Beruflich Dokumente
Kultur Dokumente
B-1
Guide to the Software Engineering
Body of Knowledge
Version 3.0
SWEBOK
Version 3.0
Editors
Pierre Bourque, cole de technologie suprieure (TS)
Richard E. (Dick) Fairley, Software and Systems Engineering Associates (S2EA)
Copyright and Reprint Permissions. Educational or personal use of this material is permitted without fee provided such copies
1) are not made for profit or in lieu of purchasing copies for classes, and that this notice and a full citation to the original work
appear on the first page of the copy and 2) do not imply IEEE endorsement of any third-party products or services. Permission to
reprint/republish this material for commercial, advertising or promotional purposes or for creating new collective works for
resale or redistribution must be obtained from IEEE by writing to the IEEE Intellectual Property Rights Office, 445 Hoes Lane,
Piscataway, NJ 08854-4141 or pubs-permissions@ieee.org.
Reference to any specific commercial products, process, or service does not imply endorsement by IEEE. The views and
opinions expressed in this work do not necessarily reflect those of IEEE.
IEEE makes this document available on an as is basis and makes no warranty, express or implied, as to the accuracy,
capability, efficiency merchantability, or functioning of this document. In no event will IEEE be liable for any general,
consequential, indirect, incidental, exemplary, or special damages, even if IEEE has been advised of the possibility of such
damages.
Digital copies of SWEBOK Guide V3.0 may be downloaded free of charge for personal and academic use via
www.swebok.org.
IEEE Computer Society Products and Services. The world-renowned IEEE Computer Society publishes, promotes, and
distributes a wide variety of authoritative computer science and engineering journals, magazines, conference proceedings, and
professional education products. Visit the Computer Society at www.computer.or g for more information.
TABLE OF CONTENTS
Foreword xvii
Editors xxi
Coeditors xxi
Acknowledgements xxix
6.3.ModelValidation 1-
12
6.4.AcceptanceTests 1-
12
7. Practical Considerations 1-12
7.1.IterativeNatureoftheRequirementsProcess 1-
13
7.2.ChangeManagement 1-
13
7.3.RequirementsAttributes 1-
13
7.4.RequirementsTracing 1-
14
7.5.MeasuringRequirements 1-
14
8. Software Requirements Tools 1-14
Matrix of Topics vs. Reference Material 1-15
2-
Chapter 2: Software Design 1
1. Software Design Fundamentals 2-2
1.1.GeneralDesignConcepts 2-
2
1.2.ContextofSoftwareDesign 2-
2
1.3.SoftwareDesignProcess 2-
2
1.4.SoftwareDesignPrinciples 2-
3
2. Key Issues in Software Design 2-3
2.1.Concurrency 2-
4
2.2.ControlandHandlingofEvents 2-
4
2.3.DataPersistence 2-
4
2.4.DistributionofComponents 2-
4
2.5.ErrorandExceptionHandlingandFaultTolerance 2-
4
2.6.InteractionandPresentation 2-
4
2.7.Security 2-
4
3. Software Structure and Architecture 2-4
3.1.ArchitecturalStructuresandViewpoints 2-
5
3.2.ArchitecturalStyles 2-
Table of Contents 7
5
3.3.DesignPatterns 2-
5
3.4.ArchitectureDesignDecisions 2-
5
3.5.FamiliesofProgramsandFrameworks 2-
5
4. User Interface Design 2-5
4.1.GeneralUserInterfaceDesignPrinciples 2-
6
4.2.UserInterfaceDesignIssues 2-
6
4.3.TheDesignofUserInteractionModalities 2-
6
4.4.TheDesignofInformationPresentation 2-
6
4.5.UserInterfaceDesignProcess 2-
7
4.6.LocalizationandInternationalization 2-
7
4.7.MetaphorsandConceptualModels 2-
7
5. Software Design Quality Analysis and Evaluation 2-7
5.1.QualityAttributes 2-
7
5.2.QualityAnalysisandEvaluationTechniques 2-
8
5.3.Measures 2-
8
6. Software Design Notations 2-8
6.1.StructuralDescriptions(StaticView) 2-
8
6.2.BehavioralDescriptions(DynamicView) 2-
9
7. Software Design Strategies and Methods 2-10
7.1.GeneralStrategies 2-
10
7.2.Function-Oriented(Structured)Design 2-
10
7.3.Object-OrientedDesign 2-
10
7.4.DataStructure-CenteredDesign 2-
10
7.5.Component-BasedDesign(CBD) 2-
10
7.6.OtherMethods 2-
10
8. Software Design Tools 2-11
8
4.6.ExecutableModels 3-
9
4.7.State-BasedandTable-DrivenConstructionTechniques 3-
9
4.8.RuntimeConfigurationandInternationalization 3-
10
4.9.Grammar-BasedInputProcessing 3-
10
4.10.ConcurrencyPrimitives 3-
10
4.11.Middleware 3-
10
4.12.ConstructionMethodsforDistributedSoftware 3-
11
4.13.ConstructingHeterogeneousSystems 3-
11
4.14.PerformanceAnalysisandTuning 3-
11
4.15.PlatformStandards 3-
11
4.16.Test-FirstProgramming 3-
11
5. Software Construction Tools 3-12
5.1.DevelopmentEnvironments 3-
12
5.2.GUIBuilders 3-
12
5.3.UnitTestingTools 3-
12
5.4.Profiling,PerformanceAnalysis,andSlicingTools 3-
12
Matrix of Topics vs. Reference Material 3-13
SWEBOK Guide V3.0
3.1.BasedontheSoftwareEngineersIntuitionandExperience 4-
8
3.2.InputDomain-BasedTechniques 4-
8
3.3.Code-BasedTechniques 4-
8
3.4.Fault-BasedTechniques 4-
9
3.5.Usage-BasedTechniques 4-
9
3.6.Model-BasedTestingTechniques 4-
10
3.7.TechniquesBasedontheNatureoftheApplication 4-
10
3.8.SelectingandCombiningTechniques 4-
11
4. Test-Related Measures 4-11
4.1.EvaluationoftheProgramUnderTest 4-
11
4.2.EvaluationoftheTestsPerformed 4-
12
5. Test Process 4-12
5.1.PracticalConsiderations 4-
13
5.2.TestActivities 4-
14
6. Software Testing Tools 4-15
6.1.TestingToolSupport 4-
15
6.2.CategoriesofTools 4-
15
Matrix of Topics vs. Reference Material 4-17
5-
Chapter 5: Software Maintenance 1
1. Software Maintenance Fundamentals 5-1
1.1.DefinitionsandTerminology 5-
1
1.2.NatureofMaintenance 5-
2
1.3.NeedforMaintenance 5-
3
1.4.MajorityofMaintenanceCosts 5-
3
1.5.EvolutionofSoftware 5-
3
1.6.CategoriesofMaintenance 5-
3
2. Key Issues in Software Maintenance 5-4
2.1.TechnicalIssues 5-
Table of Contents 11
4
2.2.ManagementIssues 5-
5
2.3.MaintenanceCostEstimation 5-
6
2.4.SoftwareMaintenanceMeasurement 5-
7
3. Maintenance Process 5-7
3.1.MaintenanceProcesses 5-
7
3.2.MaintenanceActivities 5-
8
4. Techniques for Maintenance 5-10
4.1.ProgramComprehension 5-
10
4.2.Reengineering 5-
10
4.3.ReverseEngineering 5-
10
4.4.Migration 5-
10
4.5.Retirement 5-
11
3.3.DeviationsandWaivers 6-
10
4. Software Configuration Status Accounting 6-10
4.1.SoftwareConfigurationStatusInformation 6-
10
4.2.SoftwareConfigurationStatusReporting 6-
10
5. Software Configuration Auditing 6-10
5.1.SoftwareFunctionalConfigurationAudit 6-
11
5.2.SoftwarePhysicalConfigurationAudit 6-
11
5.3.In-ProcessAuditsofaSoftwareBaseline 6-
11
6. Software Release Management and Delivery 6-11
6.1.SoftwareBuilding 6-
11
6.2.SoftwareReleaseManagement 6-
12
7. Software Configuration Management Tools 6-12
Matrix of Topics vs. Reference Material 6-13
7-
Chapter 7: Software Engineering Management 1
1. Initiation and Scope Definition 7-4
1.1.DeterminationandNegotiationofRequirements 7-
4
1.2.FeasibilityAnalysis 7-
4
1.3.ProcessfortheReviewandRevisionofRequirements 7-
5
2. Software Project Planning 7-5
2.1.ProcessPlanning 7-
5
2.2.DetermineDeliverables 7-
5
2.3.Effort,Schedule,andCostEstimation 7-
6
2.4.ResourceAllocation 7-
6
2.5.RiskManagement 7-
6
2.6.QualityManagement 7-
6
2.7.PlanManagement 7-
7
3. Software Project Enactment 7-7
3.1.ImplementationofPlans 7-
7
3.2.SoftwareAcquisitionandSupplierContractManagement 7-
Table of Contents 13
7
3.3.ImplementationofMeasurementProcess 7-
7
3.4.MonitorProcess 7-
7
3.5.ControlProcess 7-
8
3.6.Reporting 7-
8
SWEBOK Guide V3.0
3.1.SoftwareProcessAssessmentModels 8-
7
3.2.SoftwareProcessAssessmentMethods 8-
7
3.3.SoftwareProcessImprovementModels 8-
7
3.4.ContinuousandStagedSoftwareProcessRatings 8-
8
4. Software Measurement 8-8
4.1.SoftwareProcessandProductMeasurement 8-
9
4.2.QualityofMeasurementResults 8-
10
4.3.SoftwareInformationModels 8-
10
4.4.SoftwareProcessMeasurementTechniques 8-
11
5. Software Engineering Process Tools 8-12
Matrix of Topics vs. Reference Material 8-13
9-
Chapter 9: Software Engineering Models and Methods 1
1. Modeling 9-1
1.1.ModelingPrinciples 9-
2
1.2.PropertiesandExpressionofModels 9-
3
1.3.Syntax,Semantics,andPragmatics 9-
3
1.4.Preconditions,Postconditions,andInvariants 9-
4
2. Types of Models 9-4
2.1.InformationModeling 9-
5
2.2.BehavioralModeling 9-
5
2.3.StructureModeling 9-
5
3. Analysis of Models 9-5
3.1.AnalyzingforCompleteness 9-
5
3.2.AnalyzingforConsistency 9-
6
3.3.AnalyzingforCorrectness 9-6
3.4.Traceability 9-6
3.5.InteractionAnalysis 9-6
4. Software Engineering Methods 9-7
4.1.HeuristicMethods 9-7
4.2.FormalMethods 9-7
Table of Contents 15
4.3.PrototypingMethods 9-8
4.4.AgileMethods 9-9
Matrix of Topics vs. Reference Material 9-10
10-
Chapter 10: Software Quality 1
1. Software Quality Fundamentals 10-2
1.1.SoftwareEngineeringCultureandEthics 10-
2
1.2.ValueandCostsofQuality 10-
3
1.3.ModelsandQualityCharacteristics 10-
3
1.4.SoftwareQualityImprovement 10-
4
1.5.SoftwareSafety 10-
4
2. Software Quality Management Processes 10-5
2.1.SoftwareQualityAssurance 10-
5
2.2.Verification&Validation 10-
6
2.3.ReviewsandAudits 10-
6
3. Practical Considerations 10-9
3.1.SoftwareQualityRequirements 10-
9
3.2.DefectCharacterization 10-
10
3.3.SoftwareQualityManagementTechniques 10-
11
3.4.SoftwareQualityMeasurement 10-
12
4. Software Quality Tools 10-12
Matrix of Topics vs. Reference Material 10-14
11-
Chapter 11: Software Engineering Professional Practice 1
1. Professionalism 11-2
1.1.Accreditation,Certification,andLicensing 11-
3
1.2.CodesofEthicsandProfessionalConduct 11-
4
1.3.NatureandRoleofProfessionalSocieties 11-
4
1.4.NatureandRoleofSoftwareEngineeringStandards 11-
4
1.5.EconomicImpactofSoftware 11-
5
1.6.EmploymentContracts 11-
5
16
1.7.LegalIssues 11-
5
1.8.Documentation 11-
7
1.9.TradeoffAnalysis 11-
8
2. Group Dynamics and Psychology 11-9
2.1.DynamicsofWorkinginTeams/Groups 11-
9
2.2.IndividualCognition 11-
9
2.3.DealingwithProblemComplexity 11-
10
2.4.InteractingwithStakeholders 11-
10
2.5.DealingwithUncertaintyandAmbiguity 11-
10
2.6.DealingwithMulticulturalEnvironments 11-
10
3. Communication Skills 11-11
3.1.Reading,Understanding,andSummarizing 11-
11
Table of Contents 17
3.2.Writing 11-
11
3.3.TeamandGroupCommunication 11-
11
3.4.PresentationSkills 11-
12
Matrix of Topics vs. Reference Material 11-13
12-
Chapter 12: Software Engineering Economics 1
1. Software Engineering Economics Fundamentals 12-3
1.1.Finance 12-
3
1.2.Accounting 12-
3
1.3.Controlling 12-
3
1.4.CashFlow 12-
3
1.5.Decision-MakingProcess 12-
4
1.6.Valuation 12-
5
1.7.Inflation 12-
6
1.8.Depreciation 12-
6
1.9.Taxation 12-
6
1.10.Time-ValueofMoney 12-
6
1.11.Efficiency 12-
6
1.12.Effectiveness 12-
6
1.13.Productivity 12-
6
2. Life Cycle Economics 12-7
2.1.Product 12-
7
2.2.Project 12-
7
2.3.Program 12-
7
2.4.Portfolio 12-
7
2.5.ProductLifeCycle 12-
7
2.6.ProjectLifeCycle 12-
18 SWEBOK Guide V3.0
7
2.7.Proposals 12-
8
2.8.InvestmentDecisions 12-
8
2.9.PlanningHorizon 12-
8
2.10.PriceandPricing 12-
8
2.11.CostandCosting 12-
9
2.12.PerformanceMeasurement 12-
9
2.13.EarnedValueManagement 12-
9
2.14.TerminationDecisions 12-
9
2.15.ReplacementandRetirementDecisions 12-
10
3. Risk and Uncertainty 12-10
3.1.Goals,Estimates,andPlans 12-
10
3.2.EstimationTechniques 12-
11
3.3.AddressingUncertainty 12-
11
3.4.Prioritization 12-
11
3.5.DecisionsunderRisk 12-
11
3.6.DecisionsunderUncertainty 12-
12
4. Economic Analysis Methods 12-12
4.1.For-ProfitDecisionAnalysis 12-
12
4.2.MinimumAcceptableRateofReturn 12-
13
4.3.ReturnonInvestment 12-
13
4.4.ReturnonCapitalEmployed 12-
13
4.5.Cost-BenefitAnalysis 12-
13
4.6.Cost-EffectivenessAnalysis 12-
13
4.7.Break-EvenAnalysis 12-
13
4.8.BusinessCase 12-
13
Table of Contents 19
4.9.MultipleAttributeEvaluation 12-
14
4.10.OptimizationAnalysis 12-
14
5. Practical Considerations 12-14
5.1.TheGoodEnoughPrinciple 12-
14
5.2.Friction-FreeEconomy 12-
15
5.3.Ecosystems 12-
15
5.4.OffshoringandOutsourcing 12-
15
Matrix of Topics vs. Reference Material 12-16
13-
Chapter 13: Computing Foundations 1
1. Problem Solving Techniques 13-3
1.1.DefinitionofProblemSolving 13-
3
1.2.FormulatingtheRealProblem 13-
3
1.3.AnalyzetheProblem 13-
3
1.4.DesignaSolutionSearchStrategy 13-
3
1.5.ProblemSolvingUsingPrograms 13-
3
2. Abstraction 13-4
2.1.LevelsofAbstraction 13-
4
2.2.Encapsulation 13-
4
2.3.Hierarchy 13-
4
2.4.AlternateAbstractions 13-
5
3. Programming Fundamentals 13-5
3.1.TheProgrammingProcess 13-
5
3.2.ProgrammingParadigms 13-
5
4. Programming Language Basics 13-6
4.1.ProgrammingLanguageOverview 13-
6
4.2.SyntaxandSemanticsofProgrammingLanguages 13-
6
4.3.Low-LevelProgrammingLanguages 13-
7
4.4.High-LevelProgrammingLanguages 13-
20 SWEBOK Guide V3.0
7
4.5.Declarativevs.ImperativeProgrammingLanguages 13-
7
5. Debugging Tools and Techniques 13-8
5.1.TypesofErrors 13-
8
5.2.DebuggingTechniques 13-
8
5.3.DebuggingTools 13-
8
6. Data Structure and Representation 13-9
6.1.DataStructureOverview 13-
9
6.2.TypesofDataStructure 13-
9
6.3.OperationsonDataStructures 13-
9
7. Algorithms and Complexity 13-10
7.1.OverviewofAlgorithms 13-
10
7.2.AttributesofAlgorithms 13-
10
7.3.AlgorithmicAnalysis 13-
10
7.4.AlgorithmicDesignStrategies 13-
11
7.5.AlgorithmicAnalysisStrategies 13-
11
8. Basic Concept of a System 13-11
8.1.EmergentSystemProperties 13-
11
8.2.SystemsEngineering 13-
12
8.3.OverviewofaComputerSystem 13-
12
9. Computer Organization 13-13
9.1.ComputerOrganizationOverview 13-
13
9.2.DigitalSystems 13-
13
9.3.DigitalLogic 13-
13
9.4.ComputerExpressionofData 13-
13
9.5.TheCentralProcessingUnit(CPU) 13-
14
9.6.MemorySystemOrganization 13-
14
9.7.InputandOutput(I/O) 13-
Table of Contents 21
14
10. Compiler Basics 13-15
10.1.Compiler/InterpreterOverview 13-
15
10.2.InterpretationandCompilation 13-
15
10.3.TheCompilationProcess 13-
15
11. Operating Systems Basics 13-16
11.1.OperatingSystemsOverview 13-
16
11.2.TasksofanOperatingSystem 13-
16
11.3.OperatingSystemAbstractions 13-
17
11.4.OperatingSystemsClassification 13-
17
12. Database Basics and Data Management 13-17
12.1.EntityandSchema 13-
18
12.2.DatabaseManagementSystems(DBMS) 13-
18
12.3.DatabaseQueryLanguage 13-
18
12.4.TasksofDBMSPackages 13-
18
12.5.DataManagement 13-
19
12.6.DataMining 13-
19
13. Network Communication Basics 13-19
13.1.TypesofNetwork 13-
19
13.2.BasicNetworkComponents 13-
19
13.3.NetworkingProtocolsandStandards 13-
20
13.4.TheInternet 13-
20
13.5.InternetofThings 13-
20
13.6.VirtualPrivateNetwork(VPN) 13-
21
14. Parallel and Distributed Computing 13-21
14.1.ParallelandDistributedComputingOverview 13-
21
14.2.DifferencebetweenParallelandDistributedComputing 13-
21
14.3.ParallelandDistributedComputingModels 13-
21
22 SWEBOK Guide V3.0
14.4.MainIssuesinDistributedComputing 13-
22
15. Basic User Human Factors 13-22
15.1.InputandOutput 13-
22
15.2.ErrorMessages 13-
23
15.3.SoftwareRobustness 13-
23
16. Basic Developer Human Factors 13-23
16.1.Structure 13-
24
16.2.Comments 13-
24
17. Secure Software Development and Maintenance 13-24
17.1.SoftwareRequirementsSecurity 13-
24
17.2.SoftwareDesignSecurity 13-
25
17.3.SoftwareConstructionSecurity 13-
25
17.4.SoftwareTestingSecurity 13-
25
17.5.BuildSecurityintoSoftwareEngineeringProcess 13-
25
17.6.SoftwareSecurityGuidelines 13-
25
Matrix of Topics vs. Reference Material 13-27
14-
Chapter 14: Mathematical Foundations 1
1. Set, Relations, Functions 14-1
1.1.SetOperations 14-
2
1.2.PropertiesofSet 14-
3
1.3.RelationandFunction 14-
4
2. Basic Logic 14-5
2.1.PropositionalLogic 14-
5
2.2.PredicateLogic 14-
5
3. Proof Techniques 14-6
3.1.MethodsofProvingTheorems 14-
6
4. Basics of Counting 14-7
5. Graphs and Trees 14-8
5.1.Graphs 14-
Table of Contents 23
8
5.2.Trees 14-
10
6. Discrete Probability 14-13
7. Finite State Machines 14-14
8. Grammars 14-15
8.1.LanguageRecognition 14-
16
9. Numerical Precision, Accuracy, and Errors 14-17
10. Number Theory 14-18
10.1.Divisibility 14-
18
10.2.PrimeNumber,GCD 14-
19
11. Algebraic Structures 14-19
11.1.Group 14-
19
11.2.Rings 14-
20
Matrix of Topics vs. Reference Material 14-21
15-
Chapter 15: Engineering Foundations 1
1. Empirical Methods and Experimental Techniques 15-1
1.1.DesignedExperiment 15-
1
1.2.ObservationalStudy 15-
2
1.3.RetrospectiveStudy 15-
2
2. Statistical Analysis 15-2
2.1.UnitofAnalysis(SamplingUnits),Population,andSample 15-
2
2.2.ConceptsofCorrelationandRegression 15-
5
3. Measurement 15-5
3.1.Levels(Scales)ofMeasurement 15-
6
3.2.DirectandDerivedMeasures 15-
7
3.3.ReliabilityandValidity 15-
8
3.4.AssessingReliability 15-
8
4. Engineering Design 15-8
4.1.EngineeringDesigninEngineeringEducation 15-
8
4.2.DesignasaProblemSolvingActivity 15-
9
4.3.StepsInvolvedinEngineeringDesign 15-
24 SWEBOK Guide V3.0
9
5. Modeling, Simulation, and Prototyping 15-10
5.1.Modeling 15-
10
5.2.Simulation 15-
11
5.3.Prototyping 15-
11
6. Standards 15-12
7. Root Cause Analysis 15-12
7.1.TechniquesforConductingRootCauseAnalysis 15-
13
Matrix of Topics vs. Reference Material 15-14
A-
Appendix A: Knowledge Area Description Specifications
1
Appendix B: IEEE and ISO/IEC Standards Supporting the Software Engineering
Body of Knowledge (SWEBOK) B-
1
C-
Appendix C: Consolidated Reference List 1
FOREWOR
D
Every purposes
profession as
is based on developme
a body of nt and
knowledge accreditati
, although on of
that academic
knowledge and
is not training
always programs,
defined in certificatio
a concise n of
manner. In specialists,
cases or
where no professiona
formality l licensing.
exists, the Generally,
body of a
knowledge professiona
is l society or
generally similar
recognized body
by maintains
practitioner stewardshi
s and may p of the
be codified formal
in a variety definition
of ways for of a body
a variety of of
different knowledge
uses. But .
in many During
cases, a the past
guide to a forty-five
body of years,
knowledge software
is formally engineerin
documente g has
d, usually evolved
in a form from a
that conference
permits it catchphras
to be used e into an
for such engineerin
g , the IEEE
profession, Computer
characteriz Society
ed by 1) a presents a
professiona revised and
l society, 2) updated
standards version of
that specify the body of
generally knowledge
accepted formerly
professiona documente
l practices, d as
3) a code SWEBOK
of ethics, 2004; this
4) revised and
conference updated
proceeding version is
s, 5) denoted
textbooks, SWEBOK
6) V3. This
curriculum work is in
guidelines partial
and fulfillment
curricula, of the
7) Societys
accreditatio responsibil
n criteria ity to
and promote
accredited the
degree advanceme
programs, nt of both
8) theory and
certificatio practice for
n and
the
licensing,
profession
and 9) this
of software
Guide to
engineerin
the Body
g.
of
It should
Knowledge
be noted
.
that this
In this
Guideto Guide does
the not present
Software the entire
Engineerin the body of
gBodyof knowledge
Knowledge for
software conference
engineerin held in
g but rather Germany
serves as a in 1968.
guide to The IEEE
the body of Computer
knowledge Society
that has first
been published
developed its
over more Transactio
than four nson
decades. Software
The Engineerin
software g in 1972,
engineerin and a
g body of committee
knowledge for
is developing
constantly software
engineerin
evolving.
g standards
Neverthele
was
ss, this
established
Guide
within the
constitutes
IEEE
a valuable
Computer
characteriz
Society in
ation of the
1976.
software
In 1990,
engineerin
planning
g was begun
profession. for an
In 1958, internation
John al standard
Tukey, the to provide
world- an overall
renowned view of
statistician, software
coined the engineerin
term g. The
software. standard
The term was
software completed
engineerin in 1995
g was used with
in the title designation
of a NATO ISO/IEC
12207 and mechanism
given the for
title of acquiring
Standard the
for knowledge
Software you need
LifeCycle in your
Processes. lifelong
The IEEE career
version of developme
12207 was nt as a
published software
in 1996 engineerin
and g
provided a professiona
major l.
foundation
for the
body of Dick
knowledge Fairley,
captured in Chair
SWEBOK Software
2004. The and
current Systems
version of Engineerin
12207 is g
designated
Committee
as ISO/IEC
IEEE
12207:200
Computer
8 and IEEE
Society
12207-
2008; it
provides
Don
the basis
Shafer,
for this
Vice
SWEBOK
President
V3.
Pr
This
of
Guideto
es
the
si
Software
o
Engineerin
n
gBodyof
al
Knowledge
is
A
presented
ct
to you, the
iv
reader, as a
iti o
es m
p
B ut
o er
ar
d S
IE oc
E ie
E ty
C
xvii
FOREWOR
D TO THE
2004
EDITION
In ge
this for
Gui the
de, field
the of
IEE soft
E ware
Com engi
pute neer
r ing,
Soci and
ety the
esta wor
blish k
es parti
for ally
the fulfi
first lls
time the
a Soci
base etys
line resp
for onsi
the bilit
bod y to
y of pro
kno mot
wled e the
adva or
nce their
men solut
t of ions.
both It
theo shou
ry ld be
and note
prac d
tice that
in the
this Gui
field de
. In does
so not
doin purp
g, ort
the to
Soci defi
ety ne
has the
been bod
guid y of
ed kno
by
wled
the
ge
expe
but
rien
rathe
ce
r to
of
serv
disci
e as
plin
a
es
with com
long pend
er ium
histo and
ries guid
but e to
was the
not bod
bou y of
nd kno
eithe wled
r by ge
their that
prob has
lems been
deve neve
lopi rthel
ng ess
and cons
evol titut
ving es a
over valu
the able
past elem
four ent
deca of
des. the
Furt soft
her ware
mor engi
e, neeri
this ng
bod infra
y of struc
kno ture.
wled In
ge is 1958
not ,
stati John
c. Tuke
The y,
Gui the
de worl
must d-
, reno
nece wne
ssari d
ly, stati
deve stici
lop an,
and coin
evol ed
ve the
as term
soft soft
ware war
e.
engi
The
neeri
term
ng
soft
matu
war
res.
e
It
engi
neer ee
ing esta
was blish
used ed
in with
the in
title the
of a IEE
NAT E
O Com
conf pute
eren r
ce Soci
held ety
in for
Ger deve
man lopi
y in ng
1968 soft
. ware
The engi
IEE neeri
E ng
Com stan
pute dard
r s
Soci was
ety foun
first ded
publ in
ishe 1976
d its .
Tran Th
sacti e
ons first
on holis
Soft tic
war view
e of
Engi soft
neer ware
ing engi
in neeri
1972 ng
. to
The emer
com ge
mitt from
the E
IEE Std.
E 730
Com was
pute to
r prov
Soci ide
ety unif
resul orm,
ted mini
from mu
an m
effor acce
t led ptabl
by e
Fletc requ
her irem
Buc ents
kley for
to prep
deve arati
lop on
IEE and
E cont
stan ent
dard of
730 soft
for ware
soft quali
ware ty
quali assu
ty ranc
assu e
ranc plan
e, s.
whic This
h stan
was dard
com was
plete influ
d in entia
1979 l in
. com
The pleti
purp ng
ose the
of deve
IEE lopi
ng IEE
stan E
dard Com
s in pute
the r
follo Soci
wing ety
topic held
s: a
conf serie
igur s of
ation wor
man ksho
age ps
ment conc
, erni
soft ng
ware the
testi appli
ng, catio
soft n of
ware
soft
requ
ware
irem
engi
ents,
neeri
soft
ng
ware
stan
desi
dard
gn,
s.
and
soft Thes
ware e
verif wor
icati ksho
on ps
and invo
valid lved
ation pract
. ition
D ers
urin shari
g the ng
peri their
od expe
1981 rienc
es
1985 with
, the exist
ing ning
stan also
dard resul
s. ted
The in
wor IEE
ksho E
ps Std.
also 1002
held ,
sessi Tax
ons ono
on my
plan of
ning Soft
for war
futur e
e Engi
stan neer
dard ing
s, Stan
inclu dard
ding s
one (198
invo 6),
lvin whic
g h
mea prov
sure ided
s a
and new,
metr holis
ics tic
for view
soft of
ware soft
engi ware
neeri engi
ng neeri
prod ng.
ucts The
and stan
proc dard
esse desc
s. ribes
The the
plan form
and parti
cont cipat
ent ing
of a in
soft the
ware soft
engi ware
neeri life
ng cycl
stan e.
dard In 1990,
s planning
taxo for an
nom internation
y. It al standard
expl with an
ains overall
the view was
vari begun. The
ous planning
type focused on
s of reconciling
soft the
ware software
engi process
neeri views from
ng IEEE Std.
stan 1074 and
dard the revised
s, US DoD
their standard
2167A.
func
The
tiona
revision
l and
was
exter
eventually
nal
published
relat
as DoD
ions
Std. 498.
hips,
The
and
internation
the al standard
role was
of completed
vari in 1995
ous with
func designation
tions , ISO/IEC
12207, and two
given the motions
title of led to a
Standard joint
for committee
Software under the
LifeCycle leadership
Processes. of Mario
Std. ISO/ Barbacci
IEC 12207 and Stuart
provided a Zweben
major point who served
of as
departure cochairs.
for the The
body of mission
knowledge statement
captured in of the joint
this book. committee
It was was To
the IEEE establish
Computer the
Society appropriate
Board of sets(s) of
Governors criteria and
approval of norms for
the motion professiona
put l practice
forward in of software
May 1993 engineerin
by Fletcher g upon
Buckley which
which industrial
resulted in decisions,
the writing professiona
of this l
book. The certificatio
Associatio n, and
n for educational
Computing curricula
Machinery can be
(ACM) based.
Council The
approved a steering
related committee
motion in organized
August task forces
1993. The in the
following knowledge
areas: and
recommen
1. Define d practices.
xi
x
Required The code
Body of of ethics
Knowled and
ge and professiona
Recomm l practice
ended for
Practices software
. engineerin
xx
g was
SWEBOK
Guide V3.0 completed
in 1998
and
approved
2. Define by both the
Ethics ACM
and
Council
Profes
and the
sional
IEEE
Standa
Computer
rds.
Society
3. Define
Board of
Educat
Governors.
ional
It has been
Curric
adopted by
ula for
numerous
underg
raduat corporation
e, s and other
gradua organizatio
te, and ns and is
contin included in
uing several
educati recent
on. textbooks.
The
This educational
book curriculum
supplies for
the first undergradu
component ates is
: required being
body of completed
by a joint and
effort of training
the IEEE programs,
Computer certificatio
Society n of
and the specialists,
ACM and or
is expected professiona
to be l licensing.
completed Generally,
in 2004. a
Every professiona
profession l society or
is based on related
a body of body
knowledge maintains
and custody of
recommen such a
ded formal
practices, definition.
although In cases
they are where no
not always such
defined in formality
a precise exists, the
manner. In body of
many knowledge
cases, and
these are recommen
formally ded
documente practices
d, usually are
in a form generally
that recognized
permits by
them to be practitioner
used for s and may
such be codified
purposes in a variety
as of ways for
accreditati different
on of uses.
academic It
programs, is
developme hope
nt of d
education that
read Fletc
ers her
will Buck
find ley
this in
book reco
usef gniti
ul in on of
guidi his
ng com
them mitm
towa ent
rd to
the prom
kno oting
wled soft
ge ware
and engi
reso neeri
urces ng as
they a
need profe
in ssion
their al
lifelo disci
ng pline
caree and
r his
deve excel
lopm lence
ent as a
as soft
soft ware
ware engi
engi neeri
neeri ng
ng pract
profe ition
ssion er in
als. radar
Th appli
e catio
book ns.
is
dedi
cated Leon
to ard
L. ACM
Trip
p, Steer
IEE ing
E Com
Fello mitte
w efor
2003 the
Chair, Esta
Professio blish
nal ment
Practices of
Software
Committe Engineeri
e,IEEE ngasa
Com Professio
puter n(1998
1999)
Soci
ety Chair,
(200 Software
1 Engineerin
2003 g
) Standards
Committee,
Chai
r, IEEE
Joint
Com
IEE puter
E
Com Soci
puter ety
(199
Soci 2
ety 1998
and )
EDITORS
Pierre Bourque, Department of Software and IT Engineering, cole de technologie suprieure
(TS), Canada, pierre.bourque@etsmtl.ca
Richard E. (Dick) Fairley, Software and Systems Engineering Associates (S2EA), USA,
dickfairley@gmail.com
COEDITORS
Alain Abran, Department of Software and IT Engineering, cole de technologie suprieure (TS),
Canada, alain.abran@etsmtl.ca
Juan Garbajosa, Universidad Politecnica de Madrid (Technical University of Madrid, UPM), Spain,
juan.garbajosa@upm.es
Gargi Keeni, Tata Consultancy Services, India, gargi@ieee.org
Beijun Shen, School of Software, Shanghai Jiao Tong University, China, bjshen@sjtu.edu.cn
CONTRIBUTING EDITORS
The following persons contributed to editing the SWEBOK Guide V3:
Don Shafer
Linda Shafer
Mary Jane Willshire
Kate Guillemette
Software Requirements
Gerald Kotonya, School of Computing and Communications, Lancaster University, UK,
gerald@comp.lancs.ac.uk
Peter Sawyer, School of Computing and Communications, Lancaster University, UK,
sawyer@comp.lancs.ac.uk
Software Design
Yanchun Sun, School of Electronics Engineering and Computer Science, Peking University, China,
sunyc@pku.edu.cn
Software Construction
Xin Peng, Software School, Fudan University, China, pengxin@fudan.edu.cn
Software Testing
Antonia Bertolino, ISTI-CNR, Italy, antonia.bertolino@isti.cnr.it Eda
Marchetti, ISTI-CNR, Italy, eda.marchetti@isti.cnr.it
Software Maintenance
Alain April, cole de technologie suprieure (TS), Canada, alain.april@etsmtl.ca
Mira Kajko-Mattsson, School of Information and Communication Technology, KTH
Royal Institute of Technology, mekm2@kth.se
Software Quality
J. David Blaine, USA, jdavidblaine@gmail.com
Durba Biswas, Tata Consultancy Services, India, durba.biswas@tcs.com
23
24
SWEBOK Guide V3.0
Computing Foundations
Hengming Zou, Shanghai Jiao Tong University, China, zou@sjtu.edu.cn
Mathematical Foundations
Nabendu Chaki, University of Calcutta, India, nabendu@ieee.org
Engineering Foundations
Amitava Bandyopadhayay, Indian Statistical Institute, India, bamitava@isical.ac.in
Mary Jane Willshire, Software and Systems Engineering Associates (S2EA), USA,
mj.fairley@gmail.com
Software Requirements
Peter Sawyer, Computing Department, Lancaster University, UK
Gerald Kotonya, Computing Department, Lancaster University, UK
Software Design
Guy Tremblay, Dpartement dinformatique, UQAM, Canada
Software Construction
Steve McConnell, Construx Software, USA
Terry Bollinger, the MITRE Corporation, USA
Philippe Gabrini, Dpartement dinformatique, UQAM, Canada
Louis Martin, Dpartement dinformatique, UQAM, Canada
Software Testing
Antonia Bertolino, ISTI-CNR, Italy
Eda Marchetti, ISTI-CNR, Italy
Software Maintenance
Thomas M. Pigoski, Techsoft Inc., USA
Alain April, cole de technologie suprieure, Canada
25
26
Software Quality
Alain April, cole de technologie suprieure, Canada
Dolores Wallace, retired from the National Institute of Standards and Technology, USA
Larry Reeker, NIST, USA
References Editor
Marc Bouisset, Dpartement dinformatique, UQAM
REVIEW TEAM
The people listed below participated in the public review process of SWEBOK Guide V3.
