standards – Harmonization with international standards •e.g. ISO 6/21/2008 29

IEEE Computer Society SESC Collection

• Purpose 1. Provide a vocabulary for communication between participants in the software engineering process, 2. Provide objective criteria for understanding claims regarding a product’s nature, 3. Provide methods for specifying product characteristics, and 4. Assure that quality assurance practices were applied

Source: Tripp, L., ‘Benefits of Certification’, IEEE Computer, June 2002

6/21/2008 30

15 6/21/2008

IEEE Computer Society SESC Collection • Currently numbers over 50 standards. – Over 2400 pages •Bookprovides a guide to the collection.

6/21/2008 31

Software Engineering Standards: Importance

1. They consolidate existing technology into a firm basis for introducing newer technology 2. They increase professional discipline 3. They protect the business 4. They protect the buyer 5. They improve the product

Source: Moore 98 6/21/2008 32

16 6/21/2008

IEEE Computer Society SESC Collection

aids transforms Process

interacts Interects with with produces Customer Project Product

uses

Applies to Resource

6/21/2008 33

Framework of Collection

ISO and IEC Terminology Standards

Terminology Overall Guide

Customer Resource Process Product Quality Management Principles or Policies

Element Standards Software Engineering Application Guides

System “Toolbox” of Disciplines Technique Standards

6/21/2008 Source: Moore 98 34

17 6/21/2008

SESC Collection IEEE/EIA 12207 – Umbrella Standard

• IEEE/EIA12207, Software Life Cycle Processes, is an umbrella for all of the customer and process standards in the SESC collection. • All of the relevant standards will be revised to improve their fit with 12207 –Manyof them will detail the processes of the 12207 framework. • From the user’s viewpoint, IEEE/EIA 12207 will serve as a single entry point to all the process standards of the IEEE software engineering collection. •As a baseline to articulate new processes. – IEEE Std. 1517, Software Reuse Processes, adds three reuse specific processes to those of 12207 – IEEE Std. 1540 standard adds a software risk management process.

6/21/2008 35

Outer Layer of SESC collection

610.12 Terminology IEEE glossary

Overall [Moore97] Guide

Principles

Element Customer Process Product Resource Standards standards standards standards standards

Application Guides and Supplements

“Toolbox” of 1044 1044.1 Classification of Guide to 6/21/2008 Techniques 36 Source: Moore 98 anomalies 1044

18 6/21/2008

SESC Collection – Customer Stack

12207.0 Principles Software life cycle processes

Two-Party Supplier System Stakeholders Agreement Selection

Element J-Std-016 1062 1220 1228 Acq / sup Software Systems eng SW safety Standards agreement acquisition process plans 1233 1362 Guide--System Concept of rqmts spec operations doc

Application 12207.1 and 2 Guides and Guide to software life cycle data and processes Supplements

Source: Moore 98 6/21/2008 37

SESC Collection – Process Stack 12207.0 Principles Software life cycle (SWLC) processes

General Primary Supporting Process Processes Processes Processes Measurement

1220 J-Std-016 730 1045 Systems eng. Acq/sup SW product- process agreement SW QA plans ivity metrics 1362 830 1298 Concept of SW require- SW quality operations doc ments spec mgmt system

Element 1233 1008 828 Guide--System SW unit Standards rqmts spec testing SW CM plans 1058.1 829 1012 SW project SW test SW V & V mgmt plans documentation plans

1074 1219 1028 Developing SW maint. SW reviews SWLC proc and audits

12207.1 730.1 Guide--SW life Guide--SW QA cycle data planning Application 12207.2 1042 Guides and Guide--SWLC Guide- Supplements process SW CM

1074.1 1059 Guide--SW 6/21/2008 Guide to 1074 38 Source: Moore 98 V & V plans

19 6/21/2008

SESC Collection –Product Stack

Principles

Charac- Product Product End Item teristics Measurement Evaluation Specification

1061 1012 1362 Software quality SW V & V Concept of metrics methodology plans operations doc 1233 730 Guide--System SW QA plans Element reqmts spec Standards 982.1 1063 Measures for SW user reliable SW documentation 1228 SW safety plans

982.2 1059 Guide to Guide--SW Application 982.1 V & V plans Guides and Supplements 730.1 Guide--SW QA 6/21/2008 Source: Moore 98 planning 39

SESC Collection – Resource Stack

Principles

Data Storage Reuse Tools & Notation & Interchange Libraries Environments

1175 P1320.x 1420.x 1209 Tool inter- Data model for Selection IDEF connection reuse lib interop of CASE tools 830 P1471 1348 SW rqmts Architectural Adoption of specifications description CASE tools Element Standards 1016 SW design descriptions 829 SW test documentation

Application 1016.1 1430 Guides and Guide to Guide to Supplements 1016 1420.x 6/21/2008 40 Source: Moore 98

20 6/21/2008

SESC Standards for Project Management

STANDARD TITLE VOLUME

IEEE std 1044-1993 IEEE Standard Volume Four : Resource Classification for Software and Technique Standards Anomalies IEEE std 1044.1-1995 IEEE Guide to Volume Four : Resource Classification for Software and Anomalies IEEE std 1058-1998 IEEE Standard for Software Volume Two : Process Project Management Plans Standards

IEEE std 1490-1998 IEEE Guide to the Project Volume Two : Process management body of Standards knowledge

6/21/2008 41

SESC Standards for Plans

STANDARD TITLE VOLUME

IEEE std 730-1998 IEEE Standard for Software Volume Two : Process Quality Assurance Plans Standards

IEEE std 730.1-1995 IEEE Guide for Software Volume Two : Process Quality Assurance Planning Standards

IEEE std 828-1998 IEEE Standard for Software Volume Two : Process configuration Management Standards Plans IEEE std 1012-1998 IEEE Standard for Software Volume Two : Process Verification and Validation Standards

IEEE std 1012a-1998 Supplement to IEEE Standard Volume Two : Process for Software Verification and Standards validation IEEE std 1228-1998 IEEE Standard for Software Volume One : Customer and Safety Plans Terminology Standards

6/21/2008 42

21 6/21/2008

SESC Standards for Documentation STANDARD TITLE VOLUME

IEEE std 829-1998 IEEE Standard for Software Test Volume Four : Resource and Documentation Technique standards

IEEE std 830-1998 IEEE Recommended Practice Volume Four : Resource and for Software requirements Technique Standards Specifications IEEE std 1016-1998 IEEE Recommended Practice Volume Four : Resource and for Software Design Technique Standards Descriptions IEEE std 1063-1987 IEEE Standard for Software Volume Three : Product User Documentation Standards

IEEE std 1233-1998 Edition IEEE Guide for Developing Volume One : Customer and System Requirements terminology Standards Specifications IEEE std 1362-1998 IEEE Guide for Information Volume One : Customer and Technology – System Definition Terminology Standards – Concept of Operations Document 6/21/2008 43

SESC Standards for Measurement STANDARD TITLE VOLUME

IEEE std 982.1-1998 IEEE Standard Dictionary of Volume Three : Product Measures to Produce Reliable standards Software

IEEE std 982.2-1998 IEEE Guide for the Use of Volume Three : Product Standard Dictionary for Standards Measures to Produce Reliable Software IEEE std 1045-1992 IEEE Standard for Software Volume Two : Process Productivity Metrics Standards

IEEE std 1061-1998 IEEE Standard for a Software Volume Three : Product Quality Metrics Methodology Standards

6/21/2008 44

22 6/21/2008

Sites

• http://standards.computer.org/sesc/

• http://www.iso.ch/

6/21/2008 45

23