|
Author |
Article |
Year |
Read |
||
|
Arguing conformance |
2012 |
15-Aug-12 |
|||
|
Key words |
|||||
|
Software safety, conformance statement, compliance, standards, |
|||||
|
Summarizing comments |
|||||
|
I am rather impressed by the introduction of this article (Greydon, et al., 2012). The authors are working at York University, where my direct colleagues have done some safety courses. The authors argue that standards provide a consistent benchmark to measure performance, to define minimum standard to meet and best practices to apply; and to improve the maturity of our products and processes, including our ability to assess and evaluate how we are doing. This article covers how to transfer confidence in our high integrity software product capabilities. The authors claim that self-assessment to show conformance and independent external assessment to demonstrate compliance each have their limits for this confidence transfer. The authors are making a case for a structured conformance argument to ease the communication. The authors recognize that there is significant variety in the quality, transparency and scruteability of conformance documentation to help to ensure integrity of design and implementation and to establish assurance of integrity by guiding acceptable forms of evidence, also for stakeholders outside the development process. Software standard requirements have a high proportion of process requirement (if you compare it with hardware were internal and external product attributes are more dominant). The authors appear to argue that process requirements are more ambiguous. Particular scenarios for interpretation are considered necessary for the use of high-level goals; deliberate nonspecific; and the possibility to meet the letter, but not the spirit of the standard. The necessity of interpretation also raises the possibility of misinterpretation. Some standards require rationales or justifications that partially address this problem, but not all. Independent compliance assessment may be beneficial for the confidence transfer, but remains costly and judgments will vary between different assessors. A compliance certificate tells the external stakeholders that the organization and the software complies in some manner with the requirements, but doesn’t provide insight how this is achieved. The authors suggest to create a conformance argument in which a main claim is decomposed into a series of sub-claims until these can be solved with evidence. Such conformance argument can be done in line with a safety argument, as they highly overlap. ( ja duh, off course are they overlapping, aren’t standards developed to tackle safety issues?). The example provided from collaboration with industrial partners demonstrates the feasibility of constructing conformance arguments and highlights the transparency. Authorities have responded positive and the authors claim that the ‘chart like presentation’ is considered helpful to understand the compliance. I am quite interested in using the presentation as they authors suggest in this article. However, the fact that we already have compliance documentation would call for a substantial investment to go over to such system. Maybe it is good to use this mechanism to gain understanding about the compliance of ACCS. Compliance with what? |
|||||
|
Interesting quotes |
|||||
|
“…help establish a consistent benchmark against which we can measure projects, define both minimum standards and best practices, and improve maturity in software development and assessment.” “Transferring confidence between stakeholders in high-integrity software projects is essential” “neither self-reports of conformance nor independent confirmation of conformance is a perfect means to effect this transfer.” “conformance can help ensure integrity by influencing software design and implementation ….conformance can help establish assurance of integrity by influencing software assessment practice and guiding the acceptable forms of evidence Much more quotes to use if necessary |
|||||
|
Actions |
Due date |
Status |
|||
|
1. Read and summarize |
15-Aug-12 |
Done |
|||
|
2. Re-read when writing TMA/Thesis |
01-Aor-13 |
Open |
|||
|
3. |
|||||
Personal Blogs
Graydon, et al. (2012) Arguiing conformance
Shull, F (2012) Disbanding the 'Process Police'
|
Author |
Article |
Year |
Read |
|
Disbanding the “Process Police” |
2012 |
26-Jul-12 |
|
|
Key words |
|||
|
Compliance, safety, process, SQA role |
|||
|
Summarizing comments |
|||
|
Shull’s article hits a sensitive spot of how QA can contribute to the good of the end product. This IEEE Software article is looking at other motivations for processes than for the effectiveness of engineering, as compliance to standards or regulations are often a reason for an extensive Quality Management system. Let’s acknowledge this is the case and assume that processes are the key to required level of control on the quality of the products. Shull’s article provides an example that among engineers this is not a common view, where two senior NASA engineers are admitting not to recognize engineering practices in their system engineering manual. Shull argues that QA tasks are viable, but to have any real impact should stay within the boundaries of the tools and data relevant to the engineering activities. I do sympathize with that view, but also recognize that the push for better engineering practices as configuration control and requirements management are not born through the engineers’ desire for freedom and flexibility. Shull is encouraging SQO to look beyond the checklist and be just as critical towards the effectiveness of the process in this context as they are towards the way the process has been applied. He pushes the idea of a ‘process coach’ rather than a ‘process police’. Am I too naïve to think that was the whole idea. To my opinion this article lacks the viewpoint of the future engineer or the customer organization trying to implement a new software component, an outsourcing partner trying to make sense of what has been provided. QA activities should, in my opinion remain focused on making what is/has been done understandable. An excited engineer is not the most reliable contributor to the maintainability of a system, I am afraid. |
|||
|
Actions |
Due date |
Status |
|
|
1. Skim read and summarize |
26-Jul-12 |
Closed |
|
|
2. Share with QSAC staff |
27-Jul.12 |
Open |
|
This blog might contain posts that are only visible to logged-in users, or where only logged-in users can comment. If you have an account on the system, please log in for full access.