Membership of the IEEE Computer Society was not a requirement to participate in this review
process, and membership information was not requested from reviewers. Over 1500 individual
comments were
27
28
Vladimir Mandic, Serbia Vineet Sawant, USA
Matt Mansell, New Zealand R. Schaaf, USA
John Marien, USA James C. Schatzman, USA
SWEBOK Guide V3.0 Oscar A. Schivo, Argentina
Florian Schneider, Germany
Thom Schoeffling, USA
Stephen P. Masticola, USA Reinhard Schrage, Germany
Nancy Mead, USA Neetu Sethia, India
Fuensanta Medina-Dominguez, Cindy C. Shelton, USA
Spain Alan Shepherd, Germany
Silvia Judith Meles, Argentina Katsutoshi Shintani, Japan
Oscar A. Mondragon, Mexico Erik Shreve, USA
David W. Mutschler, USA Jaguaraci Silva, Brazil
Maria Nelson, Brazil M. Somasundaram, India
John Noblin, USA Peraphon Sophatsathit, Thailand
Bryan G. Ogihara, USA John Standen, UK
Takehisa Okazaki, Japan Joyce Statz, USA
Hanna Oktaba, Mexico Perdita P. Stevens, UK
Chin Hwee Ong, Hong Kong David Struble, USA
Venkateswar Oruganti, India Ohno Susumu, Japan
Birgit Penzenstadler, Germany Urcun Tanik, USA
Larry Peters, USA Talin Tasciyan, USA
S.K. Pillai, India J. Barrie Thompson, UK
Vaclav Rajlich, USA Steve Tockey, USA
Kiron Rao, India Miguel Eduardo Torres Moreno, Colombia
Luis Reyes, USA Dawid Trawczynski, USA
Hassan Reza, USA Adam Trendowicz, Germany
Steve Roach, USA Norio Ueno, Japan
Teresa L. Roberts, USA Cenk Uyan, Turkey
Dennis Robi, USA Chandra Sekar Veerappan, Singapore
Warren E. Robinson, USA Oruganti Venkateswar, India
Jorge L. Rodriguez, USA Jochen Vogt, Germany
Alberto C. Sampaio, Portugal Hironori Washizaki, Japan
Ed Samuels, USA Ulf Westermann, Germany
Maria-Isabel Sanchez-Segura, Don Wilson, USA
Spain Aharon Yadin, Israel
Hong Zhou, UK
ACKNOWLEDGEMENTS
Funding for the development of SWEBOK various ways: Pieter Botman, Evan Butterfield,
Guide V3 has been provided by the IEEE Carine Chauny, Pierce Gibbs, Diane Girard,
Computer Society. The editors and coeditors John Keppler, Dorian McClenahan, Kenza
appreciate the important work performed by the Meridji, Samuel Redwine, Annette Reilly, and
KA editors and the contributing editors as well Pam Thompson.
as by the the members of the Change Control Finally, there are surely other people who
Board. The editorial team must also have contributed to this Guide, either directly or
acknowledge the indispensable contribution of indirectly, whose names we have inadvertently
reviewers. omitted. To those people, we offer our tacit
The editorial team also wishes to thank the appreciation and apologize for having omitted
following people who contributed to the project in explicit recognition.
29
30
The following motion was unanimously adopted by the Professional Activities Board of the IEEE
Computer Society in December 2013:
TheProfessionalActivitiesBoardoftheIEEEComputerSocietyfindsthattheGuide to the
Software Engineering Body of KnowledgeVersion3.0hasbeensuccessfullycompleted;and
endorsestheGuide to the Software Engineering Body of Knowledge Version3.0andcommends
ittotheIEEEComputerSocietyBoardofGovernorsfortheirapproval.
The following motion was adopted by the IEEE Computer Society Board of Governors in December 2013:
MOVED,thattheBoardofGovernorsoftheIEEEComputerSocietyapprovesVersion3.0ofthe
Guide to the Software Engineering Body of Knowledge andauthorizestheChairofthe
ProfessionalActivitiesBoardtoproceedwithprinting.
TheIndustrialAdvisoryBoardfindsthattheSoftwareEngineeringBodyofKnowledgeproject
initiatedin1998hasbeensuccessfullycompleted;andendorsesthe2004VersionoftheGuide to
the SWEBOKandcommendsittotheIEEEComputerSocietyBoardofGovernorsfortheir
approval.
The following motion was adopted by the IEEE Computer Society Board of Governors in February 2004:
MOVED,thattheBoardofGovernorsoftheIEEEComputerSocietyapprovesthe2004Edition
oftheGuide to the Software Engineering Body of Knowledge andauthorizestheChairofthe
ProfessionalPracticesCommitteetoproceedwithprinting.
The Guide should not be confused with the Body of Knowledge itself, which exists in the
published literature. The purpose of the Guide is to describe the portion of the Body of
Knowledge that is generally accepted, to organize that portion, and to provide topical access to
it.
The GuidetotheSoftwareEngineeringBodyofKnowledge (SWEBOK Guide) was established with
the following five objectives:
1See www.computer.org/sevocab.
31
32
The first of these objectives, a consistent worldwide view of software engineering, was supported
by a development process which engaged approximately 150 reviewers from 33 countries. More
information regarding the development process can be found on the website (www.swebok.org).
Professional and learned societies and public agencies involved in software engineering were
contacted, made aware of this project to update SWEBOK, and invited to participate in the review
process. KA editors were recruited from North America, the Pacific Rim, and Europe. Presentations
on the project were made at various international venues.
The second of the objectives, the desire to specify the scope of software engineering, motivates the
fundamental organization of the Guide. The material that is recognized as being within this discipline
is organized into the fifteen KAs listed in Table I.1. Each of these KAs is treated in a chapter in this
Guide.
SWEBOK Guide V3.0
The organization of the KA chapters supports the third of the projects objectivesa
characterization of the contents of software engineering. The detailed specifications provided
by the projects editorial team to the associate editors regarding the contents of the KA
descriptions can be found in Appendix A.
The Guide uses a hierarchical organization to decompose each KA into a set of topics with
recognizable labels. A two (sometime three) level breakdown provides a reasonable way to
find topics of interest. The Guide treats the selected topics in a manner compatible with major
schools of thought and with breakdowns generally found in industry and in software
engineering literature and standards. The breakdowns of topics do not presume particular
application domains, business uses, management philosophies, development methods, and so
forth. The extent of each topics description is only that needed to understand the generally
accepted nature of the topics and for the reader to successfully find reference material; the
Body of Knowledge is found in the reference materials themselves, not in the Guide.
To provide topical access to the knowledgethe fourth of the projects objectivesthe Guide
identifies authoritative reference material for each KA. Appendix C provides a Consolidated
Reference List for the Guide. Each KA includes relevant references from the Consolidated
Reference List and also includes a matrix relating the reference material to the included topics.
It should be noted that the Guide does not attempt to be comprehensive in its citations. Much
material that is both suitable and excellent is not referenced. Material included in the
Consolidated Reference List provides coverage of the topics described.
DEPTH OF TREATMENT
33
certification, and licensing, the criterion of Introduction xxxiii
generallyaccepted knowledge has been applied,
to be distinguished from advanced and research
knowledge (on the grounds of maturity) and The breakdown of topics in each KA
from specialized knowledge (on the grounds of constitutes the core the KA description,
generality of application). describing the decomposition of the KA into
The equivalent term generally recognized subareas, topics, and sub-topics. For each topic
comes from the Project Management Institute: or subtopic, a short description is given, along
Generally recognized means the knowledge with one or more references.
and practices described are applicable to most The reference material was chosen because it
projects most of the time, and there is consensus is considered to constitute the best presentation
about their value and usefulness.2 of the knowledge relative to the topic. A matrix
However, the terms generally accepted or links the topics to the reference material.
generally recognized do not imply that the The last part of each KA description is the list
designated knowledge should be uniformly of recommended references and (optionally)
applied to all software engineering endeavors further readings. Relevant standards for each
each projects needs determine thatbut it does KA are presented in Appendix B of the Guide.
imply that competent, capable software
engineers should be equipped with this APPENDIX A. KA DESCRIPTION
knowledge for potential application. More SPECIFICATIONS
precisely, generally accepted knowledge should
be included in the study material for the Appendix A describes the specifications
software engineering licensing examination that provided by the editorial team to the associate
graduates would take after gaining four years of editors for the content, recommended
work experience. Although this criterion is references, format, and style of the KA
specific to the US style of education and does descriptions.
not necessarily apply to other countries, we
deem it useful. APPENDIX B. ALLOCATION OF STAN-
DARDS TO KAS
STRUCTURE OF THE KA DESCRIPTIONS
Appendix B is an annotated list of the relevant
The KA descriptions are structured as follows. standards, mostly from the IEEE and the ISO,
In the introduction, a brief definition of the for each of the KAs of the SWEBOK Guide.
KA and an overview of its scope and of its
relationship with other KAs are presented. APPENDIX C. CONSOLIDATED
REFERENCE LIST
2 AGuidetotheProjectManagementBodyof
Knowledge, 5th ed., Project Management
Appendix C contains the consolidated list of
Institute, 2013; www.pmi.org.
recommended references cited in the KAs (these
references are marked with an asterisk (*) in the used in this KA other than for software
text). engineering per se.
For the same reason, requirements engineer,
CHAPTER 1 SOFTWARE a term which appears in some of the literature,
REQUIREMENTS will not be used either. Instead, the term
software engineer or, in some specific cases,
requirements specialist will be used, the latter
ACRONYMS where the role in question is usually performed
by an individual other than a software engineer.
Confidentiality, Integrity, and
CIA This does not imply, however, that a software
Availability
engineer could not perform the function.
DAG Directed Acyclic Graph A risk inherent in the proposed breakdown is
FSM Functional Size Measurement that a waterfall-like process may be inferred. To
guard against this, topic 2, Requirements
International Council on Systems
INCOSE Process, is designed to provide a high-level
Engineering
overview of the requirements process by setting
UML Unified Modeling Language out the resources and constraints under which
SysML Systems Modeling Language the process operates and which act to configure
INTRODUCTION it.
An alternate decomposition could use a
The Software Requirements knowledge area product-based structure (system requirements,
(KA) is concerned with the elicitation, analysis, software requirements, prototypes, use cases,
specification, and validation of software and so on). The process-based breakdown
requirements as well as the management of reflects the fact that the requirements process, if
requirements during the whole life cycle of the it is to be successful, must be considered as a
software product. It is widely acknowledged process involving complex, tightly coupled
amongst researchers and industry practitioners activities (both sequential and concurrent),
that software projects are critically vulnerable rather than as a discrete, one-off activity
when the requirementsrelated activities are performed at the outset of a software
poorly performed. development project.
Software requirements express the needs and The Software Requirements KA is related
constraints placed on a software product that closely to the Software Design, Software
contribute to the solution of some real-world Testing, Software Maintenance, Software
problem. Configuration Management, Software
The term requirements engineering is Engineering Management, Software
widely used in the field to denote the systematic Engineering Process, Software Engineering
handling of requirements. For reasons of Models and Methods, and Software Quality
consistency, the term engineering will not be KAs.
BREAKDOWN OF TOPICS FOR [1*, c4, c4s1, c10s1, c10s4] [2*, c1, c6,
SOFTWARE REQUIREMENTS
c12] 1.1. DefinitionofaSoftwareRequirement
The breakdown of topics for the Software
Requirements KA is shown in Figure 1.1. At its most basic, a software requirement is a
property that must be exhibited by something in
1. Software Requirements Fundamentals
1-1
technique is one example. Another might be the Software requirements should be stated as
use of particularly rigorous analysis techniques clearly and as unambiguously as possible, and,
(such as formal specification methods) to reduce where appropriate, quantitatively. It is important
faults that can lead to inadequate reliability. to avoid vague and unverifiable requirements
Process requirements may also be imposed that depend for their interpretation on subjective
directly by the development organization, their judgment (the software shall be reliable; the
customer, or a third party such as a safety software shall be user-friendly). This is
regulator. particularly important for nonfunctional
requirements. Two examples of quantified
1.3. FunctionalandNonfunctional requirements are the following: a call centers
Requirements software must increase the centers throughput
by 20%; and a system shall have a probability
Functional requirements describe the functions of generating a fatal error during any hour of
that the software is to execute; for example, operation of less than 1 * 108. The throughput
formatting some text or modulating a signal. requirement is at a very high level and will need
They are sometimes known as capabilities or to be used to derive a number of detailed
features. A functional requirement can also be requirements. The reliability requirement will
described as one for which a finite set of test tightly constrain the system architecture.
steps can be written to validate its behavior.
Nonfunctional requirements are the ones that 1.6. SystemRequirementsandSoftware
act to constrain the solution. Nonfunctional Requirements
requirements are sometimes known as
constraints or quality requirements. They can be In this topic, system means
further classified according to whether they are
performance requirements, maintainability an interacting combination of elements to
requirements, safety requirements, reliability accomplish a defined objective. These
requirements, security requirements, include hardware, software, firmware,
interoperability requirements or one of many people, information, techniques,
other types of software requirements (see facilities, services, and other support
Models and Quality Characteristics in the elements,
Software Quality KA).
as defined by the International Council on
1.4. EmergentProperties Software and Systems Engineering (INCOSE)
[3].
Some requirements represent emergent System requirements are the requirements for
properties of softwarethat is, requirements the system as a whole. In a system containing
that cannot be addressed by a single component software components, software requirements are
but that depend on how all the software derived from system requirements.
components interoperate. The throughput This KA defines user requirements in a
requirement for a call center would, for restricted way, as the requirements of the
example, depend on how the telephone system, systems customers or end users. System
information system, and the operators all requirements, by contrast, encompass user
interacted under actual operating conditions. requirements, requirements of other
Emergent properties are crucially dependent on stakeholders (such as regulatory authorities),
the system architecture. and requirements without an identifiable human
source.
1.5. QuantifiableRequirements
2.Requirements Process
Software Requirements 1-39
[1*, c4s4] [2*, c14, c6, c22, c23] Users: This group comprises those who will
operate the software. It is often a
This section introduces the software heterogeneous group involving people with
requirements process, orienting the remaining different roles and requirements.
five topics and showing how the requirements Customers: This group comprises those who
process dovetails with the overall software have commissioned the software or who
engineering process. represent the softwares target market.
2.1. ProcessModels Market analysts: A mass-market product
will not have a commissioning customer, so
The objective of this topic is to provide an marketing people are often needed to
understanding that the requirements process establish what the market needs and to act
as proxy customers.
is not a discrete front-end activity of the Regulators: Many application domains,
software life cycle, but rather a process such as banking and public transport, are
initiated at the beginning of a project that regulated. Software in these domains must
continues to be refined throughout the life comply with the requirements of the
cycle; regulatory authorities.
identifies software requirements as Software engineers: These individuals have
configuration items and manages them a legitimate interest in profiting from
using the same software configuration developing the software by, for example,
management practices as other products of reusing components in or from other
the software life cycle processes; products. If, in this scenario, a customer of a
needs to be adapted to the organization and particular product has specific requirements
project context. that compromise the potential for
component reuse, the software engineers
In particular, the topic is concerned with how must carefully weigh their own stake
the activities of elicitation, analysis, against those of the customer. Specific
specification, and validation are configured for requirements, particularly constraints, may
different types of projects and constraints. The have major impact on project cost or
topic also includes activities that provide input delivery because they either fit well or
into the requirements process, such as marketing poorly with the skill set of the engineers.
and feasibility studies. Important tradeoffs among such
requirements should be identified.
2.2. ProcessActors
It will not be possible to perfectly satisfy the
This topic introduces the roles of the people requirements of every stakeholder, and it is the
who participate in the requirements process. software engineers job to negotiate tradeoffs
This process is fundamentally interdisciplinary, that are both acceptable to the principal
and the requirements specialist needs to mediate stakeholders and within budgetary, technical,
between the domain of the stakeholder and that regulatory, and other constraints. A prerequisite
of software engineering. There are often many for this is that all the stakeholders be identified,
people involved besides the requirements the nature of their stake analyzed, and their
specialist, each of whom has a stake in the requirements elicited. 2.3. ProcessSupportand
software. The stakeholders will vary across Management
projects, but will always include users/operators
and customers (who need not be the same). This section introduces the project management
Typical examples of software stakeholders resources required and consumed by the
include (but are not restricted to) the following: requirements process. It establishes the context
1-40 SWEBOK Guide V3.0
for the first topic (Initiation and Scope effective communication between the various
Definition) of the Software Engineering stakeholders. This communication continues
Management KA. Its principal purpose is to through the entire Software Development Life
make the link between the process activities Cycle (SDLC) process with different
identified in 2.1 and the issues of cost, human stakeholders at different points in time. Before
resources, training, and tools. 2.4. Process development begins, requirements specialists
QualityandImprovement may form the conduit for this communication.
They must mediate between the domain of the
This topic is concerned with the assessment of software users (and other stakeholders) and the
the quality and improvement of the technical world of the software engineer. A set
requirements process. Its purpose is to of internally consistent models at different
emphasize the key role the requirements process levels of abstraction facilitate communications
plays in terms of the cost and timeliness of a between software users/stakeholders and
software product and of the customers software engineers.
satisfaction with it. It will help to orient the A critical element of requirements elicitation
requirements process with quality standards and is informing the project scope. This involves
process improvement models for software and providing a description of the software being
systems. Process quality and improvement is specified and its purpose and prioritizing the
closely related to both the Software Quality KA deliverables to ensure the customers most
and Software Engineering Process KA, important business needs are satisfied first. This
comprising minimizes the risk of requirements specialists
spending time eliciting requirements that are of
requirements process coverage by process low importance, or those that turn out to be no
improvement standards and models; longer relevant when the software is delivered.
requirements process measures On the other hand, the description must be
and benchmarking; scalable and extensible to accept further
improvement planning and implementation; requirements not expressed in the first formal
security/CIA lists and compatible with the previous ones as
improvement/planning and contemplated in recursive methods. 3.1.
implementation. RequirementsSources
goals. A feasibility study is a relatively low- these since, in general, new software should
cost way of doing this. not force unplanned change on the business
Domain knowledge. The software engineer process.
needs to acquire or have available
knowledge about the application domain. 3.2. ElicitationTechniques
Domain knowledge provides the
background against which all elicited Once the requirements sources have been
requirements knowledge must be set in identified, the software engineer can start
order to understand it. Its a good practice to eliciting requirements information from them.
emulate an ontological approach in the Note that requirements are seldom elicited
knowledge domain. Relations between ready-made. Rather, the software engineer
relevant concepts within the application elicits information from which he or she
domain should be identified. formulates requirements. This topic
Stakeholders (see section 2.2, Process concentrates on techniques for getting human
Actors). Much software has proved stakeholders to articulate requirementsrelevant
unsatisfactory because it has stressed the information. It is a very difficult task and the
requirements of one group of stakeholders software engineer needs to be sensitized to the
at the expense of others. Hence, the fact that (for example) users may have difficulty
delivered software is difficult to use, or describing their tasks, may leave important
subverts the cultural or political structures information unstated, or may be unwilling or
of the customer organization. The software unable to cooperate. It is particularly important
engineer needs to identify, represent, and to understand that elicitation is not a passive
manage the viewpoints of many different activity and that, even if cooperative and
types of stakeholders. articulate stakeholders are available, the
Business rules. These are statements that software engineer has to work hard to elicit the
define or constrain some aspect of the right information. Many business or technical
structure or the behavior of the business requirements are tacit or in feedback that has yet
itself. A student cannot register in next to be obtained from end users. The importance
semesters courses if there remain some of planning, verification, and validation in
unpaid tuition fees would be an example of requirements elicitation cannot be overstated. A
a business rule that would be a requirement number of techniques exist for requirements
source for a universitys course-registration elicitation; the principal ones are these:
software.
The operational environment. Requirements Interviews. Interviewing stakeholders is a
will be derived from the environment in traditional means of eliciting
which the software will be executed. These requirements. It is important to understand
may be, for example, timing constraints in the advantages and limitations of interviews
real-time software or performance and how they should be conducted.
constraints in a business environment. Scenarios. Scenarios provide a valuable
These must be sought out actively because means for providing context to the
they can greatly affect software feasibility elicitation of user requirements. They allow
and cost as well as restrict design choices. the software engineer to provide a
The organizational environment. Software framework for questions about user tasks by
is often required to support a business permitting what if and how is this done
process, the selection of which may be questions to be asked. The most common
conditioned by the structure, culture, and type of scenario is the use case description.
internal politics of the organization. The There is a link here to topic 4.2 (Conceptual
software engineer needs to be sensitive to Modeling) because scenario notations such
1-42 SWEBOK Guide V3.0
elaborate system requirements to derive The scope of the requirement. Scope refers
software requirements. to the extent to which a requirement affects
the software and software components.
The traditional view of requirements analysis Some requirements, particularly certain
has been that it be reduced to conceptual nonfunctional ones, have a global scope in
modeling using one of a number of analysis that their satisfaction cannot be allocated to
methods, such as the structured analysis method. a discrete component. Hence, a requirement
While conceptual modeling is important, we with global scope may strongly affect the
include the classification of requirements to help software architecture and the design of
inform tradeoffs between requirements many components, whereas one with a
(requirements classification) and the process of narrow scope may offer a number of design
establishing these tradeoffs (requirements choices and have little impact on the
negotiation). satisfaction of other requirements.
Care must be taken to describe requirements Volatility/stability. Some requirements will
precisely enough to enable the requirements to change during the life cycle of the software
be validated, their implementation to be and even during the development process
verified, and their costs to be estimated. itself. It is useful if some estimate of the
likelihood that a requirement will change
4.1. RequirementsClassification can be made. For example, in a banking
application, requirements for functions to
Requirements can be classified on a number of calculate and credit interest to customers
dimensions. Examples include the following: accounts are likely to be more stable than a
requirement to support a particular kind of
Whether the requirement is functional or tax-free account. The former reflects a
nonfunctional (see section 1.3, Functional fundamental feature of the banking domain
and Nonfunctional Requirements). (that accounts can earn interest), while the
Whether the requirement is derived from latter may be rendered obsolete by a change
one or more high-level requirements or an to government legislation. Flagging
emergent property (see section 1.4, potentially volatile requirements can help
Emergent Properties), or is being imposed the software engineer establish a design that
directly on the software by a stakeholder or is more tolerant of change.
some other source.
Whether the requirement is on the product Other classifications may be appropriate,
or the process (see section 1.2, Product and depending upon the organizations normal
Process Requirements). Requirements on practice and the application itself.
the process can constrain the choice of There is a strong overlap between
contractor, the software engineering process requirements classification and requirements
to be adopted, or the standards to be attributes (see section 7.3, Requirements
adhered to. Attributes).
The requirement priority. The higher the 4.2. ConceptualModeling
priority, the more essential the requirement
is for meeting the overall goals of the The development of models of a real-world
software. Often classified on a fixed-point problem is key to software requirements
scale such as mandatory, highly desirable, analysis. Their purpose is to aid in
desirable, or optional, the priority often has understanding the situation in which the
to be balanced against the cost of problem occurs, as well as depicting a solution.
development and implementation. Hence, conceptual models comprise models of
entities from the problem domain, configured to
1-44 SWEBOK Guide V3.0
reflect their real-world relationships and provides guidance on the purpose and intent of
dependencies. This topic is closely related to the modeling.
Software Engineering Models and Methods KA.
Several kinds of models can be developed. 4.3. ArchitecturalDesignand
These include use case diagrams, data flow RequirementsAllocation
models, state models, goal-based models, user
interactions, object models, data models, and At some point, the solution architecture must be
many others. Many of these modeling notations derived. Architectural design is the point at
are part of theUnifiedModelingLanguage which the requirements process overlaps with
(UML).Use case diagrams, for example, are software or systems design and illustrates how
routinely used to depict scenarios where the impossible it is to cleanly decouple the two
boundary separates the actors (users or systems tasks. This topic is closely related to Software
in the external environment) from the internal Structure and Architecture in the Software
behavior where each use case depicts a Design KA. In many cases, the software
functionality of the system. engineer acts as software architect because the
The factors that influence the choice of process of analyzing and elaborating the
modeling notation include these: requirements demands that the
architecture/design components that will be
The nature of the problem. Some types of responsible for satisfying the requirements be
software demand that certain aspects be identified. This is requirements allocationthe
analyzed particularly rigorously. For assignment to architecture components
example, state and parametric models, responsible for satisfying the requirements.
which are part of SysML [4], are likely to Allocation is important to permit detailed
be more important for real-time software analysis of requirements. Hence, for example,
than for information systems, while it would once a set of requirements has been allocated to
usually be the opposite for object and a component, the individual requirements can be
activity models. further analyzed to discover further
The expertise of the software engineer. It is requirements on how the component needs to
often more productive to adopt a modeling interact with other components in order to
notation or method with which the software satisfy the allocated requirements. In large
engineer has experience. projects, allocation stimulates a new round of
The process requirements of the customer analysis for each subsystem. As an example,
(see section 1.2, Product and Process requirements for a particular braking
Requirements). Customers may impose performance for a car (braking distance, safety
their favored notation or method or prohibit in poor driving conditions, smoothness of
any with which they are unfamiliar. This application, pedal pressure required, and so on)
factor can conflict with the previous factor. may be allocated to the braking hardware
(mechanical and hydraulic assemblies) and an
Note that, in almost all cases, it is useful to antilock braking system (ABS). Only when a
start by building a model of the software requirement for an antilock braking system has
context. The software context provides a been identified, and the requirements allocated
connection between the intended software and to it, can the capabilities of the ABS, the braking
its external environment. hardware, and emergent properties (such as car
This is crucial to understanding the softwares weight) be used to identify the detailed ABS
context in its operational environment and to software requirements.
identifying its interfaces with the environment. Architectural design is closely identified with
This subtopic does not seek to teach a conceptual modeling (see section 4.2,
particular modeling style or notation but rather Conceptual Modeling).
Software Requirements 1-45
For most engineering professions, the term description of software requirements. In this
specification refers to the assignment of view, system requirements are specified, the
numerical values or limits to a products design software requirements are derived from the
goals. In software engineering, software system requirements, and then the requirements
requirements specification typically refers to for the software components are specified.
the production of a document that can be Strictly speaking, system requirements
systematically reviewed, evaluated, and specification is a systems engineering activity
approved. For complex systems, particularly and falls outside the scope of this Guide.
those involving substantial nonsoftware 5.3. SoftwareRequirementsSpecification
components, as many as three different types of
documents are produced: system definition, Software requirements specification establishes
system requirements, and software the basis for agreement between customers and
requirements. For simple software products, contractors or suppliers (in market-driven
only the third of these is required. All three projects, these roles may be played by the
documents are described here, with the marketing and development divisions) on what
understanding that they may be combined as the software product is to do as well as what it
appropriate. A description of systems is not expected to do.
engineering can be found in the Related Software requirements specification permits a
Disciplines of Software Engineering chapter of rigorous assessment of requirements before
this Guide. design can begin and reduces later redesign. It
should also provide a realistic basis for
5.1. SystemDefinitionDocument estimating product costs, risks, and schedules.
Organizations can also use a software
This document (sometimes known as the user requirements specification document as the
requirements document or concept of operations basis for developing effective verification and
document) records the system requirements. It validation plans.
defines the high-level system requirements from Software requirements specification provides
the domain perspective. Its readership includes an informed basis for transferring a software
representatives of the system users/customers product to new users or software platforms.
(marketing may play these roles for Finally, it can provide a basis for software
marketdriven software), so its content must be enhancement.
couched in terms of the domain. The document Software requirements are often written in
lists the system requirements along with natural language, but, in software requirements
background information about the overall specification, this may be supplemented by
objectives for the system, its target formal or semiformal descriptions. Selection of
environment, and a statement of the constraints, appropriate notations permits particular
assumptions, and nonfunctional requirements. It requirements and aspects of the software
may include conceptual models designed to architecture to be described more precisely and
illustrate the system context, usage scenarios, concisely than natural language. The general
and the principal domain entities, as well as rule is that notations should be used that allow
workflows. the requirements to be described as precisely as
possible. This is particularly crucial for safety-
5.2. SystemRequirementsSpecification critical, regulatory, and certain other types of
dependable software. However, the choice of
Developers of systems with substantial software notation is often constrained by the training,
and nonsoftware componentsa modern skills, and preferences of the documents
airliner, for exampleoften separate the authors and readers.
description of system requirements from the
Software Requirements 1-47
A number of quality indicators have been that it defines the right software (that is, the
developed that can be used to relate the quality software that the users expect).
of software requirements specification to other
project variables such as cost, acceptance, 6.1. RequirementsReviews
performance, schedule, and reproducibility.
Quality indicators for individual software Perhaps the most common means of validation
requirements specification statements include is by inspection or reviews of the requirements
imperatives, directives, weak phrases, options, document(s). A group of reviewers is assigned a
and continuances. Indicators for the entire brief to look for errors, mistaken assumptions,
software requirements specification document lack of clarity, and deviation from standard
include size, readability, specification, depth, practice. The composition of the group that
and text structure. conducts the review is important (at least one
6. Requirements Validation representative of the customer should be
[1*, c4s6] [2*, c13, c15] included for a customer-driven project, for
example), and it may help to provide guidance
The requirements documents may be subject to on what to look for in the form of checklists.
validation and verification procedures. The Reviews may be constituted on completion of
requirements may be validated to ensure that the the system definition document, the system
software engineer has understood the specification document, the software
requirements; it is also important to verify that a requirements specification document, the
requirements document conforms to company baseline specification for a new release, or at
standards and that it is understandable, any other step in the process.
consistent, and complete. In cases where
documented company standards or terminology 6.2. Prototyping
are inconsistent with widely accepted standards,
a mapping between the two should be agreed on Prototyping is commonly a means for validating
and appended to the document. the software engineers interpretation of the
Formal notations offer the important software requirements, as well as for eliciting
advantage of permitting the last two properties new requirements. As with elicitation, there is a
to be proven (in a restricted sense, at least). range of prototyping techniques and a number
Different stakeholders, including representatives of points in the process where prototype
of the customer and developer, should review validation may be appropriate. The advantage of
the document(s). Requirements documents are prototypes is that they can make it easier to
subject to the same configuration management interpret the software engineers assumptions
practices as the other deliverables of the and, where needed, give useful feedback on
software life cycle processes. When practical, why they are wrong. For example, the dynamic
the individual requirements are also subject to behavior of a user interface can be better
configuration management, generally using a understood through an animated prototype than
requirements management tool (see topic 8, through textual description or graphical models.
Software Requirements Tools). The volatility of a requirement that is defined
It is normal to explicitly schedule one or more after prototyping has been done is extremely
points in the requirements process where the low because there is agreement between the
requirements are validated. The aim is to pick stakeholder and the software engineer
up any problems before resources are committed therefore, for safety-critical and crucial features
to addressing the requirements. Requirements prototyping would really help. There are also
validation is concerned with the process of disadvantages, however. These include the
examining the requirements document to ensure danger of users attention being distracted from
the core underlying functionality by cosmetic
1-48 SWEBOK Guide V3.0
issues or quality problems with the prototype. The first level of topic decomposition presented
For this reason, some advocate prototypes that in this KA may seem to describe a linear
avoid software, such as flip-chart-based sequence of activities. This is a simplified view
mockups. Prototypes may be costly to develop. of the process.
However, if they avoid the wastage of resources The requirements process spans the whole
caused by trying to satisfy erroneous software life cycle. Change management and the
requirements, their cost can be more easily maintenance of the requirements in a state that
justified. Early prototypes may contain aspects accurately mirrors the software to be built, or
of the final solution. Prototypes may be that has been built, are key to the success of the
evolutionary as opposed to throwaway. software engineering process.
Not every organization has a culture of
6.3. ModelValidation documenting and managing requirements. It is
common in dynamic start-up companies, driven
It is typically necessary to validate the quality of by a strong product vision and limited
the models developed during analysis. For resources, to view requirements documentation
example, in object models, it is useful to as unnecessary overhead. Most often, however,
perform a static analysis to verify that as these companies expand, as their customer
communication paths exist between objects that, base grows, and as their product starts to evolve,
in the stakeholders domain, exchange data. If they discover that they need to recover the
formal analysis notations are used, it is possible requirements that motivated product features in
to use formal reasoning to prove specification order to assess the impact of proposed changes.
properties. This topic is closely related to the Hence, requirements documentation and change
Software Engineering Models and Methods KA. management are key to the success of any
requirements process.
6.4. AcceptanceTests
7.1.IterativeNatureoftheRequirements
An essential property of a software requirement Process
is that it should be possible to validate that the
finished product satisfies it. Requirements that There is general pressure in the software
cannot be validated are really just wishes. An industry for ever shorter development cycles,
important task is therefore planning how to and this is particularly pronounced in highly
verify each requirement. In most cases, competitive, market-driven sectors. Moreover,
designing acceptance tests does this for how most projects are constrained in some way by
end-users typically conduct business using the their environment, and many are upgrades to, or
system. revisions of, existing software where the
Identifying and designing acceptance tests architecture is a given. In practice, therefore, it
may be difficult for nonfunctional requirements is almost always impractical to implement the
(see section 1.3, Functional and Nonfunctional requirements process as a linear, deterministic
Requirements). To be validated, they must first process in which software requirements are
be analyzed and decomposed to the point where elicited from the stakeholders, baselined,
they can be expressed quantitatively. allocated, and handed over to the software
Additional information can be found in development team. It is certainly a myth that the
Acceptance/Qualification/Conformance Testing requirements for large software projects are ever
in the Software Testing KA. perfectly understood or perfectly specified.
Instead, requirements typically iterate towards
7. Practical Considerations
a level of quality and detail that is sufficient to
[1*, c4s1, c4s4, c4s6, c4s7]
permit design and procurement decisions to be
[2*, c3, c12, c14, c16, c1821]
made. In some projects, this may result in the
Software Requirements 1-49
requirements being baselined before all their combination of topdown analysis and design
properties are fully understood. This risks methods and bottomup implementation and
expensive rework if problems emerge late in the refactoring methods that meet in the middle
software engineering process. However, could provide the best of both worlds. However,
software engineers are necessarily constrained this is difficult to achieve in practice, as it
by project management plans and must therefore depends heavily upon the maturity and expertise
take steps to ensure that the quality of the of the software engineers.
requirements is as high as possible given the
available resources. They should, for example, 7.2.ChangeManagement
make explicit any assumptions that underpin the
requirements as well as any known problems. Change management is central to the
For software products that are developed management of requirements. This topic
iteratively, a project team may baseline only describes the role of change management, the
those requirements needed for the current procedures that need to be in place, and the
iteration. The requirements specialist can analysis that should be applied to proposed
continue to develop requirements for future changes. It has strong links to the Software
iterations, while developers proceed with design Configuration Management KA.
and construction of the current iteration. This
approach provides customers with business 7.3.RequirementsAttributes
value quickly, while minimizing the cost of
rework. Requirements should consist not only of a
In almost all cases, requirements specification of what is required, but also of
understanding continues to evolve as design and ancillary information, which helps manage and
interpret the requirements. Requirements
development proceeds. This often leads to the
attributes must be defined, recorded, and
revision of requirements late in the life cycle.
updated as the software under development or
Perhaps the most crucial point in understanding
maintenance evolves. This should include the
software requirements is that a significant
various classification dimensions of the
proportion of the requirements will change. This
requirement (see section 4.1, Requirements
is sometimes due to errors in the analysis, but it
Classification) and the verification method or
is frequently an inevitable consequence of
relevant acceptance test plan section. It may
change in the environmentfor example, the
also include additional information, such as a
customers operating or business environment,
summary rationale for each requirement, the
regulatory processes imposed by the authorities, source of each requirement, and a change
or the market into which software must sell. history. The most important requirements
Whatever the cause, it is important to recognize attribute, however, is an identifier that allows
the inevitability of change and take steps to the requirements to be uniquely and
mitigate its effects. Change has to be managed unambiguously identified. 7.4.Requirements
by ensuring that proposed changes go through a Tracing
defined review and approval process and by
applying careful requirements tracing, impact Requirements tracing is concerned with
analysis, and software configuration recovering the source of requirements and
management (see the Software Configuration predicting the effects of requirements. Tracing is
Management KA). Hence, the requirements fundamental to performing impact analysis
process is not merely a front-end task in when requirements change. A requirement
software development, but spans the whole should be traceable backward to the
software life cycle. In a typical project, the requirements and stakeholders that motivated it
software requirements activities evolve over (from a software requirement back to the system
time from elicitation to change management. A
1-50 SWEBOK Guide V3.0
requirement(s) that it helps satisfy, for a change in requirements, in estimating the cost
example). Conversely, a requirement should be of a development or maintenance task, or
traceable forward into the requirements and simply for use as the denominator in other
design entities that satisfy it (for example, from measurements. Functional size measurement
a system requirement into the software (FSM) is a technique for evaluating the size of a
requirements that have been elaborated from it, body of functional requirements.
and on into the code modules that implement it, Additional information on size measurement
or the test cases related to that code and even a and standards will be found in the Software
given section on the user manual which Engineering Process KA.
describes the actual functionality) and into the
test case that verifies it. 8. Software Requirements Tools
The requirements tracing for a typical project
will form a complex directed acyclic graph Tools for dealing with software requirements
(DAG) (see Graphs in the Computing fall broadly into two categories: tools for
Foundations KA) of requirements. Maintaining modeling and tools for managing requirements.
an up-todate graph or traceability matrix is an Requirements management tools typically
activity that must be considered during the support a range of activitiesincluding
whole life cycle of a product. If the traceabilitydocumentation, tracing, and change
information is not updated as changes in the managementand have had a significant
requirements continue to happen, the impact on practice. Indeed, tracing and change
traceability information becomes unreliable for management are really only practicable if
impact analysis. supported by a tool. Since requirements
7.5.MeasuringRequirements management is fundamental to good
requirements practice, many organizations have
As a practical matter, it is typically useful to invested in requirements management tools,
have some concept of the volume of the although many more manage their requirements
requirements for a particular software product. in more ad hoc and generally less satisfactory
This number is useful in evaluating the size of ways (e.g., using spreadsheets).
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Wiegers 2003
[2*]
Sommerville 2011
[1*]
Wiegers 2003
[2*]
Sommerville 2011
[1*]
7. Practical Considerations
7.1. Iterative Nature of the Requirements Process c4s4 c3, c16
7.2. Change Management c4s7 c18, c19
1-52 SWEBOK Guide V3.0
the field of software architecture, we will also satisfy discovered needs and requirements, since
address FP-design (family pattern design), the this topic is considered to be part of the
goal of which is to establish exploitable requirements process (see the Software
commonalities in a family of software products. Requirements KA).
This KA does not address I-design (invention This Software Design KA is related
design), which is usually performed during the specifically to the Software Requirements,
software requirements process with the goal of Software
conceptualizing and specifying software to
2-1
In the general sense, design can be viewed as a Software design principles are key notions that
form of problem solving. For example, the provide the basis for many different software
concept of a wicked problema problem with design approaches and concepts. Software
no definitive solutionis interesting in terms of design principles include abstraction; coupling
understanding the limits of design. A number of and cohesion; decomposition and
other notions and concepts are also of interest in modularization; encapsulation/information
understanding design in its general sense: goals, hiding; separation of interface and
constraints, alternatives, representations, and implementation; sufficiency, completeness, and
solutions (see Problem Solving Techniques in primitiveness; and separation of concerns.
the Computing Foundations KA).
Abstraction is a view of an object that
1.2. ContextofSoftwareDesign focuses on the information relevant to a
[4*, c3] particular purpose and ignores the
remainder of the information [1] (see
Software design is an important part of the Abstraction in the Computing Foundations
software development process. To understand KA). In the context of software design, two
the role of software design, we must see how it key abstraction mechanisms are
fits in the software development life cycle. parameterization and specification.
Thus, it is important to understand the major Abstraction by parameterization abstracts
characteristics of software requirements from the details of data representations by
analysis, software design, software construction, representing the data as named parameters.
software testing, and software maintenance. Abstraction by specification leads to three
major kinds of abstraction: procedural
1.3. SoftwareDesignProcess abstraction, data abstraction, and control
[4*, c2] (iteration) abstraction.
CouplingandCohesion.Coupling is
Software design is generally considered a defined as a measure of the
twostep process: interdependence among modules in a
Architectural design (also referred to as computer program, whereas cohesion is
highlevel design and top-level design) defined as a measure of the strength of
describes how software is organized into association of the elements within a
components. module [1].
Detailed design describes the desired Decompositionandmodularization.
behavior of these components. Decomposing and modularizing means that
large software is divided into a number of
The output of these two processes is a set of smaller named components having well-
models and artifacts that record the major defined interfaces that describe component
decisions that have been taken, along with an interactions. Usually the goal is to place
explanation of the rationale for each nontrivial different functionalities and responsibilities
decision. By recording the rationale, long-term in different components.
maintainability of the software product is Encapsulationandinformationhiding
enhanced. means grouping and packaging the internal
details of an abstraction and making those
1.4. SoftwareDesignPrinciples details inaccessible to external entities.
[4*] [5*, c6, c7, c21] [6*, c1, c8, c9] Separationofinterfaceand
implementation.Separating interface and
A principle is a comprehensive and implementation involves defining a
fundamental law, doctrine, or assumption [7]. component by specifying a public interface
1-4 SWEBOK Guide V3.0
Succinctly described, a pattern is a common completed software system that can be extended
solution to a common problem in a given by appropriately instantiating specific
context [16]. While architectural styles can be extensions (such as plug-ins).
viewed as patterns describing the high-level
organization of software, other design patterns 4.User Interface Design
can be used to describe details at a lower level.
These lower level design patterns include the User interface design is an essential part of the
following: software design process. User interface design
should ensure that interaction between the
Creational patterns (for example, builder, human and the machine provides for effective
factory, prototype, singleton) operation and control of the machine. For
Structural patterns (for example, adapter, software to achieve its full potential, the user
bridge, composite, decorator, faade, interface should be designed to match the skills,
flyweight, proxy) experience, and expectations of its anticipated
Behavioral patterns (for example, users.
command, interpreter, iterator, mediator,
memento, observer, state, strategy, template, 4.1. GeneralUserInterfaceDesignPrinciples
visitor). [5*, c29-web] [17*, c2]3
Dont depend on color alone to convey User interface designers can use metaphors and
important information to users with conceptual models to set up mappings between
different capabilities (blindness, poor the software and some reference system known
eyesight, colorblindness, etc.). to the users in the real world, which can help the
users to more readily learn and use the interface.
4.5. UserInterfaceDesignProcess For example, the operation delete file can be
[5*, c29-web] [17*, c2] made into a metaphor using the icon of a trash
can.
User interface design is an iterative process; When designing a user interface, software
interface prototypes are often used to determine engineers should be careful to not use more than
the features, organization, and look of the one metaphor for each concept. Metaphors also
software user interface. This process includes present potential problems with respect to
three core activities: internationalization, since not all metaphors are
meaningful or are applied in the same way
Useranalysis.In this phase, the designer within all cultures.
analyzes the users tasks, the working
environment, other software, and how users 5.Software Design Quality Analysis and
interact with other people. Evaluation
Softwareprototyping.Developing prototype
software help users to guide the evolution of This section includes a number of quality
the interface. analysis and evaluation topics that are
Interface evaluation. Designers can specifically related to software design. (See also
observe users experiences with the the Software Quality KA.)
evolving interface.
4.6. Localizationand 5.1. QualityAttributes
Internationalization [4*, c4]
[17*, c8, c9]
Various attributes contribute to the quality of a
User interface design often needs to consider software design, including various -ilities
internationalization and localization, which are (maintainability, portability, testability,
means of adapting software to the different usability) and -nesses (correctness,
languages, regional differences, and the robustness). There is an interesting distinction
technical requirements of a target market. between quality attributes discernible at runtime
Internationalization is the process of designing a (for example, performance, security,
software application so that it can be adapted to availability, functionality, usability), those not
various languages and regions without major discernible at runtime (for example,
engineering changes. Localization is the process modifiability, portability, reusability, testability),
of adapting internationalized software for a and those related to the architectures intrinsic
specific region or language by adding locale- qualities (for example, conceptual integrity,
specific components and translating the text. correctness, completeness). (See also the
Localization and internationalization should Software Quality KA.)
consider factors such as symbols, numbers,
currency, time, and measurement units. 5.2. QualityAnalysisandEvaluation
Techniques
4.7. MetaphorsandConceptual [4*, c4] [5*, c24]
Models
[17*, c5]
Software Requirements 1-9
Class and object diagrams: used to represent a Data flow diagrams (DFDs): used to show data
set of classes (and objects) and their flow among elements. A data flow diagram
interrelationships. provides a description based on modeling the
Component diagrams: used to represent a set of flow of information around a network of
components (physical and replaceable part[s] operational elements, with each element
of a system that [conform] to and [provide] making use of or modifying the information
the realization of a set of interfaces [18]) and flowing into that element [4*]. Data flows
their interrelationships. (and therefore data flow diagrams) can be
Class responsibility collaborator cards (CRCs): used for security analysis, as they offer
used to denote the names of components identification of possible paths for attack and
(class), their responsibilities, and their disclosure of confidential information.
collaborating components names. Decision tables and diagrams: used to represent
Deployment diagrams: used to represent a set of complex combinations of conditions and
(physical) nodes and their interrelationships, actions.
and, thus, to model the physical aspects of Flowcharts: used to represent the flow of control
software. and the associated actions to be performed.
Entity-relationship diagrams (ERDs): used to Sequence diagrams: used to show the
represent conceptual models of data stored in interactions among a group of objects, with
information repositories. emphasis on the time ordering of messages
Interface description languages (IDLs): passed between objects.
programming-like languages used to define State transition and state chart diagrams: used to
the interfaces (names and types of exported show the control flow from state to state and
operations) of software components. how the behavior of a component changes
Structure charts: used to describe the calling based on its current state in a state machine.
structure of programs (which modules call, Formal specification languages: textual
and are called by, which other modules). languages that use basic notions from
mathematics (for example, logic, set,
6.2. BehavioralDescriptions(DynamicView) sequence) to rigorously and abstractly define
[4*, c7, c13] [5*, c6, c7] [6*, c4, c5, c6, c7] software component interfaces and behavior,
[14*, c8] often in terms of pre- and postconditions. (See
also the Software Engineering Models and
The following notations and languages, some Methods KA.)
graphical and some textual, are used to describe Pseudo code and program design languages
the dynamic behavior of software systems and (PDLs): structured programming-like
components. Many of these notations are useful languages used to describe, generally at the
mostly, but not exclusively, during detailed detailed design stage, the behavior of a
design. Moreover, behavioral descriptions can procedure or method.
include a rationale for design decision such as 7.Software Design Strategies and Methods
how a design will meet security requirements.
Activity diagrams: used to show control flow There exist various general strategies to help
from activity to activity. Can be used to guide the design process. In contrast with
represent concurrent activities. general strategies, methods are more specific in
Communication diagrams: used to show the that they generally provide a set of notations to
interactions that occur among a group of be used with the method, a description of the
objects; emphasis is on the objects, their links, process to be used when following the method,
and the messages they exchange on those and a set of guidelines for using the method.
links. Such methods are useful as a common
framework for teams of software engineers.
Software Requirements 1-11
(See also the Software Engineering Models and been proposed as an alternative approach to OO
Methods KA). design.
Some often-cited examples of general strategies Data structure-centered design starts from the
useful in the design process include the data structures a program manipulates rather
divideand-conquer and stepwise refinement than from the function it performs. The software
strategies, top-down vs. bottom-up strategies, engineer first describes the input and output
and strategies making use of heuristics, use of data structures and then develops the programs
patterns and pattern languages, and use of an control structure based on these data structure
iterative and incremental approach. diagrams. Various heuristics have been
proposed to deal with special casesfor
7.2. Function-Oriented(Structured) example, when there is a mismatch between the
Design input and output structures.
[4*, c13]
7.5. Component-BasedDesign(CBD)
This is one of the classical methods of software [4*, c17]
design, where decomposition centers on
identifying the major software functions and A software component is an independent unit,
then elaborating and refining them in a having well-defined interfaces and
hierarchical topdown manner. Structured design dependencies that can be composed and
is generally used after structured analysis, thus deployed independently. Component-based
producing (among other things) data flow design addresses issues related to providing,
diagrams and associated process descriptions. developing, and integrating such components in
Researchers have proposed various strategies order to improve reuse. Reused and off-the-shelf
(for example, transformation analysis, software components should meet the same
transaction analysis) and heuristics (for security requirements as new software. Trust
example, fan-in/fan-out, scope of effect vs. management is a design concern; components
scope of control) to transform a DFD into a treated as having a certain degree of
software architecture generally represented as a trustworthiness should not depend on less
structure chart. trustworthy components or services.
Numerous software design methods based on Other interesting approaches also exist (see the
objects have been proposed. The field has Software Engineering Models and Methods
evolved from the early object-oriented (OO) KA). Iterative and adaptive methods implement
design of the mid-1980s (noun = object; verb = software increments and reduce emphasis on
method; adjective = attribute), where rigorous software requirement and design.
inheritance and polymorphism play a key role, Aspect-oriented design is a method by which
to the field of component-based design, where software is constructed using aspects to
metainformation can be defined and accessed implement the crosscutting concerns and
(through reflection, for example). Although OO extensions that are identified during the
designs roots stem from the concept of data software requirements process. Service-oriented
abstraction, responsibility-driven design has architecture is a way to build distributed
1-12 SWEBOK Guide V3.0
software using web services executed on the software development process. They can
distributed computers. Software systems are support part or whole of the following activities:
often constructed by using services from
different providers because standard protocols to translate the requirements model into a
(such as HTTP, HTTPS, SOAP) have been design representation;
designed to support service communication and to provide support for representing
service information exchange. functional components and their
8. Software Design Tools interface(s);
[14*, c10, Appendix A] to implement heuristics refinement and
partitioning;
Software design tools can be used to support the to provide guidelines for quality assessment.
creation of the software design artifacts during
[13*]
Allen 2008 Nielsen[17
19
Budgen[4*]
2003
Page-Jones
Sommerville 1999 2008
Brookshear
2011
[5*] [6*] Gamma
Clements
[12*] et al.et al. 19
2010
[14*] [15*]
1. Software Design
Fundamentals
1.1. General Design
c1
Concepts
1.2. The Context of
c3
Software Design
1.3. The Software
c2
Design Process
1.4. Software Design c6, c7, c1, c8,
c1
Principles c21 c9
2. Key Issues in
Software Design
2.1. Concurrency c18
2.2. Control and
c21
Handling of Events
2.3. Data c9
Persistence
2.4. Distribution of
c18
Components
Software Requirements 1-2
Budgen[4*]
2003 [13*]
Allen 2008 Nielsen[17
19
Page-Jones 1999
SommervilleBrookshear
2011 2008
[5*] [6*] Gamma
Clements
[12*] et al.et al. 19
2010
[14*] [15*]
3.4. Architecture
c6
Design Decisions
3.5. Families of
c6, c7,
Programs and
c16
Frameworks
4. User Interface
Design
4.1. General User
c29-
Interface Design c2
web
Principle
4.2. User Interface c29-
Design Issues web
1-3 SWEBOK Guide V3.0
[13*]
Allen 2008 Nielsen[17
19
Budgen[4*]
2003
Page-Jones
Sommerville 1999 2008
Brookshear
2011
[5*] [6*] Gamma
Clements
[12*] et al.et al. 19
2010
[14*] [15*]
6. Software Design
Notations
6.1. Structural
c4, c5,
Descriptions (Static c7 c6, c7 c7 c7
c6, c7
View)
6.2. Behavioral
c7, c13, c4, c5,
Descriptions c6, c7 c8
c18 c6, c7
(Dynamic View)
Software Requirements 1-4
7. Software Design
Strategies and
Methods
7.1. General c8, c9,
c7
Strategies c10
7.2.
FunctionOriented c13
(Structured) Design
7.3. Object-Oriented
c16
Design
7.4. Data Structure- c14,
Centered Design c15
7.5. Component-
c17
Based Design (CBD)
c19,
7.6. Other Methods
c21
8. Software Design c10,
Tools App. A
FURTHER READINGS such as end-users, developers, and project
managers.
Roger Pressman, SoftwareEngineering:A
PractitionersApproach(SeventhEdition) Len Bass, Paul Clements, and Rick Kazman,
[19]. SoftwareArchitectureinPractice [21].
For roughly three decades, Roger Pressmans This book introduces the concepts and best
SoftwareEngineering:APractitioners practices of software architecture, meaning how
Approach has been one of the worlds leading software is structured and how the softwares
textbooks in software engineering. Notably, this components interact. Drawing on their own
complementary textbook to [5*] experience, the authors cover the essential
comprehensively presents software design technical topics for designing, specifying, and
including design concepts, architectural design, validating software architectures. They also
component-level design, user interface design, emphasize the importance of the business
pattern-based design, and web application context in which large software is designed.
design. Their aim is to present software architecture in a
real-world setting, reflecting both the
The 4+1 View Model of Architecture [20]. opportunities and constraints that organizations
encounter. This is one of the best books
The seminal paper The 4+1 View Model currently available on software architecture.
organizes a description of a software REFERENCES
architecture using five concurrent views. The
four views of the model are the logical view, the [1] ISO/IEC/IEEE24765:2010Systemsand
development view, the process view, and the SoftwareEngineeringVocabulary, ISO/
physical view. In addition, selected use cases or IEC/IEEE, 2010.
scenarios are utilized to illustrate the
architecture. Hence, the model contains 4+1 [2] IEEEStd.12207-2008(a.k.a.ISO/IEC
views. The views are used to describe the
software as envisioned by different stakeholders
1-5 SWEBOK Guide V3.0
[10] J. Bosch, DesignandUseofSoftware [20] P.B. Kruchten, The 4+1 View Model of
Architectures:AdoptingandEvolvinga Architecture, IEEESoftware,vol. 12, no.
Product-LineApproach, ACM Press, 2000. 6, 1995, pp. 4255.
communication methods (for example, tend to emphasize the activities that precede
standards for document formats and construction (requirements and design) and to
contents) create more distinct separations between
programming languages (for example, activities. In these models, the main emphasis of
language standards for languages like Java construction may be coding.
and C++) Other models are more iterativesuch as
coding standards (for example, standards evolutionary prototyping and agile
for naming conventions, layout, and development. These approaches tend to treat
indentation) construction as an activity that occurs
platforms (for example, interface standards concurrently with other software development
for operating system calls) activities (including requirements, design, and
tools (for example, diagrammatic standards planning) or that overlaps them. These
for notations like UML (Unified Modeling approaches tend to mix design, coding, and
Language)). testing activities, and they often treat the
combination of activities as construction (see
Use of external standards. Construction the Software Management and Software Process
depends on the use of external standards for KAs).
construction languages, construction tools, Consequently, what is considered to be
technical interfaces, and interactions between construction depends to some degree on the
the Software Construction KA and other KAs. life cycle model used. In general, software
Standards come from numerous sources, construction is mostly coding and debugging,
including hardware and software interface but it also involves construction planning,
specifications (such as the Object Management detailed design, unit testing, integration testing,
Group (OMG)) and international organizations and other activities.
(such as the IEEE or ISO).
Useofinternalstandards. Standards may also 2.2. ConstructionPlanning
be created on an organizational basis at the [1*]
corporate level or for use on specific projects.
These standards support coordination of group The choice of construction method is a key
activities, minimizing complexity, anticipating aspect of the construction-planning activity. The
change, and constructing for verification. choice of construction method affects the extent
to which construction prerequisites are
2.Managing Construction performed, the order in which they are
performed, and the degree to which they should
2.1. ConstructioninLifeCycleModels be completed before construction work begins.
[1*] The approach to construction affects the
project teams ability to reduce complexity,
Numerous models have been created to develop anticipate change, and construct for verification.
software; some emphasize construction more Each of these objectives may also be addressed
than others. at the process, requirements, and design levels
Some models are more linear from the but they will be influenced by the choice of
construction point of viewsuch as the construction method.
waterfall and staged-delivery life cycle models. Construction planning also defines the order
These models treat construction as an activity in which components are created and integrated,
that occurs only after significant prerequisite the integration strategy (for example, phased or
work has been completedincluding detailed incremental integration), the software quality
requirements work, extensive design work, and management processes, the allocation of task
detailed planning. The more linear approaches
Software Requirements 1-6
assignments to specific software engineers, and The details of the design activity at the
other tasks, according to the chosen method. construction level are essentially the same as
described in the Software Design KA, but they
2.3. ConstructionMeasurement are applied on a smaller scale of algorithms,
[1*] data structures, and interfaces.
introduced during coding for example, The following considerations apply to the
uncritical usage of C and C++ are questionable software construction coding activity:
choices from a security viewpoint.
There are three general kinds of notation used Techniques for creating understandable
for programming languages, namely source code, including naming conventions
and source code layout;
linguistic (e.g., C/C++, Java) formal (e.g., Use of classes, enumerated types, variables,
Event-B) named constants, and other similar entities;
visual (e.g., MatLab). Use of control structures;
Handling of error conditionsboth
Linguisticnotationsare distinguished in anticipated and exceptional (input of bad
particular by the use of textual strings to data, for example);
represent complex software constructions. The Prevention of code-level security breaches
combination of textual strings into patterns may (buffer overflows or array index bounds, for
have a sentence-like syntax. Properly used, each example);
such string should have a strong semantic Resource usage via use of exclusion
connotation providing an immediate intuitive mechanisms and discipline in accessing
understanding of what will happen when the serially reusable resources (including
software construction is executed. threads and database locks);
Formalnotationsrely less on intuitive, Source code organization (into statements,
everyday meanings of words and text strings routines, classes, packages, or other
and more on definitions backed up by precise, structures);
unambiguous, and formal (or mathematical) Code documentation;
definitions. Formal construction notations and Code tuning,
formal methods are at the semantic base of most 3.4. ConstructionTesting
forms of system programming notations, where [1*]
accuracy, time behavior, and testability are more
important than ease of mapping into natural Construction involves two forms of testing,
language. Formal constructions also use which are often performed by the software
precisely defined ways of combining symbols engineer who wrote the code:
that avoid the ambiguity of many natural
language constructions. Unit testing Integration testing.
Visualnotations rely much less on the textual
notations of linguistic and formal construction The purpose of construction testing is to
and instead rely on direct visual interpretation reduce the gap between the time when faults are
and placement of visual entities that represent inserted into the code and the time when those
the underlying software. Visual construction faults are detected, thereby reducing the cost
tends to be somewhat limited by the difficulty of incurred to fix them. In some instances, test
making complex statements using only the cases are written after code has been written. In
arrangement of icons on a display. However, other instances, test cases may be created before
these icons can be powerful tools in cases where code is written.
the primary programming task is simply to build Construction testing typically involves a
and adjust a visual interface to a program, the subset of the various types of testing, which are
detailed behavior of which has an underlying described in the Software Testing KA. For
definition. instance, construction testing does not typically
include system testing, alpha testing, beta
3.3. Coding testing, stress testing, configuration testing,
[1*]
Software Requirements 1-8
usability testing, or other more specialized kinds the-shelf software often have the sameor
of testing. betterquality requirements as newly
Two standards have been published on the developed software (for example, security
topic of construction testing: IEEE Standard level).
829-1998,IEEE StandardforSoftwareTest The tasks related to software construction
Documentation, and IEEE Standard 1008-1987, with reuse during coding and testing are as
IEEEStandardforSoftwareUnitTesting. follows:
(See sections 2.1.1., Unit Testing, and 2.1.2.,
Integration Testing, in the Software Testing KA The selection of the reusable units,
for more specialized reference material.) databases, test procedures, or test data.
The evaluation of code or test reusability.
3.5. ConstructionforReuse The integration of reusable software assets
[2*] into the current software.
The reporting of reuse information on new
Construction for reuse creates software that has code, test procedures, or test data.
the potential to be reused in the future for the
present project or other projects taking a 3.7.ConstructionQuality
broadbased, multisystem perspective. [1*]
Construction for reuse is usually based on
variability analysis and design. To avoid the In addition to faults resulting from requirements
problem of code clones, it is desired to and design, faults introduced during
encapsulate reusable code fragments into well- construction can result in serious quality
structured libraries or components. problemsfor example, security vulnerabilities.
The tasks related to software construction for This includes not only faults in security
reuse during coding and testing are as follows: functionality but also faults elsewhere that allow
Variability implementation with bypassing of this functionality and other
mechanisms such as parameterization, security weaknesses or violations.
conditional compilation, design patterns, Numerous techniques exist to ensure the
and so forth. quality of code as it is constructed. The primary
Variability encapsulation to make the techniques used for construction quality include
software assets easy to configure and unit testing and integration testing (see
customize. section 3.4, Construction Testing)
Testing the variability provided by the test-first development (see section 2.2 in the
reusable software assets. Software Testing KA)
Description and publication of reusable use of assertions and defensive
software assets. programming
debugging
3.6. ConstructionwithReuse inspections
[2*] technical reviews, including security-
oriented reviews (see section 2.3.2 in the
Construction with reuse means to create new Software Quality KA)
software with the reuse of existing software static analysis (see section 2.3 of the
assets. The most popular method of reuse is to Software Quality KA)
reuse code from the libraries provided by the
language, platform, tools being used, or an The specific technique or techniques selected
organizational repository. Asides from these, the depend on the nature of the software being
applications developed today widely make use constructed as well as on the skillset of the
of many open-source libraries. Reused and off- software engineers performing the construction
1-9 SWEBOK Guide V3.0
activities. Programmers should know good program in small pieces and then combine the
practices and common vulnerabilitiesfor pieces one at a time. Additional test
example, from widely recognized lists about infrastructure, such as stubs, drivers, and mock
common vulnerabilities. Automated static objects, are usually needed to enable
analysis of code for security weaknesses is incremental integration. By building and
available for several common programming integrating one unit at a time (for example, a
languages and can be used in security-critical class or component), the construction process
projects. can provide early feedback to developers and
Construction quality activities are customers. Other advantages of incremental
differentiated from other quality activities by integration include easier error location,
their focus. Construction quality activities focus improved progress monitoring, more fully tested
on code and artifacts that are closely related to units, and so forth.
codesuch as detailed designas opposed to
other artifacts that are less directly connected to 4.Construction Technologies
the code, such as requirements, high-level
designs, and plans. 4.1. APIDesignandUse
[3*]
3.8.Integration
[1*] An application programming interface (API) is
the set of signatures that are exported and
A key activity during construction is the available to the users of a library or a
integration of individually constructed routines, framework to write their applications. Besides
classes, components, and subsystems into a signatures, an API should always include
single system. In addition, a particular software statements about the programs effects and/or
system may need to be integrated with other behaviors (i.e., its semantics).
software or hardware systems. API design should try to make the API easy to
Concerns related to construction integration learn and memorize, lead to readable code, be
include planning the sequence in which hard to misuse, be easy to extend, be complete,
components will be integrated, identifying what and maintain backward compatibility. As the
hardware is needed, creating scaffolding to APIs usually outlast their implementations for a
support interim versions of the software, widely used library or framework, it is desired
determining the degree of testing and quality that the API be straightforward and kept stable
work performed on components before they are to facilitate the development and maintenance of
integrated, and determining points in the project the client applications.
at which interim versions of the software are API use involves the processes of selecting,
tested. learning, testing, integrating, and possibly
Programs can be integrated by means of either extending APIs provided by a library or
the phased or the incremental approach. Phased framework (see section 3.6, Construction with
integration, also called big bang integration, Reuse).
entails delaying the integration of component 4.2. Object-OrientedRuntimeIssues
software parts until all parts intended for release [1*]
in a version are complete. Incremental
integration is thought to offer many advantages Object-oriented languages support a series of
over the traditional phased integrationfor runtime mechanisms including polymorphism
example, easier error location, improved and reflection. These runtime mechanisms
progress monitoring, earlier product delivery, increase the flexibility and adaptability of
and improved customer relations. In incremental objectoriented programs. Polymorphism is the
integration, the developers write and test a ability of a language to support general
Software Requirements 1-10
operations without knowing until runtime what and postconditions are used, each routine or
kind of concrete objects the software will class is said to form a contract with the rest of
include. Because the program does not know the the program. Furthermore, a contract provides a
exact types of the objects in advance, the exact precise specification of the semantics of a
behaviour is determined at runtime (called routine, and thus helps the understanding of its
dynamic binding). behavior. Design by contract is thought to
Reflection is the ability of a program to improve the quality of software construction.
observe and modify its own structure and Defensive programming means to protect a
behavior at runtime. Reflection allows routine from being broken by invalid inputs.
inspection of classes, interfaces, fields, and Common ways to handle invalid inputs include
methods at runtime without knowing their checking the values of all the input parameters
names at compile time. It also allows and deciding how to handle bad inputs.
instantiation at runtime of new objects and Assertions are often used in defensive
invocation of methods using parameterized class programming to check input values.
and method names.
4.5. ErrorHandling,ExceptionHandling,and
4.3. ParameterizationandGenerics FaultTolerance
[4*] [1*]
Parameterized types, also known as generics The way that errors are handled affects
(Ada, Eiffel) and templates (C++), enable the softwares ability to meet requirements related
definition of a type or class without specifying to correctness, robustness, and other
all the other types it uses. The unspecified types nonfunctional attributes. Assertions are
are supplied as parameters at the point of use. sometimes used to check for errors. Other error
Parameterized types provide a third way (in handling techniquessuch as returning a
addition to class inheritance and object neutral value, substituting the next piece of
composition) to compose behaviors in object- valid data, logging a warning message,
oriented software. returning an error code, or shutting down the
softwareare also used.
4.4. Assertions,DesignbyContract,and Exceptions are used to detect and process
DefensiveProgramming
errors or exceptional events. The basic structure
[1*]
of an exception is that a routine uses throw to
throw a detected exception and an exception
An assertion is an executable predicate thats
handling block will catch the exception in a try-
placed in a programusually a routine or
catch block. The try-catch block may process
macro that allows runtime checks of the
the erroneous condition in the routine or it may
program. Assertions are especially useful in
return control to the calling routine. Exception
high-reliability programs. They enable
handling policies should be carefully designed
programmers to more quickly flush out
following common principles such as including
mismatched interface assumptions, errors that
in the exception message all information that led
creep in when code is modified, and so on.
to the exception, avoiding empty catch blocks,
Assertions are normally compiled into the code
knowing the exceptions the library code throws,
at development time and are later compiled out
perhaps building a centralized exception
of the code so that they dont degrade the
reporter, and standardizing the programs use of
performance.
exceptions.
Design by contract is a development approach
Fault tolerance is a collection of techniques
in which preconditions and postconditions are
that increase software reliability by detecting
included for each routine. When preconditions
errors and then recovering from them if possible
1-11 SWEBOK Guide V3.0
or containing their effects if recovery is not is to construct computer programs the same way
possible. The most common fault tolerance the automation of technological processes is
strategies include backing up and retrying, using done. State-based programming is usually
auxiliary code, using voting algorithms, and combined with object-oriented programming,
replacing an erroneous value with a phony value forming a new composite approach called state-
that will have a benign effect. based,object-orientedprogramming.
A table-driven method is a schema that uses
4.6. ExecutableModels tables to look up information rather than using
[5*] logic statements (such as ifand case). Used in
appropriate circumstances, table-driven code is
Executable models abstract away the details of simpler than complicated logic and easier to
specific programming languages and decisions modify. When using table-driven methods, the
about the organization of the software. Different programmer addresses two issues: what
from traditional software models, a specification information to store in the table or tables, and
built in an executable modeling language like how to efficiently access information in the
xUML (executable UML) can be deployed in table.
various software environments without change.
An executable-model compiler (transformer) 4.8.RuntimeConfigurationand
can turn an executable model into an Internationalization
implementation using a set of decisions about [1*]
the target hardware and software environment.
Thus, constructing executable models can be To achieve more flexibility, a program is often
regarded as a way of constructing executable constructed to support late binding time of its
software. variables. Runtime configuration is a technique
Executable models are one foundation that binds variable values and program settings
supporting the Model-Driven Architecture when the program is running, usually by
(MDA) initiative of the Object Management updating and reading configuration files in a
Group (OMG). An executable model is a way to just-in-time mode.
completely specify a Platform Independent Internationalization is the technical activity of
Model (PIM); a PIM is a model of a solution to preparing a program, usually interactive
a problem that does not rely on any software, to support multiple locales. The
implementation technologies. Then a Platform corresponding activity, localization, is the
Specific Model (PSM), which is a model that activity of modifying a program to support a
contains the details of the implementation, can specific local language. Interactive software
be produced by weaving together the PIM and may contain dozens or hundreds of prompts,
the platform on which it relies. status displays, help messages, error messages,
and so on. The design and construction
4.7.State-BasedandTable-Driven processes should accommodate string and
ConstructionTechniques character-set issues including which character
[1*] set is to be used, what kinds of strings are used,
how to maintain the strings without changing
State-based programming, or automata-based the code, and translating the strings into
programming, is a programming technology different languages with minimal impact on the
using finite state machines to describe program processing code and the user interface.
behaviours. The transition graphs of a state
machine are used in all stages of software 4.9.Grammar-BasedInputProcessing
development (specification, implementation, [1*] [6*]
debugging, and documentation). The main idea
Software Requirements 1-12
Because current GUI applications usually execution, those failed test cases will be
follow the event-driven style (in which the flow automatically flagged and reported.
of the program is determined by events and
event handling), GUI builder tools usually 5.4. Profiling,PerformanceAnalysis,and
provide code generation assistants, which SlicingTools
automate the most repetitive tasks required for [1*]
event handling. The supporting code connects
Performance analysis tools are usually used to
widgets with the outgoing and incoming events
support code tuning. The most common
that trigger the functions providing the
application logic. performance analysis tools are profiling tools.
An execution profiling tool monitors the code
Some modern IDEs provide integrated GUI
while it runs and records how many times each
builders or GUI builder plug-ins. There are also
many standalone GUI builders. statement is executed or how much time the
5.3. UnitTestingTools program spends on each statement or execution
path. Profiling the code while it is running gives
[1*] [2*]
insight into how the program works, where the
Unit testing verifies the functioning of
hot spots are, and where the developers should
software modules in isolation from other
focus the code tuning efforts.
software elements that are separately testable
Program slicing involves computation of the
(for example, classes, routines, components).
set of program statements (i.e., the program
Unit testing is often automated. Developers can
slice) that may affect the values of specified
use unit testing tools and frameworks to extend
variables at some point of interest, which is
and create automated testing environment. With
referred to as a slicing criterion. Program slicing
unit testing tools and frameworks, the developer
can be used for locating the source of errors,
can code criteria into the test to verify the units
program understanding, and optimization
correctness under various data sets. Each
analysis. Program slicing tools compute
individual test is implemented as an object, and
program slices for various programming
a test runner runs all of the tests. During the test
languages using static or dynamic analysis
methods.
MATRIX OF TOPICS VS. REFERENCE MATERIAL
1. Software
Construction
Fundamentals
1-15 SWEBOK Guide V3.0
c2, c3,
c7-c9,
1.1. Minimizing
c24, c27,
Complexity
c28, c31,
c32, c34
c3c5,
1.2. Anticipating
c24, c31,
Change
c32, c34
c8, c20
1.3. Constructing for c23, c31,
Verification c34
3.4. Construction
c22, c23
Testing
3.5. Construction for
c16
Reuse
3.6. Construction
c16
with Reuse
3.7. Construction c8,
Quality c20c25
3.8. Integration c29
4. Construction
Technologies
4.1. API Design and
c7
Use
4.2. Object-Oriented
c6, c7
Runtime Issues
4.3.
Parameterization c1
and Generics
4.4. Assertions,
Design by Contract,
c8, c9
and Defensive
Programming
4.5. Error Handling,
Exception Handling, c3, c8
and Fault Tolerance
4.6. Executable
c1
Models
1-17 SWEBOK Guide V3.0
4.7. State-Based
and Table-Driven
c18
Construction
Techniques
4.8. Runtime
Configuration and c3, c10
Internationalization
4.9. Grammar-Based
c5 c8
Input Processing
4.10. Concurrency
c6
Primitives
4.11. Middleware c1 c8
4.12. Construction
Methods for c2
Distributed Software
4.13. Constructing
Heterogeneous c9
Systems
4.14. Performance
Analysis and c25, c26
Tuning
4.15. Platform
c10 c1
Standards
4.16. Test-First
c22
Programming
5. Construction
Tools
5.1. Development
c30
Environments
Software Requirements 1-18
Software testing consists of the dynamic criteria. Testing always implies a tradeoff
verification that a program provides expected between limited resources and schedules on
behaviors on a finite set of test cases, suitably the one hand and inherently unlimited test
selected from the usually infinite execution requirements on the other.
domain. Selected: The many proposed test
In the above definition, italicized words techniques differ essentially in how the test
correspond to key issues in describing the set is selected, and software engineers must
Software Testing knowledge area (KA): be aware that different selection criteria
may yield vastly different degrees of
Dynamic: This term means that testing effectiveness. How to identify the most
always implies executing the program on suitable selection criterion under given
selected inputs. To be precise, the input conditions is a complex problem; in
value alone is not always sufficient to practice, risk analysis techniques and
specify a test, since a complex, software engineering expertise are applied.
nondeterministic system might react to the Expected: It must be possible, although not
same input with different behaviors, always easy, to decide whether the observed
depending on the system state. In this KA, outcomes of program testing are acceptable
however, the term input will be or not; otherwise, the testing effort is
maintained, with the implied convention useless. The observed behavior may be
that its meaning also includes a specified checked against user needs (commonly
input state in those cases for which it is referred to as testing for validation), against
important. Static techniques are different a specification (testing for verification), or,
from and complementary to dynamic perhaps, against the anticipated behavior
testing. Static techniques are covered in the from implicit requirements or expectations
Software Quality KA. It is worth noting that (see Acceptance Tests in the Software
terminology is not uniform among different Requirements KA).
communities and some use the term
testing also in reference to static In recent years, the view of software testing
techniques. has matured into a constructive one. Testing is
Finite: Even in simple programs, so many no longer seen as an activity that starts only
test cases are theoretically possible that after the coding phase is complete with the
exhaustive testing could require months or limited purpose of detecting failures. Software
years to execute. This is why, in practice, a testing is, or should be, pervasive throughout the
complete set of tests can generally be entire development and maintenance life cycle.
considered infinite, and testing is conducted Indeed, planning for software testing should
on a subset of all possible tests, which is start with the early stages of the software
determined by risk and prioritization requirements process,
4-1
Software Requirements 1-3
In the Software Quality KA (see Software the second question are the test selection
Quality Management Techniques), software criteria.
quality management techniques are notably Several Test Techniques have been developed
categorized into static techniques (no code in the past few decades, and new ones are still
execution) and dynamic techniques (code being proposed. Generally accepted techniques
execution). Both categories are useful. This KA are covered in the third topic.
focuses on dynamic techniques. Test-Related Measures are dealt with in the
Software testing is also related to software fourth topic, while the issues relative to Test
construction (see Construction Testing in the Process are covered in the fifth. Finally,
Software Construction KA). In particular, unit Software Testing Tools are presented in topic
and integration testing are intimately related to six.
software construction, if not part of it. 1.Software Testing Fundamentals
said that it was the fault that had to be modified An oracle is any human or mechanical agent
to remove the failure, but other modifications that decides whether a program behaved
might have worked just as well. To avoid correctly in a given test and accordingly results
ambiguity, one could refer to failure-causing in a verdict of pass or fail. There exist many
inputs instead of faultsthat is, those sets of different kinds of oracles; for example,
inputs that cause a failure to appear. unambiguous requirements specifications,
behavioral models, and code annotations.
1.2. KeyIssues Automation of mechanized oracles can be
difficult and expensive.
1.2.1. TestSelection
Criteria/Test 1.2.5. TheoreticalandPracticalLimitations
AdequacyCriteria ofTesting
(StoppingRules) [1*, c2s7]
[1*, c1s14, c6s6, c12s7]
Testing theory warns against ascribing an
A test selection criterion is a means of selecting unjustified level of confidence to a series of
test cases or determining that a set of test cases successful tests. Unfortunately, most established
is sufficient for a specified purpose. Test results of testing theory are negative ones, in
adequacy criteria can be used to decide when that they state what testing can never achieve as
sufficient testing will be, or has been opposed to what is actually achieved. The most
accomplished [4] (see Termination in section famous quotation in this regard is the Dijkstra
5.1, Practical Considerations). aphorism that program testing can be used to
show the presence of bugs, but never to show
1.2.2. TestingEffectiveness/Objectivesfor their absence [5]. The obvious reason for this is
Testing that complete testing is not feasible in realistic
[1*, c11s4, c13s11] software. Because of this, testing must be driven
based on risk [6, part 1] and can be seen as a
Testing effectiveness is determined by analyzing
risk management strategy.
a set of program executions. Selection of tests to
be executed can be guided by different 1.2.6. TheProblemofInfeasiblePaths
objectives: it is only in light of the objective [1*, c4s7]
pursued that the effectiveness of the test set can
be evaluated. Infeasible paths are control flow paths that
cannot be exercised by any input data. They are
1.2.3. TestingforDefectDiscovery a significant problem in path-based testing,
[1*, c1s14] particularly in automated derivation of test
inputs to exercise control flow paths.
In testing for defect discovery, a successful test
is one that causes the system to fail. This is 1.2.7.Testability
quite different from testing to demonstrate that [1*, c17s2]
the software meets its specifications or other
desired properties, in which case testing is The term software testability has two related
successful if no failures are observed under but different meanings: on the one hand, it
realistic test cases and test environments. refers to the ease with which a given test
coverage criterion can be satisfied; on the other
1.2.4. TheOracleProblem hand, it is defined as the likelihood, possibly
[1*, c1s9, c9s7] measured statistically, that a set of test cases
1-6 SWEBOK Guide V3.0
The target of the test can vary: a single module, System testing is concerned with testing the
a group of such modules (related by purpose, behavior of an entire system. Effective unit and
use, behavior, or structure), or an entire system. integration testing will have identified many of
Three test stages can be distinguished: unit, the software defects. System testing is usually
integration, and system. These three test stages considered appropriate for assessing the
do not imply any process model, nor is any one nonfunctional system requirementssuch as
of them assumed to be more important than the security, speed, accuracy, and reliability (see
other two. Functional and Non-Functional Requirements in
the Software Requirements KA and Software
Software Requirements 1-7
According to [7], regression testing is the Stress testing exercises software at the
selective retesting of a system or component to maximum design load, as well as beyond it,
verify that modifications have not caused with the goal of determining the behavioral
unintended effects and that the system or limits, and to test defense mechanisms in critical
component still complies with its specified systems.
requirements. In practice, the approach is to
show that software still passes previously 2.2.9.Back-to-BackTesting
passed tests in a test suite (in fact, it is also [7]
sometimes referred to as nonregression testing).
For incremental development, the purpose of IEEE/ISO/IEC Standard 24765 defines back-
regression testing is to show that software toback testing as testing in which two or more
behavior is unchanged by incremental changes variants of a program are executed with the
to the software, except insofar as it should. In same inputs, the outputs are compared, and
some cases, a tradeoff must be made between errors are analyzed in case of discrepancies.
the assurance given by regression testing every
time a change is made and the resources 2.2.10.RecoveryTesting
required to perform the regression tests, which [1*, c14s2]
can be quite time consuming due to the large
Recovery testing is aimed at verifying software
number of tests that may be executed.
restart capabilities after a system crash or other
Regression testing involves selecting,
disaster.
minimizing, and/or prioritizing a subset of the
test cases in an existing test suite [8].
2.2.11. InterfaceTesting
Regression testing can be conducted at each of
[2*, c8s1.3] [9*, c4s4.5]
the test levels described in section 2.1, The
Target of the Test, and may apply to functional Interface defects are common in complex
and nonfunctional testing. systems. Interface testing aims at verifying
whether the components interface correctly to
2.2.6. PerformanceTesting
provide the correct exchange of data and control
[1*, c8s6]
information. Usually the test cases are generated
from the interface specification. A specific
Performance testing verifies that the software
objective of interface testing is to simulate the
meets the specified performance requirements
use of APIs by end-user applications. This
and assesses performance characteristicsfor
involves the generation of parameters of the API
instance, capacity and response time.
calls, the setting of external environment
2.2.7.SecurityTesting
conditions, and the definition of internal data
[1*, c8s3] [2*, c11s4]
that affect the API.
2.2.12. ConfigurationTesting
Security testing is focused on the verification
[1*, c8s5]
that the software is protected from external
attacks. In particular, security testing verifies the
In cases where software is built to serve
confidentiality, integrity, and availability of the
different users, configuration testing verifies the
systems and its data. Usually, security testing
software under different specified
includes verification against misuse and abuse
configurations.
of the software or system (negative testing).
2.2.13. UsabilityandHumanComputer
2.2.8.StressTesting
InteractionTesting
Software Requirements 1-9
includes higher-level combinations than pairs: paths in a programs control flow graph. Since
these techniques are referred to as t-wise, exhaustive path testing is generally not feasible
whereby every possible combination of t input because of loops, other less stringent criteria
variables is considered. focus on coverage of paths that limit loop
iterations such as statement coverage, branch
3.2.3. Boundary-Value coverage, and condition/decision testing. The
Analysis adequacy of such tests is measured in
[1*, c9s5] percentages; for example, when all branches
have been executed at least once by the tests,
Test cases are chosen on or near the boundaries 100% branch coverage has been achieved.
of the input domain of variables, with the
underlying rationale that many faults tend to 3.3.2. DataFlow-BasedCriteria
concentrate near the extreme values of inputs. [1*, c5]
An extension of this technique is robustness
testing, wherein test cases are also chosen In data flow-based testing, the control flow
outside the input domain of variables to test graph is annotated with information about how
program robustness in processing unexpected or the program variables are defined, used, and
erroneous inputs. killed (undefined). The strongest criterion, all
definition-use paths, requires that, for each
3.2.4. RandomTesting variable, every control flow path segment from
[1*, c9s7] a definition of that variable to a use of that
definition is executed. In order to reduce the
Tests are generated purely at random (not to be number of paths required, weaker strategies
confused with statistical testing from the such as all-definitions and all-uses are
operational profile, as described in Operational employed.
Profile in section 3.5). This form of testing falls
under the heading of input domain testing since 3.3.3. ReferenceModelsforCode-
the input domain must be known in order to be BasedTesting
able to pick random points within it. Random [1*, c4]
testing provides a relatively simple approach for
test automation; recently, enhanced forms of Although not a technique in itself, the control
random testing have been proposed in which the structure of a program can be graphically
random input sampling is directed by other represented using a flow graph to visualize
input selection criteria [11]. Fuzz testing or codebased testing techniques. A flow graph is a
fuzzing is a special form of random testing directed graph, the nodes and arcs of which
aimed at breaking the software; it is most often correspond to program elements (see Graphs
used for security testing. 3.3. Code-Based and Trees in the Mathematical Foundations
Techniques KA). For instance, nodes may represent
statements or uninterrupted sequences of
3.3.1. ControlFlow-BasedCriteria statements, and arcs may represent the transfer
[1*, c4] of control between nodes.
likely or predefined faults. To better focus the software, or the operational profile, as closely
test case generation or selection, a fault model as possible. The goal is to infer from the
can be introduced that classifies the different observed test results the future reliability of the
types of faults. software when in actual use. To do this, inputs
3.4.1. ErrorGuessing are assigned probabilities, or profiles, according
[1*, c9s8] to their frequency of occurrence in actual
operation. Operational profiles can be used
In error guessing, test cases are specifically during system testing to guide derivation of test
designed by software engineers who try to cases that will assess the achievement of
anticipate the most plausible faults in a given reliability objectives and exercise relative usage
program. A good source of information is the and criticality of different functions similar to
history of faults discovered in earlier projects, what will be encountered in the operational
as well as the software engineers expertise. environment [3].
A mutant is a slightly modified version of the Usability principles can provide guidelines for
program under test, differing from it by a small discovering problems in the design of the user
syntactic change. Every test case exercises both interface [10*, c1s4] (see User Interface Design
the original program and all generated mutants: in the Software Design KA). Specialized
if a test case is successful in identifying the heuristics, also called usability inspection
difference between the program and a mutant, methods, are applied for the systematic
the latter is said to be killed. Originally observation of system usage under controlled
conceived as a technique to evaluate test sets conditions in order to determine how well
(see section 4.2. Evaluation of the Tests people can use the system and its interfaces.
Performed), mutation testing is also a testing Usability heuristics include cognitive
criterion in itself: either tests are randomly walkthroughs, claims analysis, field
generated until enough mutants have been observations, thinking aloud, and even indirect
killed, or tests are specifically designed to kill approaches such as user questionnaires and
surviving mutants. In the latter case, mutation interviews.
testing can also be categorized as a code-based
technique. The underlying assumption of 3.6. Model-BasedTestingTechniques
mutation testing, the coupling effect, is that by
looking for simple syntactic faults, more A model in this context is an abstract (formal)
complex but real faults will be found. For the representation of the software under test or of its
technique to be effective, a large number of software requirements (see Modeling in the
mutants must be automatically generated and Software Engineering Models and Methods
executed in a systematic way [12]. KA). Model-based testing is used to validate
requirements, check their consistency, and
3.5. Usage-BasedTechniques generate test cases focused on the behavioral
aspects of the software. The key components of
3.5.1. OperationalProfile model-based testing are [13]: the notation used
[1*, c15s5] to represent the model of the software or its
requirements; workflow models or similar
In testing for reliability evaluation (also called models; the test strategy or algorithm used for
operational testing), the test environment test case generation; the supporting
reproduces the operational environment of the infrastructure for the test execution; and the
1-12 SWEBOK Guide V3.0
evaluation of test results compared to expected scenario). Both typical and alternate workflows
results. Due to the complexity of the techniques, should be tested [6, part 4]. A special focus on
model-based testing approaches are often used the roles in a workflow specification is targeted
in conjunction with test automation harnesses. in business process testing.
Model-based testing techniques include the
following. 3.7.TechniquesBasedontheNatureofthe
Application
3.6.1. DecisionTables
[1*, c9s6] The above techniques apply to all kinds of
software. Additional techniques for test
Decision tables represent logical relationships derivation and execution are based on the nature
between conditions (roughly, inputs) and actions of the software being tested; for example,
(roughly, outputs). Test cases are systematically object-oriented software
derived by considering every possible component-based software
combination of conditions and their web-based software
corresponding resultant actions. A related concurrent programs
technique is cause-effectgraphing [1*, c13s6]. protocol-based software
real-time systems
3.6.2. Finite-StateMachines safety-critical systems
[1*, c10] service-oriented software
open-source software
By modeling a program as a finite state embedded software
machine, tests can be selected in order to cover
the states and transitions. 3.8.SelectingandCombiningTechniques
the conditions that make one approach more also include measurements that determine the
effective than the other. 4. Test-Related frequency with which modules call one another.
Measures
4.1.2. FaultTypes,Classification,and
Sometimes testing techniques are confused with Statistics
testing objectives. Testing techniques can be [9*, c4]
viewed as aids that help to ensure the
achievement of test objectives [6, part 4]. For The testing literature is rich in classifications
instance, branch coverage is a popular testing and taxonomies of faults. To make testing more
technique. Achieving a specified branch effective, it is important to know which types of
coverage measure (e.g., 95% branch coverage) faults may be found in the software under test
should not be the objective of testing per se: it is and the relative frequency with which these
a way of improving the chances of finding faults have occurred in the past. This
failures by attempting to systematically exercise information can be useful in making quality
every program branch at every decision point. predictions as well as in process improvement
To avoid such misunderstandings, a clear (see Defect Characterization in the Software
distinction should be made between test-related Quality KA).
measures that provide an evaluation of the 4.1.3. FaultDensity
program under test, based on the observed test [1*, c13s4] [9*, c4]
outputs, and the measures that evaluate the
thoroughness of the test set. (See Software A program under test can be evaluated by
Engineering Measurement in the Software counting discovered faults as the ratio between
Engineering Management KA for information the number of faults found and the size of the
on measurement programs. See Software program.
Process and Product Measurement in the
Software Engineering Process KA for 4.1.4. LifeTest,ReliabilityEvaluation
information on measures.) [1*, c15] [9*, c3]
Measurement is usually considered
fundamental to quality analysis. Measurement A statistical estimate of software reliability,
may also be used to optimize the planning and which can be obtained by observing reliability
execution of the tests. Test management can use achieved, can be used to evaluate a software
several different process measures to monitor product and decide whether or not testing can be
progress. (See section 5.1, Practical stopped (see section 2.2, Reliability
Considerations, for a discussion of measures of Achievement and Evaluation).
the testing process useful for management
4.1.5. ReliabilityGrowthModels
purposes.)
[1*, c15] [9*, c8]
4.1. EvaluationoftheProgramUnderTest
Reliability growth models provide a prediction
4.1.1. ProgramMeasurementsThatAidin of reliability based on failures. They assume, in
PlanningandDesigningTests general, that when the faults that caused the
[9*, c11] observed failures have been fixed (although
some models also accept imperfect fixes), the
Measures based on software size (for example, estimated products reliability exhibits, on
source lines of code or functional size; see average, an increasing trend. There are many
Measuring Requirements in the Software published reliability growth models. Notably,
Requirements KA) or on program structure can these models are divided into failure-count and
be used to guide testing. Structural measures time-between-failure models.
1-14 SWEBOK Guide V3.0
cases passed, and number of test cases failed, As shown in the following description,
among others. successful management of test activities
Evaluation of test phase reports can be strongly depends on the software configuration
combined with root-cause analysis to evaluate management process (see the Software
testprocess effectiveness in finding faults as Configuration Management KA).
early as possible. Such an evaluation can be
associated with the analysis of risks. Moreover, 5.2.1. Planning
the resources that are worth spending on testing [1*, c12s1, c12s8]
should be commensurate with the use/criticality
of the application: different techniques have Like all other aspects of project management,
different costs and yield different levels of testing activities must be planned. Key aspects
confidence in product reliability. of test planning include coordination of
personnel, availability of test facilities and
5.1.8. Termination equipment, creation and maintenance of all test-
[9*, c10s4] related documentation, and planning for
possible undesirable outcomes. If more than one
A decision must be made as to how much baseline of the software is being maintained,
testing is enough and when a test stage can be then a major planning consideration is the time
terminated. Thoroughness measures, such as and effort needed to ensure that the test
achieved code coverage or functional coverage, environment is set to the proper configuration.
as well as estimates of fault density or of
operational reliability, provide useful support 5.2.2. Test-CaseGeneration
but are not sufficient in themselves. The [1*, c12s1, c12s3]
decision also involves considerations about the
costs and risks incurred by possible remaining Generation of test cases is based on the level of
failures, as opposed to the costs incurred by testing to be performed and the particular
continuing to test (see Test Selection Criteria / testing techniques. Test cases should be under
Test Adequacy Criteria in section 1.2, Key the control of software configuration
Issues). management and include the expected results
for each test.
5.1.9.TestReuseandTestPatterns
[9*, c2s5] 5.2.3. TestEnvironmentDevelopment
[1*, c12s6]
To carry out testing or maintenance in an
organized and cost-effective way, the means The environment used for testing should be
used to test each part of the software should be compatible with the other adopted software
reused systematically. A repository of test engineering tools. It should facilitate
materials should be under the control of development and control of test cases, as well as
software configuration management so that logging and recovery of expected results,
changes to software requirements or design can scripts, and other testing materials.
be reflected in changes to the tests conducted.
The test solutions adopted for testing some 5.2.4. Execution
application types under certain circumstances, [1*, c12s7]
with the motivations behind the decisions taken,
form a test pattern that can itself be documented Execution of tests should embody a basic
for later reuse in similar projects. principle of scientific experimentation:
5.2. TestActivities everything done during testing should be
performed and documented clearly enough that
Software Requirements 1-17
another person could replicate the results. declaration, memory leak, programming syntax
Hence, testing should be performed in error), and when they could have been first
accordance with documented procedures using a observed in the software. Defect tracking
clearly defined version of the software under information is used to determine what aspects of
test. software testing and other processes need
improvement and how effective previous
5.2.5. TestResultsEvaluation approaches have been.
[9*, c15]
6.Software Testing Tools
The results of testing should be evaluated to
determine whether or not the testing has been 6.1. TestingToolSupport
successful. In most cases, successful means [1*, c12s11] [9*, c5]
that the software performed as expected and did
not have any major unexpected outcomes. Not Testing requires many labor-intensive tasks,
all unexpected outcomes are necessarily faults running numerous program executions, and
but are sometime determined to be simply noise. handling a great amount of information.
Before a fault can be removed, an analysis and Appropriate tools can alleviate the burden of
debugging effort is needed to isolate, identify, clerical, tedious operations and make them less
and describe it. When test results are error-prone. Sophisticated tools can support test
particularly important, a formal review board design and test case generation, making it more
may be convened to evaluate them. effective.
Testing activities can be entered into a testing Guidance to managers and testers on how to
log to identify when a test was conducted, who select testing tools that will be most useful to
performed the test, what software configuration their organization and processes is a very
was used, and other relevant identification important topic, as tool selection greatly affects
information. Unexpected or incorrect test results testing efficiency and effectiveness. Tool
can be recorded in a problem reporting system, selection depends on diverse evidence, such as
the data for which forms the basis for later development choices, evaluation objectives,
debugging and fixing the problems that were execution facilities, and so on. In general, there
observed as failures during testing. Also, may not be a unique tool that will satisfy
anomalies not classified as faults could be particular needs, so a suite of tools could be an
documented in case they later turn out to be appropriate choice.
more serious than first thought. Test reports are
also inputs to the change management request 6.2. CategoriesofTools
process (see Software Configuration Control in
the Software Configuration Management KA). We categorize the available tools according to
their functionality:
5.2.7.DefectTracking
[9*, c9] Test harnesses (drivers, stubs) [1*, c3s9]
provide a controlled environment in which
Defects can be tracked and analyzed to tests can be launched and the test outputs can
determine when they were introduced into the be logged. In order to execute parts of a
software, why they were created (for example, program, drivers and stubs are provided to
poorly defined requirements, incorrect variable
1-18 SWEBOK Guide V3.0
simulate calling and called modules, flow graph have been exercised amongst all
respectively. those required by the selected test coverage
Testgenerators [1*, c12s11] provide assistance criterion. The analysis can be done thanks to
in the generation test cases. The generation program instrumenters that insert recording
can be random, path-based, modelbased, or a probes into the code.
mix thereof. Tracers [1*, c1s7] record the history of a
Capture/replay tools [1*, c12s11] automatically programs execution paths.
reexecute, or replay, previously executed tests Regressiontestingtools [1*, c12s16] support the
which have recorded inputs and outputs (e.g., reexecution of a test suite after a section of
screens). software has been modified. They can also
Oracle/file comparators/assertion checking help to select a test subset according to the
tools [1*, c9s7] assist in deciding whether a change made.
test outcome is successful or not. Reliabilityevaluationtools [9*, c8] support test
Coverageanalyzersandinstrumenters [1*, c4] results analysis and graphical visualization in
work together. Coverage analyzers assess order to assess reliability-related measures
which and how many entities of the program according to selected models.
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Kan 2003
[9*] Nielsen[10*]
199
Sommerville 2011
[2*]
Naik and Tripathy 2008
[1*]
1. Software Testing
Fundamentals
1.1. Testing-Related Terminology
1.1.1. Definitions of Testing
and c1,c2 c8
Related Terminology
1.1.2. Faults vs. Failures c1s5 c11
1.2. Key Issues
1.2.1. Test Selection Criteria /
c1s14, c6s6,
Test Adequacy Criteria
c12s7
(Stopping Rules)
1.2.2. Testing Effectiveness / c13s11,
Objectives for Testing c11s4
Software Requirements 1-2
Kan 2003
[9*] Nielsen[10*]
199
Sommerville 2011
[2*]
Naik and Tripathy 2008
[1*]
Qualification
2.2.2. Installation Testing c12s2
c13s7,
2.2.3. Alpha and Beta Testing c8s4
c16s6
2.2.4. Reliability Achievement
c15 c15s2
and Evaluation
c8s11,
2.2.5. Regression Testing
c13s3
2.2.6. Performance Testing c8s6
2.2.7. Security Testing c8s3 c11s4
2.2.8. Stress Testing c8s8
2.2.9. Back-to-Back Testing
2.2.10. Recovery Testing c14s2
2.2.11. Interface Testing c8s1.3 c4s4.5
2.2.12. Configuration Testing c8s5
2.2.13. Usability and Human
c6
Computer Interaction Testing
3. Test Techniques
3.1. Based on the Software
Engineers Intuition and
Experience
3.1.1. Ad Hoc
3.1.2. Exploratory Testing
3.2. Input Domain-Based
Techniques
3.2.1. Equivalence Partitioning c9s4
3.2.2. Pairwise Testing c9s3
3.2.3. Boundary-Value c9s5
Analysis
3.2.4. Random Testing c9s7
3.3. Code-Based Techniques
3.3.1. Control Flow-Based
c4
Criteria
Software Requirements 1-4
Kan 2003
[9*] Nielsen[10*]
199
Sommerville 2011
[2*]
Naik and Tripathy 2008
[1*]
Kan 2003
[9*] Nielsen[10*]
199
Sommerville 2011
[2*]
Naik and Tripathy 2008
[1*]
Kan 2003
[9*] Nielsen[10*]
199
Sommerville 2011
[2*]
Naik and Tripathy 2008
[1*]
c1s7, c3s9,
c4, c9s7,
6.2. Categories of Tools c8
c12s11,
c12s16
REFERENCES [7] ISO/IEC/IEEE24765:2010Systemsand
SoftwareEngineeringVocabulary, ISO/
[1*] S. Naik and P. Tripathy, SoftwareTesting
IEC/IEEE, 2010.
andQualityAssurance:Theoryand
[8] S. Yoo and M. Harman, Regression Testing
Practice, Wiley-Spektrum, 2008.
Minimization, Selection and Prioritization: A
[2*] I. Sommerville, SoftwareEngineering, 9th Survey, SoftwareTestingVerificationand
ed., Addison-Wesley, 2011. Reliability,vol. 22, no. 2, Mar. 2012, pp. 67
120.
[3] M.R. Lyu, ed., HandbookofSoftware
ReliabilityEngineering, McGraw-Hill and [9*] S.H. Kan, MetricsandModelsinSoftware
IEEE Computer Society Press, 1996. QualityEngineering, 2nd ed.,
AddisonWesley, 2002.
[4] H. Zhu, P.A.V. Hall, and J.H.R. May,
Software Unit Test Coverage and [10*] J. Nielsen, UsabilityEngineering, Morgan
Adequacy, ACMComputingSurveys,vol. Kaufmann, 1993.
29, no. 4, Dec. 1997, pp. 366427.
[11] T.Y. Chen et al., Adaptive Random
[5] E.W. Dijkstra, Notes on Structured Testing: The ART of Test Case Diversity,
Programming, T.H.-Report 70-WSE-03, JournalofSystemsandSoftware,vol. 83,
Technological University, Eindhoven, 1970; no. 1, Jan. 2010, pp. 6066.
http://www.cs.utexas.edu/users/EWD/
[12] Y. Jia and M. Harman, An Analysis and
ewd02xx/EWD249.PDF.
Survey of the Development of Mutation
[6] ISO/IEC/IEEEP29119-1/DISDraft Testing, IEEETrans.Software
StandardforSoftwareandSystems Engineering,vol. 37, no. 5, Sep.Oct. 2011,
Engineering SoftwareTestingPart1: pp. 649678.
ConceptsandDefinitions, ISO/IEC/IEEE,
2012. [13] M. Utting and B. Legeard, PracticalModel-
BasedTesting:AToolsApproach, Morgan
Kaufmann, 2007.
maintenance phase of the life cycle begins This first section introduces the concepts and
following a warranty period or terminology that form an underlying basis to
postimplementation support delivery, but understanding the role and scope of software
maintenance activities occur much earlier. maintenance. The topics provide definitions and
Software maintenance is an integral part of a emphasize why there is a need for maintenance.
software life cycle. However, it has not received Categories of software maintenance are critical
the same degree of attention that the other to understanding its underlying meaning.
phases have. Historically, software development
has had a much higher profile than software 1.1. DefinitionsandTerminology
maintenance in most organizations. This is now [1*, c3] [2*, c1s2, c2s2]
changing, as organizations strive to squeeze the
most out of their software development The purpose of software maintenance is defined
investment by keeping software operating as in the international standard for software
long as possible. The open source paradigm has maintenance: ISO/IEC/IEEE 14764 [1*].4 In the
brought further attention to the issue of context of software engineering, software
maintaining software artifacts developed by maintenance is essentially one of the many
others. technical processes.
In this Guide, software maintenance is defined
as the totality of activities required to provide
cost-effective support to software. Activities are
performed during the predelivery stage as well
as during the postdelivery stage. Predelivery
activities include planning for postdelivery
operations, maintainability, and logistics
determination for transition activities [1*, c6s9].
Postdelivery activities include software
modification, training, and operating or
interfacing to a help desk.
The Software Maintenance knowledge area
(KA) is related to all other aspects of software
engineering. Therefore, this KA description is
linked to all other software engineering KAs of
the Guide.
5-1
2.2.5. Outsourcing
[3*]
Software Requirements 1-8
maintenance planning should begin with the Management KA provides details of SCM and
decision to develop a new software product and discusses the process by which software change
should consider quality objectives. A concept requests are submitted, evaluated, and approved.
document should be developed, followed by a SCM for software maintenance is different from
maintenance plan. The maintenance concept for SCM for software development in the number of
each software product needs to be documented small changes that must be controlled on
in the plan [1*, c7s2] and should address the operational software. The SCM process is
implemented by developing and following a
scope of the software maintenance, software configuration management plan and
adaptation of the software maintenance operating procedures. Maintainers participate in
process, Configuration Control Boards to determine the
identification of the software maintenance content of the next release/version.
organization, and 3.2.5. SoftwareQuality
estimate of software maintenance costs. [1*, c6s5, c6s7, c6s8] [2*, c12s5.3]
The next step is to develop a corresponding It is not sufficient to simply hope that increased
software maintenance plan. This plan should be quality will result from the maintenance of
prepared during software development and software. Maintainers should have a software
should specify how users will request software quality program. It must be planned and
modifications or report problems. Software processes must be implemented to support the
maintenance planning is addressed in IEEE maintenance process. The activities and
14764. It provides guidelines for a maintenance techniques for Software Quality Assurance
plan. Finally, at the highest level, the (SQA), V&V, reviews, and audits must be
maintenance organization will have to conduct selected in concert with all the other processes
business planning activities (budgetary, to achieve the desired level of quality. It is also
financial, and human resources) just like all the recommended that the maintainer adapt the
other divisions of the organization. Management software development processes, techniques and
is discussed in the chapter Related Disciplines deliverables (for instance, testing
of Software Engineering. documentation), and test results. More details
can be found in the Software Quality KA.
3.2.4. SoftwareConfiguration
Management 4.Techniques for Maintenance
[1*, c5s1.2.3] [2*, c11]
This topic introduces some of the generally
IEEE 14764 describes software configuration accepted techniques used in software
management as a critical element of the maintenance.
maintenance process. Software configuration
management procedures should provide for the 4.1. ProgramComprehension
verification, validation, and audit of each step [2*, c6, c14s5]
required to identify, authorize, implement, and
release the software product. Programmers spend considerable time reading
It is not sufficient to simply track and understanding programs in order to
modification requests or problem reports. The implement changes. Code browsers are key
software product and any changes made to it tools for program comprehension and are used
must be controlled. This control is established to organize and present source code. Clear and
by implementing and enforcing an approved concise documentation can also aid in program
software configuration management (SCM) comprehension.
process. The Software Configuration
Software Requirements 1-12
This topic encompasses tools that are cross-referencers, which generate indices of
particularly important in software maintenance program components; and
where existing software is being modified. dependency analyzers, which help
Examples regarding program comprehension maintainers analyze and understand the
include interrelationships between components of a
program slicers, which select only parts of a program.
program affected by a change;
static analyzers, which allow general Reverse engineering tools assist the process
viewing and summaries of a program by working backwards from an existing product
content; to create artifacts such as specification and
dynamic analyzers, which allow the design descriptions, which can then be
maintainer to trace the execution path of a transformed to generate a new product from an
program; old one. Maintainers also use software test,
data flow analyzers, which allow the software configuration management, software
maintainer to track all possible data flows of documentation, and software measurement
a program; tools.
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Sneed [3*]
2008
Grubb 2006
IEEE/ISO/IEC 14764 and Takang 2003
[2*]
[1*]
1. Software Maintenance
Fundamentals
1.1. Definitions and Terminology c3 c1s2, c2s2
1.2. Nature of Maintenance c1s3
1.3. Need for Maintenance c1s5
1.4. Majority of Maintenance Costs c4s3, c5s5.2
1.5. Evolution of Software c3s5
1.6. Categories of Maintenance c3, c6s2 c3s3.1, c4s3
Software Requirements 1-14
Sneed [3*]
2008
Grubb 2006
IEEE/ISO/IEC 14764 and Takang 2003
[2*]
[1*]
CHAPTER 6
Branching and merging: are the tools When a software item will interface with
capabilities compatible with the planned another software or hardware item, a change to
branching and merging strategies? either item can affect the other. Planning for the
Integration: do the various SCM tools SCM process considers how the interfacing
integrate among themselves? With other items will be identified and how changes to the
tools in use in the organization? items will be managed and communicated. The
Migration: can the repository maintained by SCM role may be part of a larger, system-level
the version control tool be ported to another process for interface specification and control; it
version control tool while maintaining may involve interface specifications, interface
complete history of the configuration items control plans, and interface control documents.
it contains? In this case, SCM planning for interface control
takes place within the context of the systemlevel
SCM typically requires a set of tools, as process.
opposed to a single tool. Such tool sets are
sometimes referred to as workbenches. In such a 1.4. SCMPlan
context, another important consideration in [2*, ann. D] [3*, c23] [4*, c29s1]
planning for tool selection is determining if the
SCM workbench will be open (in other words, The results of SCM planning for a given project
tools from different suppliers will be used in are recorded in a software configuration
different activities of the SCM process) or management plan (SCMP), a living document
integrated (where elements of the workbench which serves as a reference for the SCM
are designed to work together). process. It is maintained (that is, updated and
The size of the organization and the type of approved) as necessary during the software life
projects involved may also impact tool selection cycle. In implementing the SCMP, it is typically
(see topic 7, Software Configuration necessary to develop a number of more detailed,
Management Tools). subordinate procedures defining how specific
requirements will be carried out during day-to-
1.3.4. Vendor/SubcontractorControl day activities for example, which branching
[2*, c13] [3*, c13s9, c14s2] strategies will be used and how frequently
builds occur and automated tests of all kinds are
A software project might acquire or make use of run.
purchased software products, such as compilers Guidance on the creation and maintenance of
or other tools. SCM planning considers if and an SCMP, based on the information produced by
how these items will be taken under the planning activity, is available from a number
configuration control (for example, integrated of sources, such as [2*]. This reference provides
into the project libraries) and how changes or requirements for the information to be contained
updates will be evaluated and managed. in an SCMP; it also defines and describes six
categories of SCM information to be included in
Similar considerations apply to subcontracted
an SCMP:
software. When using subcontracted software,
both the SCM requirements to be imposed on
Introduction (purpose, scope, terms used)
the subcontractors SCM process as part of the
SCM Management (organization,
subcontract and the means for monitoring
responsibilities, authorities, applicable
compliance need to be established. The latter
policies, directives, and procedures)
includes consideration of what SCM
SCM Activities (configuration
information must be available for effective
identification, configuration control, and so
compliance monitoring.
on)
1.3.5. InterfaceControl
SCM Schedules (coordination with other
[2*, c12] [3*, c24s4]
project activities)
1-6 SWEBOK Guide V3.0
SCM Resources (tools, physical resources, engineer to adapt procedures. Other tools
and human resources) enforce process, leaving the software engineer
SCMP Maintenance. with less flexibility. Surveillance requirements
and the level of flexibility to be provided to the
1.5. SurveillanceofSoftwareConfiguration software engineer are important considerations
Management in tool selection.
[3*, c11s3]
1.5.1. SCMMeasuresandMeasurement
After the SCM process has been implemented, [3*, c9s2, c25s2s3]
some degree of surveillance may be necessary
to ensure that the provisions of the SCMP are SCM measures can be designed to provide
properly carried out. There are likely to be specific information on the evolving product or
specific SQA requirements for ensuring to provide insight into the functioning of the
compliance with specified SCM processes and SCM process. A related goal of monitoring the
procedures. The person responsible for SCM SCM process is to discover opportunities for
ensures that those with the assigned process improvement. Measurements of SCM
responsibility perform the defined SCM tasks processes provide a good means for monitoring
correctly. The software quality assurance the effectiveness of SCM activities on an
authority, as part of a compliance auditing ongoing basis. These measurements are useful
activity, might also perform this surveillance. in characterizing the current state of the process
The use of integrated SCM tools with process as well as in providing a basis for making
control capability can make the surveillance task comparisons over time. Analysis of the
easier. Some tools facilitate process compliance measurements may produce
while providing flexibility for the software
Software Configuration Management 6-7
insights leading to process changes and One of the first steps in controlling change is
corresponding updates to the SCMP. identifying the software items to be controlled.
Software libraries and the various SCM tool This involves understanding the software config
capabilities provide sources for extracting uration within the context of the system configu
information about the characteristics of the SCM ration, selecting software configuration items,
process (as well as providing project and developing a strategy for labeling software items
management information). For example, and describing their relationships, and identifying
information about the time required to accomplish both the baselines to be used and the procedure for
various types of changes would be useful in an a baselines acquisition of the items.
evaluation of the criteria for determining what
levels of authority are optimal for authorizing 2.1.1. SoftwareConfiguration
certain types of changes and for estimating future [1, c3]
changes.
Care must be taken to keep the focus of the Software configuration is the functional and
surveillance on the insights that can be gained from physical characteristics of hardware or software as
the measurements, not on the measurements set forth in technical documentation or achieved in
themselves. Discussion of software process and a product. It can be viewed as part of an overall
product measurement is presented in the Software system configuration.
Engineering Process KA. Software measurement
programs are described in the Software 2.1.2. SoftwareConfigurationItem
Engineering Management KA. [4*, c29s1.1]
2.1. IdentifyingItemstoBeControlled
[2*, c8s2.2] [4*, c29s1.1]
6-8 SWEBOK Guide V3.0
-
-
Structural relationships among the selected SCIs, formally designated and fixed at a specific time
and their constituent parts, affect other SCM during the configuration items life cycle. The term
activities or tasks, such as software building or is also used to refer to a particular version of a
software
configuration
item that has
been agreed
on. In either
case, the
baseline can
only be
changed
through
formal
change
control
procedures. A
baseline,
together with
all approved
changes to the
Figure 6.2. Acquisition of Items baseline,
analyzing the impact of proposed changes. Proper represents the current approved configuration.
tracking of these relationships is also important for Commonly used baselines include functional,
supporting traceability. The design of the allocated, developmental, and product baselines.
identification scheme for SCIs should consider the The functional baseline corresponds to the
need to map identified items to the software reviewed system requirements. The allocated
structure, as well as the need to support the baseline corresponds to the reviewed software
evolution of the software items and their requirements specification and software interface
relationships. requirements specification. The developmental
baseline represents the evolving software
2.1.4. SoftwareVersion configuration at selected times during the software
[1, c3] [4*, c29s3] life cycle. Change authority for this baseline
typically rests primarily with the development
Software items evolve as a software project organization but may be shared with other
proceeds. A version of a software item is an organizations (for example, SCM or Test). The
identified instance of an item. It can be thought of product baseline corresponds to the completed
as a state of an evolving item. A variant is a version software product delivered for system integration.
of a program resulting from the application of The baselines to be used for a given project, along
software diversity. with the associated levels of authority needed for
change approval, are typically identified in the
2.1.5. Baseline SCMP.
[1, c3]
2.1.6. AcquiringSoftwareConfigurationItems
A software baseline is a formally approved version [3*, c18]
of a configuration item (regardless of media) that is
Software Configuration Management 6-9
Software configuration items are placed under control, access is more restricted and SCM is the
SCM control at different times; that is, they are primary user.
incorporated into a particular baseline at a These libraries are also an important source of
particular point in the software life cycle. The information for measurements of work and
triggering event is the completion of some form of progress.
formal acceptance task, such as a formal review.
Figure 6.2 characterizes the growth of baselined 3. Software Configuration Control
items as the life cycle proceeds. This figure is [2*, c9] [4*, c29s2]
based on the waterfall model for purposes of
illustration only; the subscripts used in the figure Software configuration control is concerned with
indicate versions of the evolving items. The managing changes during the software life cycle. It
software change request (SCR) is described in covers the process for determining what changes to
section 3.1. make, the authority for approv ing certain changes,
In acquiring an SCI, its origin and initial integrity support for the implementa tion of those changes,
must be established. Following the acquisition of an and the concept of formal deviations from project
SCI, changes to the item must be formally requirements as well as waivers of them.
approved as appropriate for the SCI and the Information derived from these activities is useful
baseline involved, as defined in the SCMP. in measuring change traffic and breakage as well as
Following approval, the item is incorporated into aspects of rework.
the software baseline according to the appropriate
procedure. 3.1. Requesting,Evaluating,andApproving
SoftwareChanges
2.2. SoftwareLibrary [2*, c9s2.4] [4*, c29s2]
[3*, c1s3] [4*, c29s1.2]
The first step in managing changes to controlled
A software library is a controlled collection of items is determining what changes to make. The
software and related documentation designed to aid software change request process (see a typical flow
in software development, use, or maintenance [1]. of a change request process in Figure 6.3) provides
It is also instrumental in software release formal procedures for submitting and recording
management and delivery activities. Several types change requests, evaluating the potential cost and
of libraries might be used, each corresponding to impact of a proposed change, and accepting,
the software items particular level of maturity. For modifying, deferring, or rejecting the proposed
example, a working library could support coding change. A change request (CR) is a request to
and a project support library could support testing, expand or reduce the project scope; modify
while a master library could be used for finished policies, processes, plans, or procedures; modify
products. An appropriate level of SCM control costs or budgets; or revise schedules [1]. Requests
(associated baseline and level of authority for for changes to software configuration items may be
change) is associated with each library. Security, in originated by anyone at any point in the software
terms of access control and the backup facilities, is life cycle and may include a suggested solution and
a key aspect of library management. requested priority. One source of a CR is the
The tool(s) used for each library must support the initiation of corrective action in response to
SCM control needs for that libraryboth in terms problem reports. Regardless of the source, the type
of controlling SCIs and controlling access to the of change (for example, defect or enhancement) is
library. At the working library level, this is a code usually recorded on the Software CR (SCR).
management capability serving developers, This provides an opportunity for tracking defects
maintainers, and SCM. It is focused on managing and collecting change activity measurements by
the versions of software items while supporting the change type. Once an SCR is received, a technical
activities of multiple developers. At higher levels of evaluation (also known as an impact analysis) is
6-10 SWEBOK Guide V3.0
-
-
performed to determine the extent of the authority of a CCB is strictly software, it is known
modifications that would be necessary should the as a Software Configuration Control Board
change request be accepted. A good understanding (SCCB). The activities of the CCB are typically
of the relationships among software (and, possibly, subject to software quality audit or review.
hardware) items is important for this task. Finally,
an established authoritycommensurate with the 3.1.2. SoftwareChangeRequestProcess
affected baseline, the SCI involved, and the nature [3*, c1s4, c8s4]
of the changewill evaluate the technical and
managerial aspects of the change request and either An effective software change request (SCR)
accept, modify, reject, or defer the proposed process requires the use of supporting tools and
change. procedures for originating change requests,
enforcing the
flow of the
change
process,
capturing
CCB
decisions, and
reporting
change
process
information.
A link
between this
tool
capability and
the problem-
Figure 6.3. Flow of a Change Control Process reporting
3.1.1. SoftwareConfigurationControlBoard system can
[2*, c9s2.2] [3*, c11s1] [4*, c29s2] facilitate the tracking of solutions for reported
problems.
The authority for accepting or rejecting proposed
changes rests with an entity typically known as a 3.2. ImplementingSoftwareChanges
Configuration Control Board (CCB). In smaller [4*, c29]
projects, this authority may actually reside with the
leader or an assigned individual rather than a Approved SCRs are implemented using the defined
multiperson board. There can be multiple levels of software procedures in accordance with the
change authority depending on a variety of criteria applicable schedule requirements. Since a number
such as the criticality of the item involved, the of approved SCRs might be implemented
nature of the change (for example, impact on simultaneously, it is necessary to provide a means
budget and schedule), or the projects current point for tracking which SCRs are incorporated into
in the life cycle. The composition of the CCBs used particular software versions and baselines. As part
for a given system varies depending on these of the closure of the change process, completed
criteria (an SCM representative would always be changes may undergo configuration audits and
present). All stakeholders, appropriate to the level software quality verificationthis includes
of the CCB, are represented. When the scope of ensuring that only approved changes have been
Software Configuration Management 6-11
made. The software change request process 4. Software Configuration Status Accounting
described above will typically document the SCM [2*, c10]
(and other) approval information for the change.
Changes may be supported by source code Software configuration status accounting (SCSA) is
version control tools. These tools allow a team of an element of configuration management consisting
software engineers, or a single software engineer, to of the recording and reporting of information
track and document changes to the source code. needed to manage a configuration effectively.
These tools provide a single repository for storing
the source code, can prevent more than one 4.1. SoftwareConfigurationStatusInformation
software engineer from editing the same module at [2*, c10s2.1]
the same time, and record all changes made to the
source code. Software engineers check modules out The SCSA activity designs and operates a system
of the repository, make changes, document the for the capture and reporting of necessary
changes, and then save the edited modules in the information as the life cycle proceeds. As in any
repository. If needed, changes can also be information system, the configuration status infor
mation to be managed for the evolving configura
discarded, restoring a previous baseline. More
tions must be identified, collected, and maintained.
powerful tools can support parallel development
Various information and measurements are needed
and geographically distributed environments. These
to support the SCM process and to meet the
tools may be manifested as separate, specialized
configuration status reporting needs of
applications under the control of an independent
management, software engineering, and other
SCM group. They may also appear as an integrated
related activities. The types of information
part of the software engineering environment.
available include the approved configuration
Finally, they may be as elementary as a
identification as well as the identification and
rudimentary change control system provided with
current implementation status of changes,
an operating system. deviations, and waivers.
Some form of automated tool support is
3.3. DeviationsandWaivers
necessary to accomplish the SCSA data collection
[1, c3]
and reporting tasks; this could be a database
capability, a stand-alone tool, or a capability of a
The constraints imposed on a software engineering
larger, integrated tool environment.
effort or the specifications produced during the
development activities might contain provisions
4.2. SoftwareConfigurationStatusReporting
that cannot be satisfied at the designated point in
[2*, c10s2.4] [3*, c1s5, c9s1, c17]
the life cycle. A deviation is a written authorization,
granted prior to the manufacture of an item, to Reported information can be used by various
depart from a particular performance or design organizational and project elementsincluding the
requirement for a specific number of units or a development team, the maintenance team, project
specific period of time. A waiver is a written management, and software quality activities.
authorization to accept a configuration item or Reporting can take the form of ad hoc queries to
other designated item that is found, during answer specific questions or the periodic
production or after having been submitted for production of predesigned reports. Some
inspection, to depart from specified requirements information produced by the status accounting
but is nevertheless considered suitable for use as-is activity during the course of the life cycle might
or after rework by an approved method. In these become quality assurance records.
cases, a formal process is used for gaining approval
In addition to reporting the current status of the
for deviations from, or waivers of, the provisions. configuration, the information obtained by the
SCSA can serve as a basis of various
measurements. Examples include the number of
6-12 SWEBOK Guide V3.0
-
-
change requests per SCI and the average time reference documentation is consistent with the as-
needed to implement a change request. built software product.
A software audit is an independent examination of As mentioned above, audits can be carried out
a work product or set of work products to assess during the development process to investigate the
compliance with specifications, standards, current status of specific elements of the
contractual agreements, or other criteria [1]. Audits configuration. In this case, an audit could be
are conducted according to a well-defined process applied to sampled baseline items to ensure that
consisting of various auditor roles and performance is consistent with specifications or to
responsibilities. Consequently, each audit must be ensure that evolving documentation continues to be
carefully planned. An audit can require a number of consistent with the developing baseline item.
individuals to perform a variety of tasks over a
fairly short period of time. Tools to support the 6. Software Release Management and Delivery
planning and conduct of an audit can greatly [2*, c14] [3*, c8s2]
facilitate the process.
Software configuration auditing determines the In this context, release refers to the distribution of
extent to which an item satisfies the required a software configuration item outside the
functional and physical characteristics. Informal development activity; this includes internal releases
audits of this type can be conducted at key points in as well as distribution to customers. When different
the life cycle. Two types of formal audits might be versions of a software item are available for
required by the governing contract (for example, in delivery (such as versions for different platforms or
contracts covering critical software): the Functional versions with varying capabilities), it is frequently
Configuration Audit (FCA) and the Physical necessary to recreate specific versions and package
Configuration Audit (PCA). Successful completion the correct materials for delivery of the version.
of these audits can be a prerequisite for the The software library is a key element in
establishment of the product baseline. accomplishing release and delivery tasks.
5.2. SoftwarePhysicalConfigurationAudit
[2*, c11s2.2]
Software building is the activity of combining the case, supporting tools and associated build
correct versions of software configuration items, instructions need to be under SCM control to
using the appropriate configuration data, into an ensure availability of the correct versions of the
executable program for delivery to a customer or tools.
other recipient, such as the testing activity. For A tool capability is useful for selecting the
systems with hardware or firmware, the executable correct versions of software items for a given target
program is delivered to the system-building environment and for automating the process of
activity. Build instructions ensure that the proper building the software from the selected versions
build steps are taken in the correct sequence. In and appropriate configuration data. For projects
addition to building software for new releases, it is with parallel or distributed development
usually also necessary for SCM to have the environments, this tool capability is necessary.
capability to reproduce previous releases for Most software engineering environments provide
recovery, testing, maintenance, or additional release this capability. These tools vary in complexity from
purposes. requiring the software engineer to learn a
Software is built using particular versions of specialized scripting language to graphics-oriented
supporting tools, such as compilers (see Compiler approaches that hide much of the complexity of an
Basics in the Computing Foundations KA). It might intelligent build facility.
be necessary to rebuild an exact copy of a The build process and products are often subject
previously built software configuration item. In this to software quality verification. Outputs of
6-14 SWEBOK Guide V3.0
the build process might be needed for future maintain information on various target platforms
reference and may become quality assurance and on various customer environments.
records.
7. Software Configuration Management Tools
6.2. SoftwareReleaseManagement [3*, c26s1] [4*, c8s2]
[4*, c29s3.2]
When discussing software configuration
Software release management encompasses the management tools, it is helpful to classify them.
identification, packaging, and delivery of the SCM tools can be divided into three classes in
elements of a productfor example, an terms of the scope at which they provide
executable program, documentation, release support: individual support, project-related
notes, and configuration data. Given that support, and companywide-process support.
product changes can occur on a continuing Individual support tools are appropriate and
basis, one concern for release management is typically sufficient for small organizations or
determining when to issue a release. The development groups without variants of their
severity of the problems addressed by the software products or other complex SCM
release and measurements of the fault densities requirements. They include:
of prior releases affect this decision. The
packaging task must identify which product Version control tools: track, document, and
items are to be delivered and then select the store individual configuration items such as
correct variants of those items, given the source code and external documentation.
intended application of the product. The Build handling tools: in their simplest form,
information documenting the physical contents such tools compile and link an executable
of a release is known as a version description version of the software. More advanced
document. The release notes typically describe building tools extract the latest version from
new capabilities, known problems, and platform the version control software, perform
requirements necessary for proper product quality checks, run regression tests, and
operation. The package to be released also produce various forms of reports, among
contains installation or upgrading instructions. other tasks.
The latter can be complicated by the fact that Change control tools: mainly support the
some current users might have versions that are control of change requests and events
several releases old. In some cases, release notification (for example, change request
management might be required in order to track status changes, milestones reached).
distribution of the product to various customers
or target systemsfor example, in a case where Project-related support tools mainly support
the supplier was required to notify a customer of workspace management for development teams
newly reported problems. Finally, a mechanism and integrators; they are typically able to
to ensure the integrity of the released item can support distributed development environments.
be implementedfor example by releasing a Such tools are appropriate for medium to large
digital signature with it. organizations with variants of their software
A tool capability is needed for supporting products and parallel development but no
these release management functions. It is useful certification requirements.
to have a connection with the tool capability Companywide-processsupporttools can
supporting the change request process in order typically automate portions of a companywide
to map release contents to the SCRs that have process, providing support for workflow
been received. This tool capability might also managements, roles, and responsibilities. They
Software Configuration Management 6-15
are able to handle many items, data, and life by supporting a more formal development
cycles. Such tools add to project-related support process, including certification requirements.
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Hass 2003
[3*] Moore [5*]
2006
IEEE 828-2012
[2*] Sommerville 201
[4*]
Hass 2003
[3*] Moore [5*]
2006
IEEE 828-2012
[2*] Sommerville 201
[4*]
2.1.5. Baseline
2.1.6. Acquiring Software
c18
Configuration Items
2.2. Software Library c1s3 c29s1.2
3. Software Configuration
c9 c29s2
Control
3.1. Requesting, Evaluating, and
c9s2.4 c29s2
Approving Software Changes
3.1.1. Software
Configuration c9s2.2 c11s1 c29s2
Control Board
3.1.2. Software Change
c1s4, c8s4
Request Process
3.2. Implementing Software
c29
Changes
3.3. Deviations and Waivers
4. Software Configuration
c10
Status Accounting
4.1. Software Configuration
c10s2.1
Status Information
Software Configuration Management 6-17
This model presents a collection of best [6] S.P. Berczuk and B. Appleton, Software
practices to help software development ConfigurationManagementPatterns:
organizations improve their processes. At EffectiveTeamwork,PracticalIntegration,
maturity level 2, it suggests configuration Addison-Wesley Professional, 2003.
management activities.
REFERENCES [7] CMMI Product Team, CMMI for
Development, Version 1.3, Software
[1] ISO/IEC/IEEE24765:2010Systemsand Engineering Institute, 2010; http://
SoftwareEngineeringVocabulary, ISO/ resources.sei.cmu.edu/library/asset-view.
IEC/IEEE, 2010. cfm?assetID=9661.
Software Configuration Management 6-1
CHAPTER 7
7-1
This KA is closely related to others in the software development project is being managed,
SWEBOK Guide, and reading the following KA independent of the software development life
descriptions in conjunction with this one will be cycle model (see Software Life Cycle Models in
particularly helpful: the Software Engineering Process KA) that has
been chosen for a specific project. There is no
The Engineering Foundations KA describes intent in this breakdown to recommend a
some general concepts of measurement that specific life cycle model. The breakdown
are directly applicable to the Software implies only what happens and does not imply
Engineering Measurement section of this when, how, or how many times each activity
KA. In addition, the concepts and occurs. The seven topics are:
techniques presented in the Statistical
Analysis section of the Engineering Initiation and Scope Definition, which deal
Foundations KA apply directly to many with the decision to embark on a software
topics in this KA. engineering project;
The Software Requirements KA describes Software Project Planning, which addresses
some of the activities that should be the activities undertaken to prepare for a
performed during the Initiation and Scope successful software engineering project
definition phase of the project. from the management perspective;
The Software Configuration Management Software Project Enactment, which deals
KA deals with identification, control, status with generally accepted software
accounting, and auditing of software engineering management activities that
configurations along with software release occur during the execution of a software
management and delivery and software engineering project;
configuration management tools. Review and Evaluation, which deal with
The Software Engineering Process KA ensuring that technical, schedule, cost, and
describes software life cycle models and the quality engineering activities are
relationships between processes and work satisfactory; Closure, which addresses the
products. activities accomplished to complete a
The Software Quality KA emphasizes project;
quality as a goal of management and as an Software Engineering Measurement, which
aim of many software engineering activities. deals with the effective development and
The Software Engineering Economics KA implementation of measurement programs
discusses how to make software-related in software engineering organizations;
decisions in a business context. Software Engineering Management Tools,
which describes the selection and use of
BREAKDOWN OF TOPICS FOR
SOFTWARE ENGINEERING tools for managing a software engineering
MANAGEMENT project. 1. Initiation and Scope Definition
Because most software development life cycle The focus of these activities is on effective
models require similar activities that may be determination of software requirements using
executed in different ways, the breakdown of various elicitation methods and the assessment
topics is activity-based. That breakdown is of project feasibility from a variety of
shown in Figure 7.1. The elements of the top- standpoints. Once project feasibility has been
level breakdown shown in that figure are the established, the remaining tasks within this
activities that are usually performed when a section are the specification of requirements and
Software Configuration Management 6-5
selection of the processes for revision and revised (for example, change management
review of requirements. procedures, iterative cycle retrospectives). This
clearly implies that scope and requirements will
1.1. DeterminationandNegotiationof not be set in stone but can and should be
Requirements revisited at predetermined points as the project
[3*, c3] unfolds (for example, at the time when backlog
priorities are created or at milestone reviews). If
Determining and negotiating requirements set changes are accepted, then some form of
the visible boundaries for the set of tasks being traceability analysis and risk analysis should be
undertaken (see the Software Requirements used to ascertain the impact of those changes
KA). Activities include requirements elicitation, (see section 2.5, Risk Management, and
analysis, specification, and validation. Methods Software Configuration Control in the Software
and techniques should be selected and applied, Configuration Management KA).
taking into account the various stakeholder A managed-change approach can also form
perspectives. This leads to the determination of the basis for evaluation of success during
project scope in order to meet objectives and closure of an incremental cycle or an entire
satisfy constraints. project, based on changes that have occurred
along the way (see topic 5, Closure).
1.2. FeasibilityAnalysis
[4*, c4] 2.Software Project Planning
The purpose of feasibility analysis is to develop The first step in software project planning
a clear description of project objectives and should be selection of an appropriate software
evaluate alternative approaches in order to development life cycle model and perhaps
determine whether the proposed project is the tailoring it based on project scope, software
best alternative given the constraints of requirements, and a risk assessment. Other
technology, resources, finances, and factors to be considered include the nature of
social/political considerations. An initial project the application domain, functional and technical
and product scope statement, project complexity, and software quality requirements
deliverables, project duration constraints, and an (see Software Quality Requirements in the
estimate of resources needed should be Software Quality KA).
prepared. In all SDLCs, risk assessment should be an
Resources include a sufficient number of element of initial project planning, and the risk
people who have the needed skills, facilities, profile of the project should be discussed and
infrastructure, and support (either internally or accepted by all relevant stakeholders. Software
externally). Feasibility analysis often requires quality management processes (see Software
approximate estimations of effort and cost based Quality Management Processes in the Software
on appropriate methods (see section 2.3, Effort, Quality KA) should be determined as part of the
Schedule, and Cost Estimation). planning process and result in procedures and
1.3. ProcessfortheReviewand responsibilities for software quality assurance,
RevisionofRequirements verification and validation, reviews, and audits
[3*, c3] (see the Software Quality KA). Processes and
responsibilities for ongoing review and revision
Given the inevitability of change, stakeholders of the project plan and related plans should also
should agree on the means by which be clearly stated and agreed upon.
requirements and scope are to be reviewed and 2.1. ProcessPlanning
6-6 SWEBOK Guide V3.0
[3*, c3, c4, c5] [5*, c1] The work product(s) of each project activity (for
example, software architecture design
Software development life cycle (SDLC) documents, inspection reports, tested software)
models span a continuum from predictive to should be identified and characterized.
adaptive (see Software Life Cycle Models in the Opportunities to reuse software components
Software Engineering Process KA). Predictive from previous projects or to utilize off-the-shelf
SDLCs are characterized by development of software products should be evaluated.
detailed software requirements, detailed project Procurement of software and use of third parties
planning, and minimal planning for iteration to develop deliverables should be planned and
among development phases. Adaptive SDLCs suppliers selected (see section 3.2, Software
are designed to accommodate emergent Acquisition and Supplier Contract
software requirements and iterative adjustment Management).
of plans. A highly predictive SDLC executes the
first five processes listed in Figure 7.1 in a 2.3. Effort,Schedule,andCostEstimation
linear sequence with revisions to earlier phases [3*, c6]
only as necessary. Adaptive SDLCs are
characterized by iterative development cycles. The estimated range of effort required for a
SDLCs in the mid-range of the SDLC project, or parts of a project, can be determined
continuum produce increments of functionality using a calibrated estimation model based on
on either a preplanned schedule (on the historical size and effort data (when available)
predictive side of the continuum) or as the and other relevant methods such as expert
products of frequently updated development judgment and analogy. Task dependencies can
cycles (on the adaptive side of the continuum). be established and potential opportunities for
Well-known SDLCs include the waterfall, completing tasks concurrently and sequentially
incremental, and spiral models plus various can be identified and documented using a Gantt
forms of agile software development [2] [3*, chart, for example. For predictive SDLC
c2]. projects, the expected schedule of tasks with
Relevant methods (see the Software projected start times, durations, and end times is
Engineering Models and Methods KA) and tools typically produced during planning. For
should be selected as part of planning. adaptive SDLC projects, an overall estimate of
Automated tools that will be used throughout effort and schedule is typically developed from
the project should also be planned for and the initial understanding of the requirements, or,
acquired. Tools may include tools for project alternatively, constraints on overall effort and
scheduling, software requirements, software schedule may be specified and used to
design, software construction, software determine an initial estimate of the number of
maintenance, software configuration iterative cycles and estimates of effort and other
management, software engineering process, resources allocated to each cycle.
software quality, and others. While many of Resource requirements (for example, people
these tools should be selected based primarily and tools) can be translated into cost estimates.
on the technical considerations discussed in Initial estimation of effort, schedule, and cost is
other KAs, some of them are closely related to an iterative activity that should be negotiated
the management considerations discussed in this and revised among affected stakeholders until
chapter. consensus is reached on resources and time
available for project completion.
2.2. DetermineDeliverables
[3*, c4, c5, c6] 2.4. ResourceAllocation
Software Configuration Management 6-7
plans should account for the various artifacts what the supplier or suppliers are providing and
that will be used to manage the project. what the acquirer is paying for, plus what will
be delivered to and owned by the acquirer. For
3.Software Project Enactment software being developed by suppliers (both
internal to or external to the software
During software project enactment (also known development organization), agreements
as project execution) plans are implemented and commonly indicate software quality
the processes embodied in the plans are enacted. requirements for acceptance of the delivered
Throughout, there should be a focus on software.
adherence to the selected SDLC processes, with After the agreement has been put in place,
an overriding expectation that adherence will execution of the project in compliance with the
lead to the successful satisfaction of stakeholder terms of the agreement should be managed (see
requirements and achievement of the projects chapter 12 of SWX, Software Procurement
objectives. Fundamental to enactment are the Management, for more information on this topic
ongoing management activities of monitoring, [2]).
controlling, and reporting.
3.3. ImplementationofMeasurementProcess
3.1. ImplementationofPlans [3*, c7]
[4*, c2]
The measurement process should be enacted
Project activities should be undertaken in during the software project to ensure that
accordance with the project plan and supporting relevant and useful data are collected (see
plans. Resources (for example, personnel, sections 6.2, Plan the Measurement Process, and
technology, and funding) are utilized and work 6.3, Perform the Measurement Process).
products (for example, software design,
software code, and software test cases) are 3.4. MonitorProcess
generated. [3*, c8]
the deviation of actual from expected outcomes At specified and agreed-upon times, progress to
and values should be determined. This may date should be reportedboth within the
include cost overruns, schedule slippage, or organization (for example, to a project steering
other similar measures. Outlier identification committee) and to external stakeholders (for
and analysis of quality and other measurement example, clients or users). Reports should focus
data should be performed (for example, defect on the information needs of the target audience
analysis; see Software Quality Measurement in as opposed to the detailed status reporting
the Software Quality KA). Risk exposures within the project team.
should be recalculated (see section 2.5, Risk
Management). These activities can enable 4.Review and Evaluation
problem detection and exception identification
based on thresholds that have been exceeded. At prespecified times and as needed, overall
Outcomes should be reported when thresholds progress towards achievement of the stated
have been exceeded, or as necessary. objectives and satisfaction of stakeholder (user
and customer) requirements should be
3.5. ControlProcess evaluated. Similarly, assessments of the
[3*, c7, c8] effectiveness of the software process, the
personnel involved, and the tools and methods
The outcomes of project monitoring activities employed should also be undertaken regularly
provide the basis on which decisions can be and as determined by circumstances.
made. Where appropriate, and when the
probability and impact of risk factors are 4.1. DeterminingSatisfactionof
understood, changes can be made to the project. Requirements
This may take the form of corrective action (for [4*, c8]
example, retesting certain software
components); it may involve incorporating Because achieving stakeholder satisfaction is a
additional actions (for example, deciding to use principal goal of the software engineering
prototyping to assist in software requirements manager, progress towards this goal should be
validation; see Prototyping in the Software assessed periodically. Progress should be
Requirements KA); and/or it may entail revision assessed on achievement of major project
of the project plan and other project documents milestones (for example, completion of software
(for example, the software requirements design architecture or completion of a software
specification) to accommodate unanticipated technical review), or upon completion of an
events and their implications. iterative development cycle that results in a
In some instances, the control process may product increment. Variances from software
lead to abandonment of the project. In all cases, requirements should be identified and
software configuration control and software appropriate actions should be taken.
configuration management procedures should be As in the control process activity above (see
adhered to (see the Software Configuration section 3.5, Control Process), software
Management KA), decisions should be configuration control and software configuration
documented and communicated to all relevant management procedures should be followed (see
parties, plans should be revisited and revised the Software Configuration Management KA),
when necessary, and relevant data recorded (see decisions documented and communicated to all
section 6.3, Perform the Measurement Process). relevant parties, plans revisited and revised
where necessary, and relevant data recorded (see
3.6. Reporting section 6.3, Perform the Measurement Process).
[3*, c11]
6-10 SWEBOK Guide V3.0
from measurement users. Lessons learned scheduling tools that analyze the tasks within a
should be recorded in an appropriate work breakdown structure, their estimated
database. durations, their precedence relationships, and
Identify potential improvements. Such the resources assigned to each task to produce a
improvements may be changes in the format schedule in the form of a Gantt chart.
of indicators, changes in units measured, or Tracking tools can be used to track project
reclassification of measurement categories. milestones, regularly scheduled project status
The costs and benefits of potential meetings, scheduled iteration cycles, product
improvements should be determined and demonstrations, and/or action items.
appropriate improvement actions should be Risk Management Tools. Risk management
reported. tools (see section 2.5, Risk Management) can be
Communicate proposed improvements to used to track risk identification, estimation, and
the measurement process owner and monitoring. These tools include the use of
stakeholders for review and approval. Also, approaches such as simulation or decision trees
lack of potential improvements should be to analyze the effect of costs versus payoffs and
communicated if the analysis fails to subjective estimates of the probabilities of risk
identify any improvements. events. Monte Carlo simulation tools can be
used to produce probability distributions of
7. Software Engineering Management Tools effort, schedule, and risk by combining multiple
[3*, c5, c6, c7] input probability distributions in an algorithmic
manner.
Software engineering management tools are CommunicationsTools.Communication tools
often used to provide visibility and control of can assist in providing timely and consistent
software engineering management processes. information to relevant stakeholders involved in
Some tools are automated while others are a project. These tools can include things like
manually implemented. There has been a recent email notifications and broadcasts to team
trend towards the use of integrated suites of members and stakeholders. They also include
software engineering tools that are used communication of minutes from regularly
throughout a project to plan, collect and record, scheduled project meetings, daily stand-up
monitor and control, and report project and meetings, plus charts showing progress,
product information. Tools can be divided into backlogs, and maintenance request resolutions.
the following categories: Measurement Tools. Measurement tools
ProjectPlanningandTrackingTools. Project support activities related to the software
planning and tracking tools can be used to measurement program (see topic 6, Software
estimate project effort and cost and to prepare Engineering Measurement). There are few
project schedules. Some projects use automated completely automated tools in this category.
estimation tools that accept as input the Measurement tools used to gather, analyze, and
estimated size and other characteristics of a report project measurement data may be based
software product and produce estimates of the on spreadsheets developed by project team
required total effort, schedule, and cost. members or organizational employees.
Planning tools also include automated
MATRIX OF TOPICS VS. REFERENCE MATERIAL
6-14 SWEBOK Guide V3.0
Fairley [3*]
2009
Sommerville 2011 McGarry et al. 20
[4*]
Boehm and Turner 2003
[7*]
[5*]
Fairley [3*]
2009
Sommerville 2011 McGarry et al. 20
[4*]
Boehm and Turner 2003
[7*]
[5*]
5. Closure
5.1. Determining Closure
5.2. Closure Activities
6. Software Engineering
Measurement
6.1. Establish and Sustain
c1, c2
Measurement Commitment
6.2. Plan the Measurement
c1, c2
Process
6.3. Perform the Measurement
c1, c2
Process
6.4. Evaluate Measurement c1, c2
7. Software Engineering
c5, c6, c7
Management Tools
FURTHER READINGS The PMBOK Guide provides guidelines for
managing individual projects and defines
AGuidetotheProjectManagementBodyof project management-related concepts. It also
Knowledge(PMBOKGuide) [1]. describes the project management life cycle and
its related processes, as well as the project life
6-16 SWEBOK Guide V3.0
cycle. It is a globally recognized guide for the [2] Project Management Institute and IEEE
project management profession. Computer Society, SoftwareExtensiontothe
PMBOKGuideFifthEdition, Project
SoftwareExtensiontotheGuidetothe Management Institute, 2013.
ProjectManagementBodyofKnowledge
(PMBOKGuide) [2]. [3*] R.E. Fairley, ManagingandLeading
SoftwareProjects, Wiley-IEEE Computer
SWX provides adaptations and extensions to the Society Press, 2009.
generic practices of project management
documented in the PMBOKGuide for [4*] I. Sommerville, SoftwareEngineering, 9th
managing software projects. The primary ed., Addison-Wesley, 2011.
contribution of this extension to the PMBOK
Guide is a description of processes that are [5*] B. Boehm and R. Turner, BalancingAgility
applicable for managing adaptive life cycle andDiscipline:AGuideforthePerplexed,
software projects. Addison-Wesley, 2003.
PROCESS
1. Software Process Definition also include its entry and exit criteria and
[1*, p177] [2*, p295] [3*, p2829, p36, c5] decomposition of the work activities into tasks,
which are the smallest units of work subject to
This topic is concerned with a definition of management accountability. A process input
software process, software process may be a triggering event or the output of
management, and software process another process. Entry criteria should be
infrastructure. satisfied before a process can commence. All
As stated above, a software process is a set of specified conditions should be satisfied before a
interrelated activities and tasks that transform process can be successfully concluded,
input work products into output work products. including the acceptance criteria for the output
At minimum, the description of a software work product or work products.
process includes required inputs, transforming
work activities, and outputs generated. As
illustrated in Figure 8.2, a software process may
Software Configuration Management 6-3
example, changes in IT infrastructure tools and oversee implementation and improvement of the
technology often require process changes. software processes.
Existing processes may be modified when A common misperception is that establishing
other new processes are deployed for the first a software process infrastructure and
time (for example, introducing an inspection implementing repeatable software processes will
activity within a software development project add time and cost to software development and
will likely impact the software testing process maintenance. There is a cost associated with
see Reviews and Audits in the Software Quality introducing or improving a software process;
KA and in the Software Testing KA). These however, experience has shown that
situations can also be termed process implementing systematic improvement of
evolution. If the modifications are extensive, software processes tends to result in lower cost
then changes in the organizational culture and through improved efficiency, avoidance of
business model will likely be necessary to rework, and more reliable and affordable
accommodate the process changes. software. Process performance thus influences
1.2. SoftwareProcessInfrastructure software product quality.
[2*, p183, p186] [4*, p437438]
2. Software Life Cycles
Establishing, implementing, and managing [1*, c2] [2*, p190]
software processes and software life cycle
models often occurs at the level of individual This topic addresses categories of software
software projects. However, systematic processes, software life cycle models, software
application of software processes and software process adaptation, and practical considerations.
life cycle models across an organization can A software development life cycle (SDLC)
provide benefits to all software work within the includes the software processes used to specify
organization, although it requires commitment and transform software requirements into a
at the organizational level. A software process deliverable software product. A software
infrastructure can provide process definitions, product life cycle (SPLC) includes a software
policies for interpreting and applying the development life cycle plus additional software
processes, and descriptions of the procedures to processes that provide for deployment,
be used to implement the processes. maintenance, support, evolution, retirement, and
Additionally, a software process infrastructure all other inceptionto-retirement processes for a
may provide funding, tools, training, and staff software product, including the software
members who have been assigned configuration management and software quality
responsibilities for establishing and maintaining assurance processes that are applied throughout
the software process infrastructure. a software product life cycle. A software
Software process infrastructure varies, product life cycle may include multiple software
depending on the size and complexity of the development life cycles for evolving and
organization and the projects undertaken within enhancing the software.
the organization. Small, simple organizations Individual software processes have no
and projects have small, simple infrastructure temporal ordering among them. The temporal
needs. Large, complex organizations and relationships among software processes are
projects, by necessity, have larger and more provided by a software life cycle model: either
complex software process infrastructures. In the an SDLC or SPLC. Life cycle models typically
latter case, various organizational units may be emphasize the key software processes within the
established (such as a software engineering model and their temporal and logical
process group or a steering committee) to interdependencies and relationships. Detailed
Software Configuration Management 6-5
construction, and testing) can be adapted to exit criteria are being met, to review risk factors
facilitate operation, support, maintenance, and risk management, or to identify lessons
migration, and retirement of the software. learned. Process assessment is carried out using
Additional factors to be considered when both an assessment model and an assessment
defining and tailoring a software life cycle method. The model can provide a norm for a
model include required conformance to benchmarking comparison among projects
standards, directives, and policies; customer within an organization and among
demands; criticality of the software product; and organizations.
organizational maturity and competencies. Other A process audit differs from a process
factors include the nature of the work (e.g., assessment. Assessments are performed to
modification of existing software versus new determine levels of capability or maturity and to
development) and the application domain (e.g., identify software processes to be improved.
aerospace versus hotel management). Audits are typically conducted to ascertain
compliance with policies and standards. Audits
3. Software Process Assessment and provide management visibility into the actual
Improvement operations being performed in the organization
[2*, p188, p194] [3*, c26] [4*, p397, c15] so that accurate and meaningful decisions can
be made concerning issues that are impacting a
This topic addresses software process development project, a maintenance activity, or
assessment models, software process a software-related topic.
assessment methods, software process Success factors for software process
improvement models, and continuous and assessment and improvement within software
staged process ratings. Software process engineering organizations include management
assessments are used to evaluate the form and sponsorship, planning, training, experienced and
content of a software process, which may be capable leaders, team commitment, expectation
specified by a standardized set of criteria. In management, the use of change agents, plus
some instances, the terms process appraisal pilot projects and experimentation with tools.
and capability evaluation are used instead of Additional factors include independence of the
process assessment. Capability evaluations are assessor and the timeliness of the assessment.
typically performed by an acquirer (or potential
acquirer) or by an external agent on behalf of an 3.1. SoftwareProcessAssessmentModels
acquirer (or potential acquirer). The results are [2*, s4.5, s4.6] [3*, s26.5] [4*, p4448]
used as an indicator of whether the software
processes used by a supplier (or potential Software process assessment models typically
supplier) are acceptable to the acquirer. include assessment criteria for software
Performance appraisals are typically performed processes that are regarded as constituting good
within an organization to identify software practices. These practices may address software
processes in need of improvement or to development processes only, or they may also
determine whether a process (or processes) include topics such as software maintenance,
satisfies the criteria at a given level of process software project management, systems
capability or maturity. engineering, or human resources management.
Process assessments are performed at the
levels of entire organizations, organizational 3.2. SoftwareProcessAssessmentMethods
units within organizations, and individual [1*, p322331] [3*, s26.3]
projects. Assessment may involve issues such as [4*, p4448, s16.4] [6]
assessing whether software process entry and
6-8 SWEBOK Guide V3.0
Standardized definitions and counting rules product improvement goals. Needed data can be
for measurement of software processes and collected and retained in a repository; the data
work products are necessary to provide can be analyzed and models can be constructed.
standardized measurement results across Validation and refinement of software
projects within an organization, to populate a information models occur during software
repository of historical data that can be analyzed projects and after projects are completed to
to identify software processes that need to be ensure that the level of accuracy is sufficient
improved, and to build predictive models based and that their limitations are known and
on accumulated data. In the example above, understood. Software information models may
definitions of software defects and staff-hours of also be developed for contexts other than
testing effort plus counting rules for defects and software projects; for example, a software
effort would be necessary to obtain satisfactory information model might be developed for
measurement results. processes that apply across an organization,
The extent to which the software process is such as software configuration management or
institutionalized is important; failure to software quality assurance processes at the
institutionalize a software process may explain organizational level.
why good software processes do not always Analysis-driven software information model
produce anticipated results. Software processes building involves the development, calibration,
may be institutionalized by adoption within the and evaluation of a model. A software
local organizational unit or across larger units of information model is developed by establishing
an enterprise. a hypothesized transformation of input variables
into desired outputs; for example, product size
4.2. QualityofMeasurementResults and complexity might be transformed into
[4*, s3.43.7] estimated effort needed to develop a software
product using a regression equation developed
The quality of process and product measurement from observed data from past projects. A model
results is primarily determined by the reliability is calibrated by adjusting parameters in the
and validity of the measured results. model to match observed results from past
Measurements that do not satisfy these quality projects; for example, the exponent in a
criteria can result in incorrect interpretations nonlinear regression model might be changed by
and faulty software process improvement applying the regression equation to a different
initiatives. Other desirable properties of set of past projects other than the projects used
software measurements include ease of to develop the model.
collection, analysis, and presentation plus a A model is evaluated by comparing computed
strong correlation between cause and effect. results to actual outcomes for a different set of
The Software Engineering Measurement topic similar data. There are three possible evaluation
in the Software Engineering Management KA outcomes:
describes a process for implementing a software
measurement program. 1. results computed for a different data set
4.3. SoftwareInformationModels vary widely from actual outcomes for that
[1*, p310311] [3*, p712713] [4*, s19.2] data set, in which case the derived model is
not applicable for the new data set and
Software information models allow modeling, should not be applied to analyze or make
analysis, and prediction of software process and predictions
software product attributes to provide answers for future projects;
to relevant questions and achieve process and
6-12 SWEBOK Guide V3.0
2. results computed for a new data set are activities that are candidates for improvement.
close to actual outcomes for that data set, in In some cases, new software processes may be
which case minor adjustments are made to needed.
the parameters of the model to improve Process measurement techniques also provide
agreement; the information needed to measure the effects of
3. results computed for the new data set and process improvement initiatives. Process
subsequent data sets are very close and no measurement techniques can be used to collect
adjustments to the model are needed. both quantitative and qualitative data.
assess the impact of various approaches to process tools allow different types of analyses
software process improvement. and simulations (for example, discrete event
Orthogonal Defect Classification (ODC) can simulation). In addition, general purpose
be used to analyze quantitative process business tools, such as a spreadsheet, may be
measurement data. ODC can be used to group useful.
detected defects into categories and link the Computer-Assisted Software Engineering
defects in each category to the software process (CASE) tools can reinforce the use of integrated
or software processes where a group of defects processes, support the execution of process
originated (see Defect Characterization in the definitions, and provide guidance to humans in
Software Quality KA). Software interface performing well-defined processes. Simple tools
defects, for example, may have originated such as word processors and spreadsheets can
during an inadequate software design process; be used to prepare textual descriptions of
improving the software design process will processes, activities, and tasks; these tools also
reduce the number of software interface defects. support traceability among the inputs and
ODC can provide quantitative data for applying outputs of multiple software processes (such as
root cause analysis. stakeholder needs analysis, software
Statistical Process Control can be used to requirements specification, software
track process stability, or the lack of process architecture, and software detailed design) as
stability, using control charts. well as the results of software processes such as
documentation, software components, test cases,
4.4.2. QualitativeProcessMeasurement and problem reports.
Techniques Most of the knowledge areas in this Guide
[1*, s6.4] describe specialized tools that can be used to
manage the processes within that KA. In
Qualitative process measurement techniques particular, see the Software Configuration
including interviews, questionnaires, and expert Management KA for a discussion of software
judgmentcan be used to augment quantitative configuration management tools that can be
process measurement techniques. Group used to manage the construction, integration,
consensus techniques, including the Delphi and release processes for software products.
technique, can be used to obtain consensus Other tools, such as those for requirements
among groups of stakeholders. management and testing, are described in the
appropriate KAs.
5. Software Engineering Process Tools Software process tools can support projects
[1*, s8.7] that involve geographically dispersed (virtual)
teams. Increasingly, software process tools are
Software process tools support many of the available through cloud computing facilities as
notations used to define, implement, and well as through dedicated infrastructures.
manage individual software processes and A project control panel or dashboard can
software life cycle models. They include editors display selected process and product attributes
for notations such as data-flow diagrams, state for software projects and indicate measurements
charts, BPMN, IDEF0 diagrams, Petri nets, and that are within control limits and those needing
UML activity diagrams. In some cases, software corrective action.
MATRIX OF TOPICS VS. REFERENCE MATERIAL
6-14 SWEBOK Guide V3.0
Kan 2003
[4*]
Fairley [1*]
2009
Moore 2009
[2*]
Sommerville 2011
[3*]
p2829,
1. Software Process Definition p177 p295 p36,
c5
1.1. Software Process Management s26.1 p453454
p183,
1.2. Software Process Infrastructure p437438
p186
2. Software Life Cycles c2 p190
c22, c23,
2.1. Categories of Software Processes preface p294295
c24
2.2. Software Life Cycle Models c2 s3.2 s2.1
2.3. Software Process Adaptation s2.7 p51
2.4. Practical Considerations p188190
3. Software Process Assessment and p188,
c26 p397, c15
Improvement p194
3.1. Software Process Assessment s4.5,
s26.5 p4448
Models s4.6
3.2. Software Process Assessment p4448,
p322331 s26.3
Methods s16.4
3.3. Software Process Improvement
p187188 s26.5 s2.7
Models
3.4. Continuous and Staged Ratings p2834 s26.5 p3945
4. Software Measurement s26.2 s18.1.1
4.1. Software Process and Product s6.3, s26.2,
Measurement p273 p638
s3.4,
s3.5,
4.2. Quality of Measurement Results
s3.6,
s3.7
4.3. Software Information Models p310311 p. 712 s19.2
713
Software Configuration Management 6-15
s5.1,
4.4. Software Process Measurement s6.4,
s5.7,
Techniques c8
s9.8
5. Software Engineering Process Tools s8.7
FURTHER READINGS ISO/IEC15504-1:2004Informationtechnology
ProcessassessmentPart1:Concepts
SoftwareExtensiontotheGuidetotheProject andvocabulary [8].
ManagementBodyofKnowledge (SWX)
[5]. This standard, commonly known as SPICE
(Software Process Improvement and Capability
SWX provides adaptations and extensions to the Determination), includes multiple parts. Part 1
generic practices of project management provides concepts and vocabulary for software
documented in the PMBOK Guide for development processes and related
managing software projects. The primary businessmanagement functions. Other parts of
contribution of this extension to the PMBOK 15504 define the requirements and procedures
Guideis description of processes that are for performing process assessments.
applicable for managing adaptive life cycle REFERENCES
software projects.
[1*] R.E. Fairley, ManagingandLeading
D. Gibson, D. Goldenson, and K. Kost, SoftwareProjects, Wiley-IEEE Computer
Performance Results of CMMI-Based Society Press, 2009.
Process Improvement [6].
[2*] J.W. Moore, TheRoadMaptoSoftware
This technical report summarizes publicly Engineering:AStandards-BasedGuide,
available empirical evidence about the Wiley-IEEE Computer Society Press, 2006.
performance results that can occur as a
consequence of CMMIbased process [3*] I. Sommerville, SoftwareEngineering, 9th
improvement. The report contains a series of ed., Addison-Wesley, 2011.
brief case descriptions that were created with
collaboration from representatives from 10 [4*] S.H. Kan, MetricsandModelsinSoftware
organizations that have achieved notable QualityEngineering, 2nd ed.,
AddisonWesley, 2002.
quantitative performance results through their
CMMI-based improvement efforts.
[5] Project Management Institute and IEEE
CMMI forDevelopment,Version1.3 [7].
Computer Society, SoftwareExtensionto
thePMBOKGuideFifthEdition, ed:
CMMIforDevelopment,Version1.3 provides Project Management Institute, 2013.
an integrated set of process guidelines for
[6] D. Gibson, D. Goldenson, and K. Kost,
developing and improving products and
Performance Results of CMMI-Based
services. These guidelines include best practices
Process Improvement, Software
for developing and improving products and
Engineering Institute, 2006; http://
services to meet the needs of customers and end
resources.sei.cmu.edu/library/asset-view.
users.
cfm?assetID=8065.
Figure 9.1. Breakdown of Topics for the Software Engineering Models and Methods KA
engineer, and communicate aspects of the [1*, c2s2, c5s1, c5s2] [2*, c2s2] [3*, c5s0]
software to appropriate stakeholders.
Stakeholders are those persons or parties who Modeling provides the software engineer with
have a stated or implied interest in the software an organized and systematic approach for
(for example, user, buyer, supplier, architect, representing significant aspects of the software
certifying authority, evaluator, developer, under study, facilitating decision-making about
software engineer, and perhaps others). the software or elements of it, and
While there are many modeling languages, communicating those significant decisions to
notations, techniques, and tools in the literature others in the stakeholder communities. There
and in practice, there are unifying general are three general principles guiding such
concepts that apply in some form to them all. modeling activities:
The following sections provide background on
these general concepts. Model the Essentials: good models do not
usually represent every aspect or feature of
1.1. ModelingPrinciples the software under every possible condition.
6-3 SWEBOK Guide V3.0
refers. These uncertainties or unanswered being relative to the modeling effort) may be a
questions regarding the requirements, design, union of multiple submodels and any special
and/or implementation can then be handled function models. Examination and decision-
appropriately. making relative to a single model within this
The primary expression element of a model is collection of submodels may be problematic.
an entity. An entity may represent concrete Understanding the precise meanings of
artifacts (for example, processors, sensors, or modeling constructs can also be difficult.
robots) or abstract artifacts (for example, Modeling languages are defined by syntactic
software modules or communication protocols). and semantic rules. For textual languages,
Model entities are connected to other entities syntax is defined using a notation grammar that
using relations (in other words, lines or textual defines valid language constructs (for example,
operators on target entities). Expression of Backus-Naur Form (BNF)). For graphical
model entities may be accomplished using languages, syntax is defined using graphical
textual or graphical modeling languages; both models called metamodels. As with BNF,
modeling language types connect model entities metamodels define the valid syntactical
through specific language constructs. The constructs of a graphical modeling language; the
meaning of an entity may be represented by its metamodel defines how these constructs can be
shape, textual attributes, or both. Generally, composed to produce valid models.
textual information adheres to language-specific Semantics for modeling languages specify the
syntactic structure. The precise meanings related meaning attached to the entities and relations
to the modeling of context, structure, or captured within the model. For example, a
behavior using these entities and relations is simple diagram of two boxes connected by a
dependent on the modeling language used, the line is open to a variety of interpretations.
design rigor applied to the modeling effort, the Knowing that the diagram on which the boxes
specific view being constructed, and the entity are placed and connected is an object diagram or
to which the specific notation element may be an activity diagram can assist in the
attached. Multiple views of the model may be interpretation of this model.
required to capture the needed semantics of the As a practical matter, there is usually a good
software. understanding of the semantics of a specific
When using models supported with software model due to the modeling language
automation, models may be checked for selected, how that modeling language is used to
completeness and consistency. The usefulness of express entities and relations within that model,
these checks depends greatly on the level of the experience base of the modeler(s), and the
semantic and syntactic rigor applied to the context within which the modeling has been
modeling effort in addition to explicit tool undertaken and so represented. Meaning is
support. Correctness is typically checked communicated through the model even in the
through simulation and/or review. presence of incomplete information through
abstraction; pragmatics explains how meaning is
1.3. Syntax,Semantics,andPragmatics embodied in the model and its context and
[2* c2s2.2.2p6] [3*, c5s0] communicated effectively to other software
engineers.
Models can be surprisingly deceptive. The fact There are still instances, however, where
that a model is an abstraction with missing caution is needed regarding modeling and
information can lead one into a false sense of semantics. For example, any model parts
completely understanding the software from a imported from another model or library must be
single model. A complete model (complete examined for semantic assumptions that conflict
6-5 SWEBOK Guide V3.0
in the new modeling environment; this may not other words, do not change) before and after
be obvious. The model should be checked for execution of the function or method. These
documented assumptions. While modeling invariants are relevant and necessary to the
syntax may be identical, the model may mean software and the correct operation of the
something quite different in the new function or method.
environment, which is a different context. Also,
consider that as software matures and changes 2. Types of Models
are made, semantic discord can be introduced,
leading to errors. With many software engineers A typical model consists of an aggregation of
working on a model part over time coupled with submodels. Each submodel is a partial
tool updates and perhaps new requirements, description and is created for a specific purpose;
there are opportunities for portions of the model it may be comprised of one or more diagrams.
to represent something different from the The collection of submodels may employ
original authors intent and initial model multiple modeling languages or a single
context. modeling language. The Unified Modeling
Language (UML) recognizes a rich collection of
1.4. Preconditions,Postconditions,and modeling diagrams. Use of these diagrams,
Invariants along with the modeling language constructs,
[2*, c4s4] [4*, c10s4p2, c10s5p2p4] brings about three broad model types commonly
used: information models, behavioral models,
When modeling functions or methods, the and structure models (see section 1.1).
software engineer typically starts with a set of
assumptions about the state of the software prior 2.1. InformationModeling
to, during, and after the function or method [1*, c7s2.2] [3*, c8s1]
executes. These assumptions are essential to the
correct operation of the function or method and Information models provide a central focus on
are grouped, for discussion, as a set of data and information. An information model is
preconditions, postconditions, and invariants. an abstract representation that identifies and
defines a set of concepts, properties, relations,
Preconditions: a set of conditions that must and constraints on data entities. The semantic or
be satisfied prior to execution of the conceptual information model is often used to
function or method. If these preconditions provide some formalism and context to the
do not hold prior to execution of the software being modeled as viewed from the
function or method, the function or method problem perspective, without concern for how
may produce erroneous results. this model is actually mapped to the
Postconditions: a set of conditions that is implementation of the software. The semantic or
guaranteed to be true after the function or conceptual information model is an abstraction
method has executed successfully. and, as such, includes only the concepts,
Typically, the postconditions represent how properties, relations, and constraints needed to
the state of the software has changed, how conceptualize the real-world view of the
parameters passed to the function or method information. Subsequent transformations of the
have changed, how data values have semantic or conceptual information model lead
changed, or how the return value has been to the elaboration of logical and then physical
affected. data models as implemented in the software.
Invariants: a set of conditions within the
operational environment that persist (in 2.2. BehavioralModeling
Software Configuration Management 6-6
[1*, c7s2.1, c7s2.3, c7s2.4] [2*, c9s2] correct enough to serve their intended purpose
[3*, c5s4] for the stakeholders.
The sections that follow briefly describe the
Behavioral models identify and define the analysis techniques generally used with
functions of the software being modeled. software models to ensure that the software
Behavioral models generally take three basic engineer and other relevant stakeholders gain
forms: state machines, control-flow models, and appropriate value from the development and use
dataflow models. State machines provide a of models.
model of the software as a collection of defined
states, events, and transitions. The software 3.1. AnalyzingforCompleteness
transitions from one state to the next by way of [3*, c4s1.1p7, c4s6] [5*, p811]
a guarded or unguarded triggering event that
occurs in the modeled environment. Control- In order to have software that fully meets the
flow models depict how a sequence of events needs of the stakeholders, completeness is
causes processes to be activated or deactivated. criticalfrom the requirements elicitation
Data-flow behavior is typified as a sequence of process to code implementation. Completeness
steps where data moves through processes is the degree to which all of the specified
toward data stores or data sinks. requirements have been implemented and
2.3. StructureModeling verified. Models may be checked for
[1*, c7s2.5, c7s3.1, c7s3.2] [3*, c5s3] [4*, c4] completeness by a modeling tool that uses
techniques such as structural analysis and state-
Structure models illustrate the physical or space reachability analysis (which ensure that
logical composition of software from its various all paths in the state models are reached by
component parts. Structure modeling establishes some set of correct inputs); models may also be
the defined boundary between the software checked for completeness manually by using
being implemented or modeled and the inspections or other review techniques (see the
environment in which it is to operate. Some Software Quality KA). Errors and warnings
common structural constructs used in structure generated by these analysis tools and found by
modeling are composition, decomposition, inspection or review indicate probable needed
generalization, and specialization of entities; corrective actions to ensure completeness of the
identification of relevant relations and models.
cardinality between entities; and the definition
of process or functional interfaces. Structure 3.2. AnalyzingforConsistency
diagrams provided by the UML for structure [3*, c4s1.1p7, c4s6] [5*, p811]
modeling include class, component, object,
deployment, and packaging diagrams. Consistency is the degree to which models
contain no conflicting requirements, assertions,
3.Analysis of Models constraints, functions, or component
descriptions. Typically, consistency checking is
The development of models affords the software accomplished with the modeling tool using an
engineer an opportunity to study, reason about, automated analysis function; models may also
and understand the structure, function, be checked for consistency manually using
operational usage, and assembly considerations inspections or other review techniques (see the
associated with software. Analysis of Software Quality KA). As with completeness,
constructed models is needed to ensure that errors and warnings generated by these analysis
these models are complete, consistent, and
6-7 SWEBOK Guide V3.0
tools and found by inspection or review indicate improves the management of software work
the need for corrective action. products and software process quality; it also
provides assurances to stakeholders that all
3.3. AnalyzingforCorrectness requirements have been satisfied. Traceability
[5*, p811] enables change analysis once the software is
developed and released, since relationships to
Correctness is the degree to which a model software work products can easily be traversed
satisfies its software requirements and software to assess change impact. Modeling tools
design specifications, is free of defects, and typically provide some automated or manual
ultimately meets the stakeholders needs. means to specify and manage traceability links
Analyzing for correctness includes verifying between requirements, design, code, and/or test
syntactic correctness of the model (that is, entities as may be represented in the models and
correct use of the modeling language grammar other software work products. (For more
and constructs) and verifying semantic information on traceability, see the Software
correctness of the model (that is, use of the Configuration Management KA).
modeling language constructs to correctly
represent the meaning of that which is being 3.5. InteractionAnalysis
modeled). To analyze a model for syntactic and [2*, c10, c11] [3*, c29s1.1, c29s5] [4*, c5]
semantic correctness, one analyzes iteither
automatically (for example, using the modeling Interaction analysis focuses on the
tool to check for model syntactic correctness) or communications or control flow relations
manually (using inspections or other review between entities used to accomplish a specific
techniques)searching for possible defects and task or function within the software model. This
then removing or repairing the confirmed analysis examines the dynamic behavior of the
defects before the software is released for use. interactions between different portions of the
software model, including other software layers
3.4. Traceability (such as the operating system, middleware, and
[3*, c4s7.1, c4s7.2] applications). It may also be important for some
software applications to examine interactions
Developing software typically involves the use, between the computer software application and
creation, and modification of many work the user interface software. Some software
products such as planning documents, process modeling environments provide simulation
specifications, software requirements, diagrams, facilities to study aspects of the dynamic
designs and pseudo-code, handwritten and tool- behavior of modeled software. Stepping through
generated code, manual and automated test the simulation provides an analysis option for
cases and reports, and files and data. These the software engineer to review the interaction
work products may be related through various design and verify that the different parts of the
dependency relationships (for example, uses, software work together to provide the intended
implements, and tests). As software is being functions.
developed, managed, maintained, or extended, 4.Software Engineering Methods
there is a need to map and control these
traceability relationships to demonstrate Software engineering methods provide an
software requirements consistency with the organized and systematic approach to
software model (see Requirements Tracing in developing software for a target computer.
the Software Requirements KA) and the many There are numerous methods from which to
work products. Use of traceability typically choose, and it is important for the software
Software Configuration Management 6-8
language) used during the software developing the proof that those
specification, requirements analysis, and/ or preconditions and postconditions must hold
design stages to describe specific input/ under all inputs. This provides a way for the
output behavior. Specification languages are software engineer to predict software
not directly executable languages; they are behavior without having to execute the
typically comprised of a notation and software. Some Integrated Development
syntax, semantics for use of the notation, Environments (IDEs) include ways to
and a set of allowed relations for objects. represent these proofs along with the design
Program Refinement and Derivation: or code.
Program refinement is the process of 4.3. PrototypingMethods
creating a lower level (or more detailed) [1*, c12s2] [3*, c2s3.1] [6*, c7s3p5]
specification using a series of
transformations. It is through successive Software prototyping is an activity that
transformations that the software engineer generally creates incomplete or minimally
derives an executable representation of a functional versions of a software application,
program. Specifications may be refined, usually for trying out specific new features,
adding details until the model can be soliciting feedback on software requirements or
formulated in a 3GL programming language user interfaces, further exploring software
or in an executable portion of the chosen requirements, software design, or
specification language. This specification implementation options, and/or gaining some
refinement is made possible by defining other useful insight into the software. The
specifications with precise semantic software engineer selects a prototyping method
properties; the specifications must set out to understand the least understood aspects or
not only the relationships between entities components of the software first; this approach
but also the exact runtime meanings of is in contrast with other software engineering
those relationships and operations. methods that usually begin development with
Formal Verification: Model checking is a the most understood portions first. Typically, the
formal verification method; it typically prototyped product does not become the final
involves performing a state-space software product without extensive
exploration or reachability analysis to development rework or refactoring.
demonstrate that the represented software This section discusses prototyping styles,
design has or preserves certain model targets, and evaluation techniques in brief.
properties of interest. An example of model
checking is an analysis that verifies correct PrototypingStyle: This addresses the
program behavior under all possible various approaches to developing
interleaving of event or message arrivals. prototypes. Prototypes can be developed as
The use of formal verification requires a throwaway code or paper products, as an
rigorously specified model of the software
evolution of a working design, or as an
and its operational environment; this model
executable specification. Different
often takes the form of a finite state
prototyping life cycle processes are
machine or other formally defined
typically used for each style. The style
automaton.
chosen is based on the type of results the
Logical Inference: Logical inference is a
project needs, the quality of the results
method of designing software that involves
needed, and the urgency of the results.
specifying preconditions and postconditions
Prototyping Target: The target of the
around each significant block of the design,
prototype activity is the specific product
andusing mathematical logic
Software Configuration Management 6-10
being served by the prototyping effort. purpose database development tools used by
Examples of prototyping targets include a software engineers to quickly develop, test,
requirements specification, an architectural and deploy new or modified business
design element or component, an algorithm, applications.
or a humanmachine user interface. XP: This approach uses stories or scenarios
PrototypingEvaluationTechniques: A for requirements, develops tests first, has
prototype may be used or evaluated in a direct customer involvement on the team
number of ways by the software engineer or (typically defining acceptance tests), uses
other project stakeholders, driven primarily pair programming, and provides for
by the underlying reasons that led to continuous code refactoring and integration.
prototype development in the first place. Stories are decomposed into tasks,
Prototypes may be evaluated or tested prioritized, estimated, developed, and
against the actual implemented software or tested. Each increment of software is tested
against with automated and manual tests; an
a target set of requirements (for example, a increment may be released frequently, such
requirements prototype); the prototype may as every couple of weeks or so.
also serve as a model for a future software Scrum: This agile approach is more project
development effort (for example, as in a management-friendly than the others. The
user interface specification). scrum master manages the activities within
the project increment; each increment is
4.4. AgileMethods called a sprint and lasts no more than 30
[3*, c3] [6*, c7s3p7] [7*, c6, App. A] days. A Product Backlog Item (PBI) list is
developed from which tasks are identified,
Agile methods were born in the 1990s from the defined, prioritized, and estimated. A
need to reduce the apparent large overhead working version of the software is tested
associated with heavyweight, plan-based and released in each increment. Daily scrum
methods used in large-scale software- meetings ensure work is managed to plan.
development projects. Agile methods are FDD: This is a model-driven, short,
considered lightweight methods in that they are iterative software development approach
characterized by short, iterative development using a five-phase process: (1) develop a
cycles, self-organizing teams, simpler designs, product model to scope the breadth of the
code refactoring, test-driven development, domain, (2) create the list of needs or
frequent customer involvement, and an features, (3) build the feature development
emphasis on creating a demonstrable working plan, (4) develop designs for iteration-
product with each development cycle. specific features, and (5) code, test, and then
Many agile methods are available in the integrate the features. FDD is similar to an
literature; some of the more popular approaches, incremental software development
which are discussed here in brief, include Rapid approach; it is also similar to XP, except
Application Development (RAD), eXtreme that code ownership is assigned to
Programming (XP), Scrum, and Feature-Driven individuals rather than the team. FDD
Development (FDD). emphasizes an overall architectural
approach to the software, which promotes
RAD: Rapid software development methods building the feature correctly the first time
are used primarily in data-intensive, rather than emphasizing continual
businesssystems application development. refactoring.
The RAD method is enabled with special-
6-11 SWEBOK Guide V3.0
There are many more variations of agile heavyweight and lightweight methods based
methods in the literature and in practice. Note primarily on prevailing organizational business
that there will always be a place for needs. These business needs, as typically
heavyweight, plan-based software engineering represented by some of the project stakeholders,
methods as well as places where agile methods should and do drive the choice in using one
shine. There are new methods arising from software engineering method over another or in
combinations of agile and plan-based methods constructing a new method from the best
where practitioners are defining new methods features of a combination of software
that balance the features needed in both engineering methods.
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Budgen[1*]
2003 Wing 1990
[5*]
Page-Jones
Sommerville 2011 1999
Brookshear 2008
[3*] [4*] [6*]
Mellor and Balcer 2002 Boehm and Tur
[2*] [7
1. Modeling
c2s2,
1.1. Modeling
c5s1, c2s2 c5s0
Principles
c5s2
1.2. Properties c4s1.1p7,
c5s2,
and Expression of c4s6p3,
c5s3
Models c5s0p3
1.3. Syntax,
c2s2.2.2
Semantics, and c5s0
p6
Pragmatics
1.4. Preconditions, c10s4p2,
Postconditions, and c4s4 c10s5
Invariants p2p4
2. Types of Models
2.1. Information
c7s2.2 c8s1
Modeling
Software Configuration Management 6-12
c7s2.1,
2.2. Behavioral
c7s2.3, c9s2 c5s4
Modeling
c7s2.4
c7s2.5,
2.3. Structure
c7s3.1, c5s3 c4
Modeling
c7s3.2
3. Analysis of Models
3.1. Analyzing for c4s1.1p7,
pp811
Completeness c4s6
3.2. Analyzing for c4s1.1p7,
pp811
Consistency c4s6
3.3. Analyzing for
pp811
Correctness
c4s7.1,
3.4. Traceability
c4s7.2
3.5. Interaction c29s1.1,
c10, c11 c5
Analysis c29s5
Budgen[1*]
2003 Wing 1990
[5*]
Page-Jones
Sommerville 2011 1999
Brookshear 2008
[3*] [4*] [6*]
Mellor and Balcer 2002 Boehm and Tur
[2*] [7
4. Software
Engineering
Methods
c2s2.2,
4.1. Heuristic c13, c15,
c7s1,
Methods c16
c5s4.1
4.2. Formal Methods c18 c27 pp824
4.3. Prototyping
c12s2 c2s3.1 c7s3p5
Methods
6-13 SWEBOK Guide V3.0
c6, app.
4.4. Agile Methods c3 c7s3p7
A
REFERENCES [4*] M. Page-Jones, Fundamentalsof
[1*] D. Budgen, SoftwareDesign, 2nd ed., ObjectOrientedDesigninUML, 1st ed.,
Addison-Wesley, 2003. AddisonWesley, 1999.
[2*] S.J. Mellor and M.J. Balcer, Executable [5*] J.M. Wing, A Specifiers Introduction to
UML:AFoundationforModel-Driven Formal Methods, Computer, vol. 23, no. 9,
Architecture, 1st ed., Addison-Wesley, 1990, pp. 8, 1023.
2002.
[6*] J.G. Brookshear, ComputerScience:An
[3*] I. Sommerville, SoftwareEngineering, 9th Overview, 10th ed., Addison-Wesley, 2008.
ed., Addison-Wesley, 2011.
[7*] B. Boehm and R. Turner, Balancing
AgilityandDiscipline:AGuideforthe
Perplexed, Addison-Wesley, 2003.
definitions embrace the premise of conformance many other characteristics. This KA attempts
to requirements. Neither refers to types of clarity by using softwarequality in the broadest
requirements (e.g., functional, reliability, sense from the definitions above and by using
performance, dependability, or any other softwarequalityrequirements as constraints on
characteristic). Significantly, however, these functional requirements. Software quality is
definitions emphasize that quality is dependent achieved by conformance to all requirements
upon requirements. regardless of what characteristic is specified or
These definitions also illustrate another how requirements are grouped or named.
reason for the prevalence of software quality Software quality is also considered in many of
throughout this Guide: a frequent ambiguity of the SWEBOK KAs because it is a basic
softwarequality versus software quality parameter of a software engineering effort. For
requirements (the-ilities is a common all engineered products, the primary goal is
shorthand). Software quality requirements are delivering maximum stakeholder value, while
actually attributes of (or constraints on) balancing the constraints of development cost
functional requirements (what the system does). and schedule; this is sometimes characterized as
Software requirements may also specify fitness for
resource usage, a communication protocol, or
10-1
This KA addresses definitions and provides Ethics also play a significant role in software
an overview of practices, tools, and techniques quality, the culture, and the attitudes of software
for defining software quality and for appraising engineers. The IEEE Computer Society and the
the state of software quality during ACM have developed a code of ethics and
development, maintenance, and deployment. professional practice (see Codes of Ethics and
Cited references provide additional details. Professional Conduct in the Software
Engineering Professional Practice KA).
BREAKDOWN OF TOPICS FOR
SOFTWARE QUALITY 1.2. ValueandCostsofQuality
[7*, c17, c22]
The breakdown of topics for the Software
Quality KA is presented in Figure 10.1. Defining and then achieving software quality is
not simple. Quality characteristics may or may
1. Software Quality Fundamentals not be required, or they may be required to a
greater or lesser degree, and tradeoffs may be
Reaching agreement on what constitutes quality made among them. To help determine the level
for all stakeholders and clearly communicating of software quality, i.e., achieving stakeholder
that agreement to software engineers require value, this section presents cost of software
that the many aspects of quality be formally quality (CoSQ): a set of measurements derived
defined and discussed. from the economic assessment of software
A software engineer should understand quality development and maintenance
quality concepts, characteristics, values, and processes. The CoSQ measurements are
their application to the software under examples of process measurements that may be
development or maintenance. The important used to infer characteristics of a product.
concept is that the software requirements define The premise underlying the CoSQ is that the
the required quality attributes of the software. level of quality in a software product can be
Software requirements influence the inferred from the cost of activities related to
measurement methods and acceptance criteria dealing with the consequences of poor quality.
for assessing the degree to which the software Poor quality means that the software product
and related documentation achieve the desired does not fully satisfy stated and implied needs
quality levels. or established requirements. There are four
cost of quality categories: prevention, appraisal,
1.1. SoftwareEngineeringCultureandEthics internal failure, and external failure.
[3*, c1s4] [6*, c2s3.5] Prevention costs include investments in
software process improvement efforts, quality
Software engineers are expected to share a infrastructure, quality tools, training, audits, and
commitment to software quality as part of their management reviews. These costs are usually
culture. A healthy software engineering culture not specific to a project; they span the
includes many characteristics, including the organization. Appraisal costs arise from project
understanding that tradeoffs among cost, activities that find defects. These appraisal
schedule, and quality are a basic tenant of the activities can be categorized into costs of
engineering of any product. A strong software reviews (design, peer) and costs of testing
engineering ethic assumes that engineers (software unit testing, software integration,
accurately report information, conditions, and system level testing, acceptance testing);
outcomes related to quality. appraisal costs would be extended to
subcontracted software suppliers. Costs of
Software Configuration Management 6-4
internal failures are those that are incurred to fix It is not possible to completely distinguish
defects found during appraisal activities and process quality from product quality because
discovered prior to delivery of the software process outcomes include products.
product to the customer. External failure costs Determining whether a process has the
include activities to respond to software capability to consistently produce products of
problems discovered after delivery to the desired quality is not simple.
customer. The software engineering process, discussed
Software engineers should be able to use in the Software Engineering Process KA,
CoSQ methods to ascertain levels of software influences the quality characteristics of software
quality and should also be able to present products, which in turn affect quality as
quality alternatives and their costs so that perceived by stakeholders.
tradeoffs between cost, schedule, and delivery 1.3.2. SoftwareProductQuality
of stakeholder value can be made.
The software engineer, first of all, must
1.3. ModelsandQualityCharacteristics determine the real purpose of the software. In
[3*, c24s1] [7*, c2s4] [8*, c17] this regard, stakeholder requirements are
paramount, and they include quality
Terminology for software quality characteristics requirements in addition to functional
differs from one taxonomy (or model of requirements. Thus, software engineers have a
software quality) to another, each model responsibility to elicit quality requirements that
perhaps having a different number of may not be explicit at the outset and to
hierarchical levels and a different total number understand their importance as well as the level
of characteristics. Various authors have of difficulty in attaining them. All software
produced models of software quality development processes (e.g., eliciting
characteristics or attributes that can be useful requirements, designing, constructing, building,
for discussing, planning, and rating the quality checking, improving quality) are designed with
of software products. ISO/IEC 25010: 2011 [4] these quality requirements in mind and may
defines product quality and quality in use as two carry additional development costs if attributes
related quality models. Appendix B in the such as safety, security, and dependability are
SWEBOK Guide provides a list of applicable important. The additional development costs
standards for each KA. Standards for this KA help ensure that quality obtained can be traded
cover various ways of characterizing software off against the anticipated benefits.
quality. The term work-product means any artifact
that is the outcome of a process used to create
1.3.1. SoftwareProcessQuality the final software product. Examples of a work-
product include a system/subsystem
Software quality management and software specification, a software requirements
engineering process quality have a direct specification for a software component of a
bearing on the quality of the software product. system, a software design description, source
Models and criteria that evaluate the code, software test documentation, or reports.
capabilities of software organizations are While some treatments of quality are described
primarily project organization and management in terms of final software and system
considerations and, as such, are covered in the performance, sound engineering practice
Software Engineering Management and requires that intermediate work-products
Software Engineering Process KAs. relevant to quality be evaluated throughout the
software engineering process.
6-5 SWEBOK Guide V3.0
and a body of evidence and assumptions first three categories, an increasing number of
supporting these arguments [12]. organizations organize SPI into a separate
category that may span across many projects
2. Software Quality Management Processes (see the Software Engineering Process KA).
Software quality processes consist of tasks
Software quality management is the collection and techniques to indicate how software plans
of all processes that ensure that software (e.g., software management, development,
products, services, and life cycle process quality management, or configuration
implementations meet organizational software management plans) are being implemented and
quality objectives and achieve stakeholder how well the intermediate and final products are
satisfaction [13, 14]. SQM defines processes, meeting their specified requirements. Results
process owners, requirements for the processes, from these tasks are assembled in reports for
measurements of the processes and their management before corrective action is taken.
outputs, and feedback channels throughout the The management of an SQM process is tasked
whole software life cycle. with ensuring that the results of these reports are
SQM comprises four subcategories: software accurate.
quality planning, software quality assurance Risk management can also play an important
(SQA), software quality control (SQC), and role in delivering quality software.
software process improvement (SPI). Software Incorporating disciplined risk analysis and
quality planning includes determining which management techniques into the software life
quality standards are to be used, defining cycle processes can help improve product
specific quality goals, and estimating the effort quality (see the Software Engineering
and schedule of software quality activities. In Management KA for related material on risk
some cases, software quality planning also management).
includes defining the software quality processes
to be used. SQA activities define and assess the 2.1. SoftwareQualityAssurance
adequacy of software processes to provide [7*, c4c6, c11, c12, c2627]
evidence that establishes confidence that the
software processes are appropriate for and To quell a widespread misunderstanding,
produce software products of suitable quality for software quality assurance is not testing.
their intended purposes [5]. SQC activities software quality assurance (SQA) is a set of
examine specific project artifacts (documents activities that define and assess the adequacy of
and executables) to determine whether they software processes to provide evidence that
comply with standards established for the establishes confidence that the software
project (including requirements, constraints, processes are appropriate and produce software
designs, contracts, and plans). SQC evaluates products of suitable quality for their intended
intermediate products as well as the final purposes. A key attribute of SQA is the
products. objectivity of the SQA function with respect to
The fourth SQM category dealing with the project. The SQA function may also be
improvement has various names within the organizationally independent of the project; that
software industry, including SPI, software is, free from technical, managerial, and financial
quality improvement, and software corrective pressures from the project [5]. SQA has two
and preventive action. The activities in this aspects: product assurance and process
category seek to improve process effectiveness, assurance, which are explained in section 2.3.
efficiency, and other characteristics with the The software quality plan (in some industry
ultimate goal of improving software quality. sectors it is termed the software quality
Although SPI could be included in any of the assurance plan) defines the activities and tasks
6-7 SWEBOK Guide V3.0
employed to ensure that software developed for demonstrates whether the requirements
a specific product satisfies the projects are correct, complete, accurate,
established requirements and user needs within consistent, and testable. The V&V
project cost and schedule constraints and is processes determine whether the
commensurate with project risks. The SQAP development products of a given activity
first ensures that quality targets are clearly conform to the requirements of that
defined and understood. activity and whether the product satisfies
The SQA plans quality activities and tasks its intended use and user needs.
are specified with their costs, resource
requirements, objectives, and schedule in Verification is an attempt to ensure that the
relation to related objectives in the software product is built correctly, in the sense that the
engineering management, software output products of an activity meet the
development, and software maintenance plans. specifications imposed on them in previous
The SQA plan should be consistent with the activities. Validation is an attempt to ensure that
software configuration management plan (see the right product is builtthat is, the product
the Software Configuration Management KA). fulfills its specific intended purpose. Both the
The SQA plan identifies documents, standards, verification process and the validation process
practices, and conventions governing the project begin early in the development or maintenance
and how these items are checked and monitored phase. They provide an examination of key
to ensure adequacy and compliance. The SQA product features in relation to both the products
plan also identifies measures; statistical immediate predecessor and the specifications to
techniques; procedures for problem reporting be met.
and corrective action; resources such as tools, The purpose of planning V&V is to ensure
techniques, and methodologies; security for that each resource, role, and responsibility is
physical media; training; and SQA reporting and
clearly assigned. The resulting V&V plan
documentation. Moreover, the SQA plan
documents describe the various resources and
addresses the software quality assurance
their roles and activities, as well as the
activities of any other type of activity described
techniques and tools to be used. An
in the software planssuch as procurement of
understanding of the different purposes of each
supplier software for the project, commercial
V&V activity helps in the careful planning of
off-the-shelf software (COTS) installation, and
the techniques and resources needed to fulfill
service after delivery of the software. It can also
their purposes. The plan also addresses the
contain acceptance criteria as well as reporting
management, communication, policies, and
and management activities that are critical to
software quality. procedures of the V&V activities and their
interaction, as well as defect reporting and
2.2. Verification&Validation documentation requirements.
[9*, c2s2.3, c8, c15s1.1,
2.3. ReviewsandAudits
c21s3.3] As stated in [15], [9*, c24s3] [16*]
The purpose of V&V is to help the Reviews and audit processes are broadly defined
development organization build quality as staticmeaning that no software programs or
into the system during the life cycle. models are executedexamination of software
V&V processes provide an objective engineering artifacts with respect to standards
assessment of products and processes that have been established by the organization
throughout the life cycle. This assessment or project for those artifacts. Different types of
Software Configuration Management 6-8
reviews and audits are distinguished by their about corrective actions, changes in the
purpose, levels of independence, tools and allocation of resources, or changes to the
techniques, roles, and by the subject of the scope of the project.
activity. Product assurance and process
assurance audits are typically conducted by Inputs to management reviews may include
software quality assurance (SQA) personnel audit reports, progress reports, V&V reports,
who are independent of development teams. and plans of many types, including risk
Management reviews are conducted by management, project management, software
organizational or project management. The configuration management, software safety, and
engineering staff conducts technical reviews. risk assessment, among others. (Refer to the
Software Engineering Management and the
Management reviews evaluate actual project Software Configuration Management KAs for
results with respect to plans. related material.)
Technical reviews (including inspections, 2.3.2. TechnicalReviews
walkthrough, and desk checking) examine
engineering work-products. As stated in [16*],
Process assurance audits. SQA process
assurance activities make certain that the The purpose of a technical review is to
processes used to develop, install, operate, evaluate a software product by a team of
and maintain software conform to contracts, qualified personnel to determine its
comply with any imposed laws, rules, and suitability for its intended use and
identify discrepancies from specifications
regulations and are adequate, efficient and
and standards. It provides management
effective for their intended purpose [5].
with evidence to confirm the technical
Product assurance audits. SQA product
status of the project.
assurance activities make certain to provide
evidence that software products and related
Although any work-product can be reviewed,
documentation are identified in and comply
technical reviews are performed on the main
with contracts; and ensure that
software engineering work-products of software
nonconformances are identified and
requirements and software design.
addressed [5].
Purpose, roles, activities, and most
importantly the level of formality distinguish
2.3.1. ManagementReviews
different types of technical reviews. Inspections
As stated in [16*], are the most formal, walkthroughs less, and pair
reviews or desk checks are the least formal.
The purpose of a management review is Examples of specific roles include a decision
to monitor progress, determine the status maker (i.e., software lead), a review leader, a
of plans and schedules, and evaluate the recorder, and checkers (technical staff members
effectiveness of management processes, who examine the work-products). Reviews are
tools and techniques. Management also distinguished by whether meetings (face to
reviews compare actual project results face or electronic) are included in the process.
against plans to determine the status of In some review methods checkers solitarily
projects or maintenance efforts. The main examine work-products and send their results
parameters of management reviews are back to a coordinator. In other methods checkers
project cost, schedule, scope, and quality. work cooperatively in meetings. A technical
Management reviews evaluate decisions review may require that mandatory inputs be in
place in order to proceed:
6-9 SWEBOK Guide V3.0
dependability (hardware, software, and human Verification, validation, and testing processes,
or operational) is the main quality requirement techniques, methods, and tools identify faults
over and above basic functionality. This is the that impact dependability as early as possible in
case for the following reasons: system failures the life cycle. Additionally, mechanisms may
affect a large number of people; users often need to be in place in the software to guard
reject systems that are unreliable, unsafe, or against external attacks and to tolerate faults.
insecure; system failure costs may be enormous;
and undependable systems may cause 3.1.3. IntegrityLevelsofSoftware
information loss. System and software
dependability include such characteristics as Defining integrity levels is a method of risk
availability, reliability, safety, and security. management.
When developing dependable software, tools
and techniques can be applied to reduce the risk Software integrity levels are a range of
of injecting faults into the intermediate values that represent software
deliverables or the final software product. complexity, criticality, risk, safety level,
security level,
Software Quality 10-12
desired performance, reliability, or other alone, without some classification, may not be
project-unique characteristics that define the sufficient to identify the underlying causes of the
importance of the software to the user and defects.
acquirer. The characteristics used to Specific types of problems need to be grouped to
determine software integrity level vary identify trends over time. The point is to establish a
depending on the intended application and defect taxonomy that is meaningful to the
use of the system. The software is a part of organization and to software engineers.
the system, and its integrity level is to be Software quality control activities discover
determined as a part of that system. information at all stages of software development
and maintenance. In some cases, the word defect is
The assigned software integrity levels may overloaded to refer to different types of anomalies.
change as the software evolves. Design, coding, However, different engineering cultures and
procedural, and technology features implemented standards may use somewhat different meanings for
in the system or software can raise or lower the these terms. The variety of terms prompts this
assigned software integrity levels. The software section to provide a widely used set of definitions
integrity levels established for a project result from [19]:
agreements among the acquirer, supplier, developer,
and independent assurance authorities. A software Computational Error: the difference between
integrity level scheme is a tool used in determining a computed, observed, or measured value or
software integrity levels. [5] condition and the true, specified, or
As noted in [17*], the integrity levels can be theoretically correct value or condition.
applied during development to allocate additional Error: A human action that produces an
verification and validation efforts to high-integrity incorrect result. A slip or mistake that a person
components. makes. Also called human error.
Defect: An imperfection or deficiency in a
3.2. DefectCharacterization work product where that work product does not
[3*, c3s3, c8s8, c10s2] meet its requirements or specifications and
needs to be either repaired or replaced. A
Software quality evaluation (i.e., software quality defect is caused by a person committing an
control) techniques find defects, faults and failures. error.
Characterizing these techniques leads to an Fault: A defect in source code. An incorrect
understanding of the product, facilitates corrections step, process, or data definition in computer
to the process or the product, and informs program. The encoding of a human error in
management and other stakeholders of the status of source code. Fault is the formal name of a bug.
the process or product. Many taxonomies exist and, Failure: An event in which a system or system
while attempts have been made to gain consensus, component does not perform a required
the literature indicates that there are quite a few in function within specified limits. A failure is
use. Defect characterization is also used in audits produced when a fault is encountered by the
and reviews, with the review leader often processor under specified conditions.
presenting a list of issues provided by team
members for consideration at a review meeting. Using these definitions three widely used
As new design methods and languages evolve, software quality measurements are defect density
along with advances in overall software (number of defects per unit size of documents),
technologies, new classes of defects appear, and a fault density (number of faults per 1K lines of
great deal of effort is required to interpret code), and failure intensity (failures per use-hour or
previously defined classes. When tracking defects, per test-hour). Reliability models are built from
the software engineer is interested in not only the failure data collected during software testing or
number of defects but also the types. Information from software in service and thus can be used to
10-13 SWEBOK Guide V3.0
estimate the probability of future failures and to tools because they do not involve executing the
assist in decisions on when to stop testing. software code.
One probable action resulting from SQM Other, more formal, types of analytical
findings is to remove the defects from the product techniques are known as formal methods. They are
under examination (e.g., find and fix bugs, create notably used to verify software requirements and
new build). Other activities attempt to eliminate the designs. They have mostly been used in the
causes of the defectsfor example, root cause verification of crucial parts of critical systems, such
analysis (RCA). RCA activities include analyzing as specific security and safety requirements. (See
and summarizing the findings to find root causes also Formal Methods in the Software Engineering
and using measurement techniques to improve the Models and Methods KA.)
product and the process as well as to track the
defects and their removal. Process improvement is 3.3.2. DynamicTechniques
primarily discussed in the Software Engineering
Process KA, with the SQM process being a source Dynamic techniques involve executing the software
of information. code. Different kinds of dynamic techniques are
Data on inadequacies and defects found by performed throughout the development and
software quality control techniques may be lost maintenance of software. Generally, these are
unless they are recorded. For some techniques (e.g., testing techniques, but techniques such as
technical reviews, audits, inspections), recorders simulation and model analysis may be considered
are present to set down such information, along dynamic (see the Software Engineering Models and
with issues and decisions. When automated tools Methods KA). Code reading is considered a static
are used (see topic 4, Software Quality Tools), the technique, but experienced software engineers may
tool output may provide the defect information. execute the code as they read through it. Code
Reports about defects are provided to the reading may utilize dynamic techniques. This
management of the organization. discrepancy in categorizing indicates that people
with different roles and experience in the
3.3. SoftwareQualityManagementTechniques organization may consider and apply these
[7*, c7s3] [8*, c17] [9*, c12s5, c15s1, p417] techniques differently.
[16*] Different groups may perform testing during
software development, including groups
Software quality control techniques can be independent of the development team. The
categorized in many ways, but a straightforward Software Testing KA is devoted entirely to this
approach uses just two categories: static and subject.
dynamic. Dynamic techniques involve executing
the software; static techniques involve analyzing 3.3.3. Testing
documents and source code but not executing the
software. Two types of testing may fall under V&V because
of their responsibility for the quality of the
3.3.1. StaticTechniques materials used in the project:
Static techniques examine software documentation Evaluation and tests of tools to be used on the
(including requirements, interface specifications, project
designs, and models) and software source code Conformance tests (or review of conformance
without executing the code. There are many tools tests) of components and COTS products to be
and techniques for statically examining software used in the product.
work-products (see section 2.3.2). In addition, tools
that analyze source code control flow and search Sometimes an independent (third-party or IV&V)
for dead code are considered to be static analysis organization may be tasked to perform testing or to
Software Quality 10-14
monitor the test process V&V may be called upon descriptive statistics based (e.g., Pareto
to evaluate the testing itself: adequacy of plans, analysis, run charts, scatter plots, normal
processes, and procedures, and adequacy and distribution)
accuracy of results. statistical tests (e.g., the binomial test,
The third party is not the developer, nor is it chisquared test)
associated with the development of the product. trend analysis (e.g., control charts; see The
Instead, the third party is an independent facility, Quality Toolbox in the list of further readings)
usually accredited by some body of authority. Their prediction (e.g., reliability models).
purpose is to test a product for conformance to a
specific set of requirements (see the Software Descriptive statistics-based techniques and tests
Testing KA). often provide a snapshot of the more troublesome
3.4. SoftwareQualityMeasurement areas of the software product under examination.
[3*, c4] [8*, c17] [9*, p90] The resulting charts and graphs are visualization
aids, which the decision makers can use to focus
Software quality measurements are used to support resources and conduct process improvements where
decision-making. With the increasing sophistication they appear to be most needed. Results from trend
of software, questions of quality go beyond analysis may indicate that a schedule is being met,
whether or not the software works to how well it such as in testing, or that certain classes of faults
achieves measurable quality goals. may become more likely to occur unless some
Decisions supported by software quality corrective action is taken in development. The
measurement include determining levels of predictive techniques assist in estimating testing
software quality (notably because models of effort and schedule and in predicting failures. More
software product quality include measures to discussion on measurement in general appears in
determine the degree to which the software product the Software Engineering Process and Software
achieves quality goals); managerial questions about Engineering Management KAs. More specific
effort, cost, and schedule; determining when to stop information on testing measurement is presented in
testing and release a product (see Termination the Software Testing KA.
under section 5.1, Practical Considerations, in the Software quality measurement includes
Software Testing KA); and determining the efficacy measuring defect occurrences and applying
of process improvement efforts. statistical methods to understand the types of
The cost of SQM processes is an issue frequently defects that occur most frequently. This information
raised in deciding how a project or a software may be used by software process improvement for
development and maintenance group should be determining methods to prevent, reduce, or
organized. Often, generic models of cost are used, eliminate their recurrence. They also aid in
which are based on when a defect is found and how understanding trends, how well detection and
much effort it takes to fix the defect relative to containment techniques are working, and how well
finding the defect earlier in the development the development and maintenance processes are
process. Software quality measurement data progressing.
collected internally may give a better picture of From these measurement methods, defect
cost within this project or organization. profiles can be developed for a specific application
While the software quality measurement data domain. Then, for the next software project within
may be useful in itself (e.g., the number of that organization, the profiles can be used to guide
defective requirements or the proportion of the SQM processesthat is, to expend the effort
defective requirements), mathematical and where problems are most likely to occur. Similarly,
graphical techniques can be applied to aid in the benchmarks, or defect counts typical of that
interpretation of the measures (see the Engineering domain, may serve as one aid in determining when
Foundations KA). These techniques include the product is ready for delivery. Discussion on
using data from SQM to improve development and
10-15 SWEBOK Guide V3.0
maintenance processes appears in the Software process. They allow users to enter defects found
Engineering Management and Software during inspections and reviews for later
Engineering Process KAs. removal.
Some tools help organizations perform software
4. Software Quality Tools safety hazard analysis. These tools provide, e.g.,
automated support for failure mode and effects
Software quality tools include static and dynamic analysis (FMEA) and fault tree analysis (FTA).
analysis tools. Static analysis tools input source Tools that support tracking of software problems
code, perform syntactical and semantic analysis provide for entry of anomalies discovered
without executing the code, and present results to during software testing and subsequent analysis,
users. There is a large variety in the depth, disposition, and resolution. Some tools include
thoroughness, and scope of static analysis tools that support for workflow and for tracking the status
can be applied to artifacts including models, in of problem resolution.
addition to source code. (See the Software Tools that analyze data captured from software
Construction, Software Testing, and Software engineering environments and software test
Maintenance KAs for descriptions of dynamic environments and produce visual displays of
analysis quantified data in the form of graphs, charts, and
tools.) tables. These tools sometimes include the
Categories of static analysis tools include the functionality to perform statistical analysis on
following: data sets (for the purpose of discerning trends
and making forecasts). Some of these tools
Tools that facilitate and partially automate reviews provide defect and removal injection rates;
and inspections of documents and code. These defect densities; yields; distribution of defect
tools can route work to different participants in injection and removal for each of the life cycle
order to partially automate and control a review phases.
Software Quality 10-16
Kan 2002
[3*] Galin 2004 2003MooreWiegers
Voland [10*] 2006 [
[17*]
[7*]
Bott et al. 2000
[6*] Sommerville 2011
IEEE Std. 1028-2008
[9*]
Naik and Tripathy 2008 [16*]
[8*]
1. Software
Quality
Fundamentals
1.1. Software
Engineering
c1s4 c2s3.5
Culture and
Ethics
1.2. Value and c17,
Cost of Quality c22
1.3. Models
and Quality c24s1 c2s4 c17
Characteristics
1.4. Software
c11
Quality c1s4 c24
s2.4
Improvement
1.5. Software
c11s3
Safety
2. Software
Quality
Management
Processes
2.1. Software c4c6,
Quality c11,
Assurance c2627
10-17 SWEBOK Guide V3.0
c2
s2.3,
2.2. Verification c8, c15
and Validation s1.1,
c21
s3.3
2.3. Reviews
c24s3 *
and Audits
Kan 2002
[3*] Galin 2004 2003MooreWiegers
Voland [10*] 2006 [
[17*]
[7*]
Bott et al. 2000
[6*] Sommerville 2011
IEEE Std. 1028-2008
[9*]
Naik and Tripathy 2008 [16*]
[8*]
3. Software
Quality Practical
Considerations
c15
s3.2.2,
3.1. Software
c15
Quality c11s1 c12
s3.3.1,
Requirements
c16
s9.10
c3s3,
3.2. Defect
c8s8,
Characterization
c10s2
c12s5,
3.3. SQM
c7s3 c17 c15s1, *
Techniques
p417
3.4. Software
Quality c4 c17 p90
Measurement
Software Quality 10-18
4. Software
Quality Tools
FURTHER READINGS Provides a pragmatic how-to explanation
N. Leveson, Safeware:SystemSafetyand of a comprehensive set of methods, tools,
Computers [20]. and techniques for solving quality
improvement problems. Includes the
This book describes the importance of seven basic quality control tools and many
software safety practices and how these others.
practices can be incorporated into
software development projects. IEEEStd.P730-2013DraftStandardfor
SoftwareQualityAssuranceProcesses
T. Gilb, PrinciplesofSoftware [5].
EngineeringManagement [21].
This draft standard expands the SQA
This is one of the first books on iterative processes identified in IEEE/ISO/IEC
and incremental development techniques. 12207-2008. P730 establishes standards
The Evo Method defines quantified goals, for initiating, planning, controlling, and
frequent timeboxed iterations, executing the software quality assurance
measurements of progress toward goals, processes of a software development or
and adaptation of plans based on actual maintenance project. Approval of this
results. draft standard is expected in 2014.
REFERENCES
T. Gilb and D. Graham, Software [1] P.B. Crosby, QualityIsFree, McGraw-
Inspection [22]. Hill, 1979.
SOFTWARE ENGINEERING
PROFESSIONAL PRACTICE
ACRONYMS knowledge, skills, training, and experience
Association for Computing in professional practice.
ACM The term professional practice refers
Machinery
to a way of conducting services so as to
BCS British Computer Society achieve certain standards or criteria in
Certified Software Development both the process of performing a service
CSDA
Associate and the end product resulting from the
Certified Software Development service. These standards and criteria can
CSDP include both technical and nontechnical
Professional
aspects. The concept of professional
International Electrotechnical
IEC practice can be viewed as being more
Commission
applicable within those professions that
IEEE CS IEEE Computer Society have a generally accepted body of
International. Federation for knowledge; codes of ethics and
IFIP
Information Processing professional conduct with penalties for
IP Intellectual Property violations; accepted processes for
accreditation, certification, and licensing;
International Organization for and professional societies to provide and
ISO
Standardization administer all of these. Admission to these
NDA Non-Disclosure Agreement professional societies is often predicated
World Intellectual Property on a prescribed combination of education
WIPO and experience.
Organization
A software engineer maintains a
WTO World Trade Organization
professional practice by performing all
INTRODUCTION
work in accordance with generally
accepted practices, standards, and
The Software Engineering Professional
guidelines notably set forth by the
Practice knowledge area (KA) is
applicable professional society. For
concerned with the knowledge, skills, and
example, the Association for
attitudes that software engineers must
possess to practice software engineering in Computing Machinery (ACM) and IEEE
Computer Society (IEEE CS) have
a professional, responsible, and ethical
established a Software Engineering Code
manner. Because of the widespread
of Ethics and Professional Practice. Both
applications of software products in social
the British Computer Society (BCS) and
and personal life, the quality of software
the International Federation for
products can have profound impact on our
Information Processing (IFIP) have
personal well-being and societal harmony.
established similar professional practice
Software engineers must handle unique
standards. ISO/IEC and IEEE have further
engineering problems, producing software
provided internationally accepted software
with known characteristics and reliability. engineering standards (see Appendix B of
This requirement calls for software this Guide). IEEE CS has established two
engineers who possess a proper set of international certification programs
10-3 SWEBOK Guide V3.0
Figure 11.1. Breakdown of Topics for the Software Engineering Professional Practice KA
elements that lay the foundation for of the BREAKDOWN OF TOPICS FOR
professional practice of software SOFTWARE ENGINEERING
engineering. PROFESSIONAL PRACTICE
Software Quality 10-4
1.7.1.Standards 1.7.3.Patents
In many countries, an intellectual asset who is harmed to recover their loss even if
such as a formula, algorithm, process, no guarantees were made. Because it is
design, method, pattern, instrument, or difficult to measure the suitability or
compilation of information may be safety of software, failure to take due care
considered a trade secret, provided that can be used to prove negligence on the
these assets are not generally known and part of software engineers. A defense
may provide a business some economic against such an allegation is to show that
advantage. The designation of trade standards and generally accepted practices
secret provides legal protection if the were followed in the development of the
asset is stolen. This protection is not product.
subject to a time limit. However, if
another party derives or discovers the 1.7.7.LegalRequirements
same asset legally, then the asset is no
longer protected and the other party will Software engineers must operate within
also possess all rights to use it. the confines of local, national, and
international legal frameworks. Therefore,
1.7.6.ProfessionalLiability software engineers must be aware of legal
requirements for
It is common for software engineers to be
concerned with matters of professional registration and licensingincluding
liability. As an individual provides examination, education, experience,
services to a client or employer, it is vital and training requirements;
to adhere to standards and generally contractual agreements;
accepted practices, thereby protecting noncontractual legalities, such as those
against allegations or proceedings of or governing liability;
related to malpractice, negligence, or Basic information on the international
incompetence. legal framework can be accessed from
For engineers, including software the World Trade Organization (WTO).
engineers, professional liability is related 1.7.8.TradeCompliance
to product liability. Under the laws and
rules governing in their jurisdiction, All software professionals must be aware
engineers may be held to account for of legal restrictions on import, export, or
failing to fully and conscientiously follow reexport of goods, services, and
recommended practice; this is known as technology in the jurisdictions in which
negligence. They may also be subject to they work. The considerations include
laws governing strict liability and either export controls and classification, transfer
implied or express warranty, where, by of goods, acquisition of necessary
selling the product, the engineer is held to governmental licenses for foreign use of
warrant that the product is both suitable hardware and software, services and
and safe for use. In some countries (for technology by sanctioned nation,
example, in the US), privity (the idea enterprise or individual entities, and
that one could only sue the person selling import restrictions and duties. Trade
the product) is no longer a defense against experts should be consulted for detailed
liability actions. compliance guidance.
Legal suits for liability can be brought
under tort law in the US allowing anyone 1.7.9.Cybercrime
Software Quality 10-10
the customer will acquire ownership of the the solution that most nearly meets those
software source code or the right to goals; this means that the way the goals
modify the code, the software engineer are stated is critically important.
should provide documentation of the Design goals may include minimization
functional specifications, the software of monetary cost and maximization of
design, the test suite, and the necessary reliability, performance, or some other
operating environment for the software. criteria on a wide range of dimensions.
The minimum length of time documents However, it is difficult to formulate a
should be kept is the duration of the tradeoff analysis of cost against risk,
software products life cycle or the time especially where primary production and
required by relevant organizational or secondary risk-based costs must be traded
regulatory requirements. against each other.
A software engineer must conduct a
1.9.TradeoffAnalysis tradeoff analysis in an ethical manner
[3*, c1s2, c10] [9*, c9s5.10] notably by being objective and impartial
when selecting criteria for comparison of
Within the practice of software alternative problem solutions and when
engineering, a software engineer often has assigning weights or importance to these
to choose between alternative problem criteria. Any conflict of interest must be
solutions. The outcome of these choices is disclosed up front.
determined by the software engineers
professional evaluation of the risks, costs, 2.Group Dynamics and Psychology
and benefits of alternatives, in cooperation
with stakeholders. The software engineers Engineering work is very often conducted
evaluation is called tradeoff analysis. in the context of teamwork. A software
Tradeoff analysis notably enables the engineer must be able to interact
identification of competing and cooperatively and constructively with
complementary software requirements in others to first determine and then meet
order to prioritize the final set of both needs and expectations. Knowledge
requirements defining the software to be of group dynamics and psychology is an
constructed (see Requirements asset when interacting with customers,
Negotiation in the Software Requirements coworkers, suppliers, and subordinates to
KA and Determination and Negotiation of solve software engineering problems.
Requirements in the Software Engineering
Management KA). 2.1. DynamicsofWorkingin
In the case of an ongoing software Teams/Groups
development project that is late or over [3*, c1s6] [9*, c1s3.5, c10]
budget, tradeoff analysis is often
conducted to decide which software Software engineers must work with others.
requirements can be relaxed or dropped On one hand, they work internally in
given the effects thereof. engineering teams; on the other hand, they
A first step in a tradeoff analysis is work with customers, members of the
establishing design goals (see Engineering public, regulators, and other stakeholders.
Design in the Engineering Foundations Performing teamsthose that demonstrate
KA) and setting the relative importance of consistent quality of work and progress
those goals. This permits identification of toward goalsare cohesive and possess a
Software Quality 10-12
code, software project plans, software addition, the use of electronic information
requirement documents, risk analyses, stores, accessible to all team members, for
software design documents, software test organizational policies, standards,
plans, user manuals, technical reports and common engineering procedures, and
evaluations, justifications, diagrams and project-specific information, can be most
charts, and so forth. beneficial.
Writing clearly and concisely is very Some software engineering teams focus
important because often it is the primary on face-to-face interaction and promote
method of communication among relevant such interaction by office space
parties. In all cases, written software arrangement. Although private offices
engineering products must be written so improve individual productivity,
that they are accessible, understandable colocating team members in physical or
and relevant for their intended audience(s). virtual forms and providing communal
work areas is important to collaborative
3.3. TeamandGroupCommunication efforts.
[3*, c1s6.8] [4*, c22s3] [5*, c27s1]
[9*, c10s4] 3.4. PresentationSkills
[3*, c1s5] [4*, c22] [9*, c10s7c10s8]
Effective communication among team and
group members is essential to a Software engineers rely on their
collaborative software engineering effort. presentation skills during software life
Stakeholders must be consulted, decisions cycle processes. For example, during the
must be made, and plans must be software requirements phase, software
generated. The greater the number of team engineers may walk customers and
and group members, the greater the need teammates through software requirements
to communicate. and conduct formal requirements reviews
The number of communication paths, (see Requirement Reviews in the Software
however, grows quadratically with the Requirements KA). During and after
addition of each team member. Further, software design, software construction,
team members are unlikely to and software maintenance, software
communicate with anyone perceived to be engineers lead reviews, product
removed from them by more than two walkthroughs (see Review and Audits in
degrees (levels). This problem can be the Software Quality KA), and training.
more serious when software engineering All of these require the ability to present
endeavors or organizations are spread technical information to groups and solicit
across national and continental borders. ideas or feedback.
Some communication can be The software engineers ability to
accomplished in writing. Software convey concepts effectively in a
documentation is a common substitute for presentation therefore influences product
direct interaction. Email is another but, acceptance, management, and customer
although it is useful, it is not always support; it also influences the ability of
enough; also, if one sends too many stakeholders to comprehend and assist in
messages, it becomes difficult to identify the product effort. This knowledge needs
the important information. Increasingly, to be archived in the form of slides,
organizations are using enterprise knowledge writeup, technical whitepapers,
collaboration tools to share information. In
Software Quality 10-16
Voland [3*]
2003 MooreTockey
2006 Fairley
[7*] 2004 [9
[8*] 2
Bott et al. 2000 McConnell 2004
[1*] Sommerville 2011
[5*]
[4*]IEEE-CS/ACM 1999
[6*]
1. Professionalism
1.1. Accreditation, c1s4.1,
Certification, and c1s5.1
Licensing c1s5.4
1.2. Codes of Ethics
c1s6
and Professional c8 c1s2 c33 *
c1s9
Conduct
1.3. Nature and
c1s1
Role of Professional c1s2 c35s1
c1s2
Societies
1.4. Nature and
Role of Software c5s3.2,
c32s6 c1s2
Engineering c10s2.1
Standards
1.5. Economic
c10s8 c1s1.1 c1
Impact of Software
1.6. Employment
c7
Contracts
c5s3
1.7. Legal Issues c6, c11 c1s10
c5s4
1.8. Documentation c10s5.8 c1s5 c32
1.9. Tradeoff c1s2,
c9s5.10
Analysis c10
2. Group Dynamics
and Psychology
10-2 SWEBOK Guide V3.0
2.1. Dynamics of
c1s3.5,
Working in Teams/ c1s6
c10
Groups
2.2. Individual
c1s6.5 c33
Cognition
2.3. 2.3 Dealing with
c3s2 c33
Problem Complexity
2.4. Interacting with
c2s3.1
Stakeholders
Voland [3*]
2003 MooreTockey
2006 Fairley
[7*] 2004 [9
[8*] 2
Bott et al. 2000 McConnell 2004
[1*] Sommerville 2011
[5*]
[4*]IEEE-CS/ACM 1999
[6*]
This was the first major book to address Software Engineering Ethics and
programming as an individual and team Professional Practices, Software
effort and became a classic in the field. Engineering Code of Ethics and
Professional Practice (Version 5.2),
Kinney and Lange, P.A., Intellectual 1999;
PropertyLawforBusinessLawyers www.acm.org/serving/se/code.htm.
[11].
[7*] J.W. Moore, TheRoadMapto
This book covers IP laws in the US. It not Software
only talks about what the IP law is; it also Engineering:AStandards-Based
explains why it looks the way it does. Guide, Wiley-IEEE Computer Society
REFERENCES Press, 2006.
[5*] S. McConnell, CodeComplete, 2nd [11] Kinney and Lange, P.A., Intellectual
ed., Microsoft Press, 2004. PropertyLawforBusinessLawyers,
Thomson West, 2013.
[6*] IEEE CS/ACM Joint Task Force on
ECONOMICS
costs and incomes from the different more fluid. Sometimes the steps can be
solutions. A commercial, off-the-shelf, done in a different order and often several
objectrequest broker product might cost a of the steps can be done in parallel. The
few thousand dollars, but the effort to important thing is to be sure that none of
develop a homegrown service that gives the steps are skipped or curtailed. Its also
the same functionality could easily cost important to understand that this same
several hundred times that amount. process applies at all levels of decision
If the candidate solutions all adequately making: from a decision as big as
solve the problem from a technical determining whether a software project
perspective, then the selection of the most should be done at all, to a deciding on an
appropriate alternative should be based on algorithm or data structure to use in a
commercial factors such as optimizing software module. The difference is how
total cost of ownership (TCO) or financially significant the decision is and,
maximizing the short-term return on therefore, how much effort should be
investment (ROI). Life cycle costs such as invested in making that decision. The
defect correction, field service, and project-level decision is financially
support duration are also relevant significant and probably warrants a
considerations. These costs need to be relatively high level of effort to make the
factored in when selecting among decision. Selecting an algorithm is often
acceptable technical approaches, as they much less financially significant and
are part of the lifetime ROI (see section warrants a much lower level of effort to
4.3, Return on Investment). make the decision, even though the same
A systematic process for making basic decision-making process is being
decisions will achieve transparency and used.
allow later justification. Governance More often than not, an organization
criteria in many organizations demand could carry out more than one proposal if
selection from at least two alternatives. A it wanted to, and usually there are
systematic process is shown in Figure important relationships among proposals.
12.3. It starts with a business challenge at Maybe Proposal Y can only be carried out
hand and describes the steps to identify if Proposal X is also carried out. Or maybe
alternative solutions, define selection Proposal P cannot be carried out if
criteria, evaluate the solutions, implement Proposal Q is carried out, nor could Q be
one selected solution, and monitor the carried out if P were. Choices are much
performance of that solution. easier to make when there are mutually
Figure 12.3 shows the process as mostly exclusive pathsfor example, either A or
stepwise and serial. The real process is B or C or whatever is chosen. In preparing
service, or result.7 In software which means that the same resources are
engineering, different project types are not available for other projects.
distinguished (e.g., product development,
outsourced services, software 2.5. ProductLifeCycle
maintenance, service creation, and so on). [2*, c2] [3*, c2]
During its life cycle, a software product
may require many projects. For example, A software product life cycle (SPLC)
during the product conception phase, a includes all activities needed to define,
project might be conducted to determine build, operate, maintain, and retire a
the customer need and market software product or service and its
requirements; during maintenance, a variants. The SPLC activities of operate,
project might be conducted to produce a maintain, and retire typically occur in
next version of a product. a much longer time frame than initial
software development (the software
2.3. Program development life cycleSDLCsee
Software Life Cycle Models in the
A program is a group of related projects, Software Engineering Process KA). Also
subprograms, and program activities the operate-maintain-retire activities of an
managed in a coordinated way to obtain SPLC typically consume more total effort
benefits not available from managing and other resources than the SDLC
them individually.8 Programs are often activities (see Majority of Maintenance
used to identify and manage different Costs in the Software Maintenance KA).
deliveries to a single customer or market The value contributed by a software
over a time horizon of several years. product or associated services can be
objectively determined during the operate
2.4. Portfolio and maintain time frame. Software
engineering economics should be
Portfolios are projects, programs, concerned with all SPLC activities,
subportfolios, and operations managed as including the activities after initial product
a group to achieve strategic objectives. 9 release.
Portfolios are used to group and then
manage simultaneously all assets within a 2.6. ProjectLifeCycle
business line or organization. Looking to [2*, c2] [3*, c2]
an entire portfolio makes sure that impacts
Project life cycle activities typically
of decisions are considered, such as
involve five process groupsInitiating,
resource allocation to a specific project
Planning, Execut-
ing, Monitoring and Controlling, and
7 Project Management Institute, Inc., PMI Closing [4] (see the Software Engineering
LexiconofProjectManagementTerms, Management KA). The activities within a
2012, www.pmi.org/ PMBOK-Guide-and- software project life cycle are often
Standards/~/media/Registered/ interleaved, overlapped, and iterated in
PMI_Lexicon_Final.ashx. various ways [3*, c2] [5] (see the
Software Engineering Process KA). For
8 Ibid. instance, agile product development
within an SPLC involves multiple
9 Ibid. iterations that produce increments of
10-10 SWEBOK Guide V3.0
the four Ps of the marketing mix. The the cost based on expenses (e.g.,
other three Ps are product, promotion, and production, software engineering,
place. Price is the only revenue-generating distribution, rework) and on the target cost
element amongst the four Ps; the rest are to be competitive and successful in a
costs. market. The target cost can be below the
Pricing is an element of finance and actual estimated cost. The planning and
marketing. It is the process of determining controlling of these costs (called cost
what a company will receive in exchange management) is important and should
for its products. Pricing factors include always be included in costing.
manufacturing cost, market placement, An important concept in costing is the
competition, market condition, and quality total cost of ownership (TCO). This holds
of product. Pricing applies prices to especially for software, because there are
products and services based on factors many not-so-obvious costs related to
such as fixed amount, quantity break, SPLC activities after initial product
promotion or sales campaign, specific development. TCO for a software product
vendor quote, shipment or invoice date, is defined as the total cost for acquiring,
combination of multiple orders, service activating, and keeping that product
offerings, and many others. The needs of running. These costs can be grouped as
the consumer can be converted into direct and indirect costs. TCO is an
demand only if the consumer has the accounting method that is crucial in
willingness and capacity to buy the making sound economic decisions.
product. Thus, pricing is very important in
marketing. Pricing is initially done during 2.12. PerformanceMeasurement
the project initiation phase and is a part of [3*, c7, c8]
go decision making.
Performance measurement is the process
2.11. CostandCosting whereby an organization establishes and
[1*, c15] measures the parameters used to
determine whether programs, investments,
A cost is the value of money that has been and acquisitions are achieving the desired
used up to produce something and, hence, results. It is used to evaluate whether
is not available for use anymore. In performance objectives are actually
economics, a cost is an alternative that is achieved; to control budgets, resources,
given up as a result of a decision. progress, and decisions; and to improve
A sunk cost is the expenses before a performance.
certain time, typically used to abstract
decisions from expenses in the past, which 2.13. EarnedValueManagement
can cause emotional hurdles in looking [3*, c8]
forward. From a traditional economics
Earned value management (EVM) is a
point of view, sunk costs should not be
project management technique for
considered in decision making.
measuring progress based on created
Opportunity cost is the cost of an
value. At a given moment, the results
alternative that must be forgone in order to
achieved to date in a project are compared
pursue another alternative.
with the projected budget and the planned
Costing is part of finance and product
schedule progress for that date. Progress
management. It is the process to determine
relates already-consumed resources and
10-12 SWEBOK Guide V3.0
achieved results at a given point in time resources for other opportunities. Sunk
with the respective planned values for the costs should not be considered in such
same date. It helps to identify possible decision making because they have been
performance problems at an early stage. A spent and will not reappear as a value.
key principle in EVM is tracking cost and 2.15. ReplacementandRetirement
schedule variances via comparison of Decisions
planned versus actual schedule and budget [1*, c12] [2*, c9]
versus actual cost. EVM tracking gives
much earlier visibility to deviations and A replacement decision is made when an
thus permits corrections earlier than organization already has a particular asset
classic cost and schedule tracking that and they are considering replacing it with
only looks at delivered documents and something else; for example, deciding
products. between maintaining and supporting a
legacy software product or redeveloping it
2.14. TerminationDecisions from the ground up. Replacement
[1*, c11, c12] [2*, c9] decisions use the same business decision
process as described above, but there are
Termination means to end a project or additional challenges: sunk cost and
product. Termination can be preplanned salvage value. Retirement decisions are
for the end of a long product lifetime (e.g., also about getting out of an activity
when foreseeing that a product will reach altogether, such as when a software
its lifetime) or can come rather company considers not selling a software
spontaneously during product product anymore or a hardware
development (e.g., when project manufacturer considers not building and
performance targets are not achieved). In selling a particular model of computer any
both cases, the decision should be longer. Retirement decision can be
carefully prepared, considering always the influenced by lock-in factors such as
alternatives of continuing versus technology dependency and high exit
terminating. Costs of different alternatives costs.
must be estimatedcovering topics such
as replacement, information collection, 3.Risk and Uncertainty
suppliers, alternatives, assets, and utilizing
3.4. Prioritization
[3*, c6]
3.5. DecisionsunderRisk
[1*, c24] [3*, c9]
3.6.
Laplace Rule
Maximin Rule
Maximax Rule
Hurwicz Rule
Minimax Regret Rule.
4.Economic Analysis Methods
10-18 SWEBOK Guide V3.0
including the value of delaying a decision. and the gold plating that results from
Such options are difficult to compute with adding features that have low marginal
precision. However, awareness that value for the users (see Agile Methods in
choices have a monetary value provides the Software Engineering Models and
insight in the timing of decisions such as Methods KA and Software Life Cycle
increasing project staff or lengthening Models in the Software Engineering
time to market to improve quality. Process KA). In agile methods, detailed
planning and lengthy development phases
5.Practical Considerations are replaced by incremental planning and
frequent delivery of small increments of a
5.1. TheGoodEnoughPrinciple deliverable product that is tested and
[1*, c21] evaluated by user representatives.
sold through an app store and comply with outside the home country of an enterprise.
that stores rules. Enterprises typically either have their
offshoring branches in lowcost countries
5.3. Ecosystems or they ask specialized companies abroad
to execute the respective activity.
An ecosystem is an environment Offshoring should therefore not be
consisting of all the mutually dependent confused with outsourcing. Offshoring
stakeholders, business units, and within a company is called captive
companies working in a particular area. offshoring. Outsourcing is the result-
In a typical ecosystem, there are producers oriented relationship with a supplier who
and consumers, where the consumers add executes business activities for an
value to the consumed resources. Note enterprise when, traditionally, those
that a consumer is not the end user but an activities were executed inside the
organization that uses the product to enterprise. Outsourcing is site-
enhance it. A software ecosystem is, for independent. The supplier can reside in the
instance, a supplier of an application neighborhood of the enterprise or offshore
working with companies doing the (outsourced offshoring). Software
installation and support in different engineering economics provides the basic
regions. Neither one could exist without criteria and business tools to evaluate
the other. Ecosystems can be permanent or different sourcing mechanisms and control
temporary. Software engineering their performance. For instance, using an
economics provides the mechanisms to outsourcing supplier for software
evaluate alternatives in establishing or development and maintenance might
extending an ecosystemfor instance, reduce the cost per hour of software
assessing whether to work with a specific development, but increase the number of
distributor or have the distribution done by hours and capital expenses due to an
a company doing service in an area. increased need for monitoring and
communication. (For more information on
5.4. OffshoringandOutsourcing offshoring and outsourcing, see
Outsourcing in Management Issues in
Offshoring means executing a business the Software
activity beyond sales and marketing Maintenance KA.)
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Tockey [1*]
2005 Fairley [3*]
200
Sommerville 2011
[2*]
10-22 SWEBOK Guide V3.0
Tockey [1*]
2005 Fairley [3*]
200
Sommerville 2011
[2*]
processes, as well as the project life cycle. This book is a classic reading on making a
It is a globally recognized guide for the business case in the software and IT
project management profession. businesses. Many useful examples
illustrate how the business case is
SoftwareExtensiontotheGuidetothe formulated and quantified.
ProjectManagementBodyof REFERENCES
Knowledge(SWX) [5].
[1*] S. Tockey, ReturnonSoftware:
SWX provides adaptations and extensions MaximizingtheReturnonYour
to the generic practices of project SoftwareInvestment, Addison-Wesley,
management documented in the 2004.
PMBOK Guide for managing software
projects. The primary contribution of this [2*] J.H. Allen et al., SoftwareSecurity
extension to the PMBOKGuide is Engineering:AGuideforProject
description of processes that are applicable Managers, Addison-Wesley, 2008.
for managing adaptive life cycle software
projects. [3*] R.E. Fairley, ManagingandLeading
SoftwareProjects, Wiley-IEEE
B.W. Boehm, SoftwareEngineering Computer Society Press, 2009.
Economics
[6]. [4] Project Management Institute, A
GuidetotheProjectManagement
This book is the classic reading on BodyofKnowledge(PMBOK(R)
software engineering economics. It Guide), 5th ed., Project Management
provides an overview of business thinking Institute, 2013.
in software engineering. Although the
examples and figures are dated, it still is [5] Project Management Institute and
worth reading. IEEE Computer Society, Software
ExtensiontothePMBOKGuide
C. Ebert and R. Dumke, Software FifthEdition, ed: Project Management
Measurement Institute, 2013.
[7].
[6] B.W. Boehm, SoftwareEngineering
This book provides an overview on Economics, Prentice-Hall, 1981.
quantitative methods in software
engineering, starting with measurement [7] C. Ebert and R. Dumke, Software
theory and proceeding to performance Measurement, Springer, 2007.
management and business decision
making. [8] D.J. Reifer, MakingtheSoftware
BusinessCase:Improvementbythe
D.J. Reifer, MakingtheSoftwareBusiness Numbers, Addison Wesley, 2002.
Case:ImprovementbytheNumbers
[8].
CHAPTER 13
Software Quality 10-2
COMPUTING FOUNDATIONS
ACRONYMS
AOP Aspect-Oriented Programming
ALU Arithmetic and Logic Unit
Application Programming
API
Interface
ATM AsynchronousSmall
Transfer Mode
Computer
B/S System Interface
Browser-Server
Computer Emergency Response
CERT
Team
INTRODUCTION COTS Commercial Off-The-Shelf
CRUD Create, Read, Update, Delete
The scope of the Computing
C/S Client-Server
Foundations knowledge area (KA)
encompasses the CS Computer Science
development and DBMS Database Management System operational
environment in which FPU Float Point Unit software
evolves and executes. Because no
software can exist in a I/O Input and Output vacuum or
run without a computer, the ISA Instruction Set Architecture core of
such an environment is the International Organization for computer
and its various components. ISO Knowledge
Standardization
about the computer and its underlying
ISP Internet Service Provider
principles of hardware and software
serves as a framework on LAN Local Area Network which
software engineering is MUX Multiplexer anchored.
Thus, all software engineers must have
NIC Network Interface Card
good understanding of the Computing
Foundations KA. OOP Object-Oriented Programming
It is generally accepted OS Operating System that
software engineering builds OSI Open Systems Interconnection on top of
computer science. For example,
Software Engineering PC Personal Computer 2004:
Curriculum Guidelines for PDA Personal Digital Assistant
Undergraduate Degree PPP Point-to-Point Protocol Programs
in Software Engineering [1] clearly
RFID Radio Frequency Identification
states, One particularly important
aspect is that software RAM Random Access Memory
engineeringbuildson ROM Read Only Memory computer
science and mathematics SCSI (italics
added).
SQL Structured Query Language
TCP Transport Control Protocol
UDP User Datagram Protocol
VPN Virtual Private Network
WAN Wide Area Network
10-3 SWEBOK Guide V3.0
Both computer science and software engineering deal with computers, computing, and
software. The science of computing, as a body of knowledge, is at the core of both.
13-1
2.3. Hierarchy
Both commercial and free tools exist in determine whether a program runs in a
various languages. These tools can be few seconds or in a few hours or even a
extremely useful when checking very few days.
large source trees, where it is impractical From the perspective of physical and
to do code walkthroughs. The UNIX lint logical ordering, a data structure is either
program is an early example. linear or nonlinear. Other perspectives
give rise to different classifications that
6.Data Structure and Representation include homogeneous vs. heterogeneous,
[5*, s2.12.6] static vs. dynamic, persistent vs. transient,
external vs. internal, primitive vs.
Programs work on data. But data must be aggregate, recursive vs. nonrecursive;
expressed and organized within computers passive vs. active; and stateful vs. stateless
before being processed by programs. This structures.
organization and expression of data for 6.2. TypesofDataStructure
programs use is the subject of data
structure and representation. Simply put, a As mentioned above, different
data structure tries to store and organize perspectives can be used to classify data
data in a computer in such a way that the structures. However, the predominant
data can be used efficiently. There are perspective used in classification centers
many types of data structures and each on physical and logical ordering between
type of structure is suitable for some kinds data items. This classification divides data
of applications. For example, B/ B+ trees structures into linear and nonlinear
are well suited for implementing massive structures. Linear structures organize data
file systems and databases. items in a single dimension in which each
data entry has one (physical or logical)
6.1. DataStructureOverview predecessor and one successor with the
exception of the first and last entry. The
Data structures are computer first entry has no predecessor and the last
representations of data. Data structures are entry has no successor. Nonlinear
used in almost every program. In a sense, structures organize data items in two or
no meaningful program can be constructed more dimensions, in which case one entry
without the use of some sort of data can have multiple predecessors and
structure. Some design methods and successors. Examples of linear structures
programming languages even organize an include lists, stacks, and queues. Examples
entire software system around data of nonlinear structures include heaps, hash
structures. Fundamentally, data structures tables, and trees (such as binary trees,
are abstractions defined on a collection of balance trees, B-trees, and so forth).
data and its associated operations. Another type of data structure that is
Often, data structures are designed for often encountered in programming is the
improving program or algorithm compound structure. A compound data
efficiency. Examples of such data structure builds on top of other (more
structures include stacks, queues, and primitive) data structures and, in some
heaps. At other times, data structures are way, can be viewed as the same structure
used for conceptual unity (abstract data as the underlying structure. Examples of
type), such as the name and address of a compound structures include sets, graphs,
person. Often, a data structure can
10-13 SWEBOK Guide V3.0
and partitions. For example, a partition can to compose programs are algorithms,
be viewed as a set of sets. which organize various functions into a
series of steps and take into consideration
6.3. OperationsonData the application domain, the solution
Structures strategy, and the data structures being
used. An algorithm can be very simple or
All data structures support some very complex.
operations that produce a specific
structure and ordering, or retrieve relevant 7.1.OverviewofAlgorithms
data from the structure, store data into the
structure, or delete data from the structure. Abstractly speaking, algorithms guide the
Basic operations supported by all data operations of computers and consist of a
structures include create, read, update, and sequence of actions composed to solve a
delete (CRUD). problem. Alternative definitions include
but are not limited to:
Create: Insert a new data entry into the
structure. An algorithm is any well-defined
Read: Retrieve a data entry from the computational procedure that takes
structure. some value or set of values as input
Update: Modify an existing data entry. and produces some value or set of
Delete: Remove a data entry from the values as output.
structure. An algorithm is a sequence of
computational steps that transform the
Some data structures also support input into the output.
additional operations: An algorithm is a tool for solving a
Find a particular element in the wellspecified computation problem.
structure.
Sort all elements according to some Of course, different definitions are
ordering. Traverse all elements in favored by different people. Though there
some specific order. is no universally accepted definition, some
Reorganize or rebalance the structure. agreement exists that an algorithm needs
to be correct, finite (in other words,
Different structures support different terminate eventually or one must be able
operations with different efficiencies. The to write it in a finite number of steps), and
difference between operation efficiency unambiguous.
can be significant. For example, it is easy 7.2. AttributesofAlgorithms
to retrieve the last item inserted into a
stack, but finding a particular element The attributes of algorithms are many and
within a stack is rather slow and tedious. often include modularity, correctness,
maintainability, functionality, robustness,
7.Algorithms and Complexity user-friendliness (i.e. easy to be
[5*, s1.11.3, s3.33.6, s4.14.8, s5.15.7, understood by people), programmer time,
s6.16.3, s7.17.6, s11.1, s12.1] simplicity, and extensibility. A commonly
emphasized attribute is performance or
Programs are not random pieces of code: efficiency by which we mean both time
they are meticulously written to perform and resource-usage efficiency while
user-expected actions. The guide one uses generally emphasizing the time axis. To
Software Quality 10-14
Figure 13.3. Basic Components of a Computer System Based on the von Neumann Model
8.2.SystemsEngineering
8.3.OverviewofaComputerSystem
10-17 SWEBOK Guide V3.0
Among all the systems, one that is From the perspective of a computer, a
obviously relevant to the software wide semantic gap exists between its
engineering community is the computer intended behavior and the workings of the
system. A computer is a machine that underlying electronic devices that actually
executes programs or software. It consists do the work within the computer. This gap
of a purposeful collection of mechanical, is bridged through computer organization,
electrical, and electronic components with which meshes various electrical,
each component performing a preset electronic, and mechanical devices into
function. Jointly, these components are one device that forms a computer. The
able to execute the instructions that are objects that computer organization deals
given by the program. with are the devices, connections, and
Abstractly speaking, a computer controls. The abstraction built in computer
receives some input, stores and organization is the computer.
manipulates some data, and provides some
output. The most distinct feature of a 9.1.ComputerOrganizationOverview
computer is its ability to store and execute
sequences of instructions called programs. A computer generally consists of a CPU,
An interesting phenomenon concerning memory, input devices, and output
the computer is the universal equivalence devices. Abstractly speaking, the
in functionality. According to Turing, all organization of a computer can be divided
computers with a certain minimum into four levels (Figure 13.4). The macro
capability are equivalent in their ability to architecture level is the formal
perform computation tasks. In other specification of all the functions a
words, given enough time and memory, all particular machine can carry out and is
computers ranging from a netbook to a known as the instruction set architecture
supercomputerare capable of computing (ISA). The microarchitecture level is the
exactly the same things, irrespective of implementation of the ISA in a specific
speed, size, cost, or anything else. CPUin other words, the way in which
Most computer systems have a structure the ISAs specifications are actually
that is known as the von Neumann carried out. The logiccircuits level is the
model, which consists of five level where each functional component of
components: a memory for storing the micro architecture is built up of
instructions and data, a centralprocessing circuits that make decisions based on
unitfor performing arithmetic and logical simple rules. The deviceslevel is the level
operations, a control unit for sequencing where, finally, each logic circuit is
and interpreting instructions, input for actually built of electronic devices such as
getting external information into the complementary metal-oxide
memory, and output for producing results semiconductors (CMOS), n-channel metal
for the user. The basic components of a oxide semiconductors (NMOS), or
computer system based on the von gallium arsenide (GaAs) transistors, and
Neumann model are depicted in Figure so forth.
13.3. Macro Architecture Level (ISA)
9.Computer Organization
Micro Architecture Level
[8*, c1c4]
Logic Circuits Level
Devices Level
Software Quality 10-18
Figure 13.4. Machine Architecture Levels building various digital devices from the
simplest elements (such as transistors) and
Each level provides an abstraction to the for governing the operation of digital
level above and is dependent on the level devices. For example, digital logic spells
below. To a programmer, the most out what the value will be if a zero and
important abstraction is the ISA, which one is ANDed, ORed, or exclusively
specifies such things as the native data ORed together. It also specifies how to
types, instructions, registers, addressing build decoders, multiplexers (MUX),
modes, the memory architecture, interrupt memory, and adders that are used to
and exception handling, and the I/Os. assemble the computer.
Overall, the ISA specifies the ability of a
computer and what can be done on the 9.4.ComputerExpressionofData
computer with programming.
As mentioned before, a computer
9.2.DigitalSystems expresses data with electrical signals or
digital zeros and ones. Since there are only
At the lowest level, computations are two different digits used in data
carried out by the electrical and electronic expression, such a system is called a
devices within a computer. The computer binaryexpressionsystem. Due to the
uses circuits and memory to hold charges inherent nature of a binary system, the
that represents the presence or absence of maximum numerical value expressible by
voltage. The presence of voltage is equal an n-bits binary code is 2n 1.
to a 1 while the absence of voltage is a Specifically, binary number anan1a1a0
zero. On disk the polarity of the voltage is corresponds to an 2n + an1 2n1 + +
represented by 0s and 1s that in turn a1 21 + a0 20. Thus, the numerical
represents the data stored. Everything value of the binary expression of 1011 is 1
including instruction and datais 8 + 0 4 + 1 2 + 1 1 = 11. To
expressed or encoded using digital zeros express a nonnumerical value, we need to
and ones. In this sense, a computer decide the number of zeros and ones to
becomes a digital system. For example, use and the order in which those zeros and
decimal value 6 can be encoded as 110, ones are arranged.
the addition instruction may be encoded as Of course, there are different ways to do
0001, and so forth. The component of the the encoding, and this gives rise to
computer such as the control unit, ALU, different data expression schemes and
memory and I/O use the information to subschemes. For example, integers can be
compute the instructions. expressed in the form of unsigned, ones
complement, or twos complement. For
9.3.DigitalLogic characters, there are ASCII, Unicode, and
IBMs EBCDIC standards. For floating
Obviously, logics are needed to point numbers, there are IEEE-754 FP 1,
manipulate data and to control the 2, and 3 standards. 9.5.TheCentral
operation of computers. This logic, which ProcessingUnit(CPU)
is behind a computers proper function, is
called digitallogic because it deals with The central processing unit is the place
the operations of digital zeros and ones. where instructions (or programs) are
Digital logic specifies the rules both for actually executed. The execution usually
10-19 SWEBOK Guide V3.0
takes several steps, including fetching the interface between the memory system and
program instruction, decoding the other parts of the computer.
instruction, fetching operands, performing
arithmetic and logical operations on the 9.7.InputandOutput(I/O)
operands, and storing the result. The main
components of a CPU consist of registers A computer is useless without I/O.
where instructions and data are often read Common input devices include the
from and written to, the arithmetic and keyboard and mouse; common output
logic unit (ALU) that performs the actual devices include the disk, the screen, the
arithmetic (such as addition, subtraction, printer, and speakers. Different I/O
multiplication, and division) and logic devices operate at different data rates and
(such as AND, OR, shift, and so forth) reliabilities. How computers connect and
operations, the control unit that is manage various input and output devices
responsible for producing proper signals to facilitate the interaction between
to control the operations, and various computers and humans (or other
(data, address, and control) buses that link computers) is the focus of topics in I/O.
the components together and transport The main issues that must be resolved in
data to and from these components. input and output are the ways I/O can and
should be performed.
9.6.MemorySystemOrganization In general, I/O is performed at both
hardware and software levels. Hardware
Memory is the storage unit of a computer. I/O can be performed in any of three ways.
It concerns the assembling of a large-scale DedicatedI/O dedicates the CPU to the
memory system from smaller and single- actual input and output operations during
digit storage units. The main topics I/O;memory-mappedI/O treats I/O
covered by memory system architecture operations as memory operations; and
include the following: hybridI/O combines dedicated I/O and
Memory cells and chips memory-mapped I/O into a single holistic
Memory boards and modules Memory I/O operation mode.
hierarchy and cache Memory as a Coincidentally, software I/O can also be
subsystem of the computer. performed in one of three ways.
ProgrammedI/O lets the CPU wait while
Memorycellsandchips deal with the I/O device is doing I/O; interrupt-
single-digital storage and the assembling drivenI/O lets the CPUs handling of I/O
of single-digit units into one-dimensional be driven by the I/O device; and direct
memory arrays as well as the assembling memoryaccess (DMA) lets I/O be handled
by a secondary CPU embedded in a DMA
of one-dimensional storage arrays into
device (or channel). (Except during the
multi-dimensional storage memory chips.
initial setup, the main CPU is not
Memoryboardsandmodules concern the
disturbed during a DMA I/O
assembling of memory chips into memory
operation.)
systems, with the focus being on the
Regardless of the types of I/O scheme
organization, operation, and management
being used, the main issues involved in
of the individual chips in the system.
I/O include I/Oaddressing (which deals
Memoryhierarchyandcache are used to
with the issue of how to identify the I/O
support efficient memory operations.
device for a specific I/O operation),
Memoryasasub-system deals with the
synchronization (which deals with the
Software Quality 10-20
issue of how to make the CPU and I/O image is needed to run the program. Most
device work in harmony during I/O), and application software is sold in this form.
errordetectionandcorrection (which While both compilation and
deals with the occurrence of transmission interpretation convert high level language
errors). code into machine code, there are some
important differences between the two
10. Compiler Basics methods. First, a compiler makes the
[4*, s6.4] conversion just once, while an interpreter
typically converts it every time a program
[8*, s8.4] 10.1.Compiler/Interpreter is executed. Second, interpreting code is
slower than running the compiled code,
Overview because the interpreter must analyze each
statement in the program when it is
Programmers usually write programs in executed and then perform the desired
high level language code, which the CPU
action, whereas the compiled code just
cannot execute; so this source code has to
performs the action within a fixed context
be converted into machine code to be
determined by the compilation. Third,
understood by a computer. Due to the
access to variables is also slower in an
differences between different ISAs, the
interpreter because the mapping of
translation must be done for each ISA or
identifiers to storage locations must be
specific machine language under
done repeatedly at runtime rather than at
consideration.
compile time.
The translation is usually performed by
The primary tasks of a compiler may
a piece of software called a compiler or an
include preprocessing, lexical analysis,
interpreter. This process of translation
parsing, semantic analysis, code
from a high-level language to a machine
generation, and code optimization.
language is called compilation, or,
Program faults caused by incorrect
sometimes, interpretation.
compiler behavior can be very difficult to
10.2.InterpretationandCompilation track down. For this reason, compiler
implementers invest a lot of time ensuring
There are two ways to translate a program the correctness of their software. 10.3.
written in a higher-level language into TheCompilationProcess
machine code: interpretation and
compilation. Interpretationtranslates the Compilation is a complex task. Most
source code one statement at a time into compilers divide the compilation process
machine language, executes it on the spot, into many phases. A typical breakdown is
as follows:
and then goes back for another statement.
Both the high-level-language source code
Lexical Analysis
and the interpreter are required every time
Syntax Analysis or Parsing
the program is run.
Semantic Analysis
Compilation translates the high-level-
Code Generation
language source code into an entire
machine-language program (an executable
Lexicalanalysis partitions the input text
image) by a program called a compiler.
(the source code), which is a sequence of
After compilation, only the executable
characters, into separate comments, which
10-21 SWEBOK Guide V3.0
The principal roles played by OSs are The arsenal of OSs is abstraction.
management and illusion. Management Corresponding to the five physical tasks,
refers to the OSs management (allocation OSs use five abstractions: process/thread,
and recovery) of physical resources among virtual memory, file systems, input/output,
multiple competing users/ and protection domains. The overall OS
applications/tasks. Illusion refers to the abstraction is the virtual machine.
nice abstractions the OS provides. For each task area of OS, there is both a
physical reality and a conceptual
11.2. TasksofanOperating abstraction. The physical reality refers to
System the hardware resource under management;
the conceptual abstraction refers to the
The tasks of an operating system differ interface the OS presents to the
significantly depending on the machine users/programs above. For example, in the
and time of its invention. However, thread model of the OS, the physical
modern operating systems have come to reality is the CPU and the abstraction is
agreement as to the tasks that must be multiple CPUs. Thus, a user doesnt have
performed by an OS. These tasks include to worry about sharing the CPU with
CPU management, memory management, others when working on the abstraction
disk management (file system), I/O device provided by an OS. In the virtual memory
management, and security and protection. abstraction of an OS, the physical reality is
Each OS task manages one type of the physical RAM or ROM (whatever),
physical resource. the abstraction is multiple unlimited
Specifically, CPU management deals memory space. Thus, a user doesnt have
with the allocation and releases of the to worry about sharing physical memory
CPU among competing programs (called with others or about limited physical
processes/threads in OS jargon), including memory size.
the operating system itself. The main Abstractions may be virtual or
abstraction provided by CPU management transparent; in this context virtual applies
is the process/thread model. Memory to something that appears to be there, but
management deals with the allocation and isnt (like usable memory beyond
release of memory space among physical), whereas transparent applies to
competing processes, and the main something that is there, but appears not to
abstraction provided by memory be there (like fetching memory contents
management is virtual memory. Disk from disk or physical memory).
management deals with the sharing of
magnetic or optical or solid state disks 11.4. OperatingSystems
among multiple programs/users and its Classification
main abstraction is the file system. I/O
device management deals with the Different operating systems can have
allocation and releases of various I/O different functionality implementation. In
devices among competing processes. the early days of the computer era,
Security and protection deal with the operating systems were relatively simple.
protection of computer resources from As time goes on, the complexity and
illegal use. sophistication of operating systems
increases significantly. From a historical
11.3. OperatingSystem perspective, an operating system can be
Abstractions classified as one of the following.
10-23 SWEBOK Guide V3.0
The organization of the actual data in a connected computers and may give the
database depends on the database model. illusion of a single, omnipresent computer.
In a relational model, data are organized as Every computer or device connected to a
tables with different tables representing network is called a networknode.
different entities or relations among a set A number of computing paradigms have
of entities. The storage of data deals with emerged to benefit from the functions and
the storage of these database tables on capabilities provided by computer
disks. The common ways for achieving networks. These paradigms include
this is to use files. Sequential, indexed, distributed computing, grid computing,
and hash files are all used in this purpose Internet computing, and cloud computing.
with different file structures providing
different access performance and 13.1. TypesofNetwork
convenience.
Computer networks are not all the same
12.6. DataMining and may be classified according to a wide
variety of characteristics, including the
One often has to know what to look for networks connection method, wired
before querying a database. This type of technologies, wireless technologies, scale,
pinpointing access does not make full network topology, functions, and speed.
use of the vast amount of information But the classification that is familiar to
stored in the database, and in fact reduces most is based on the scale of networking.
the database into a collection of discrete
records. To take full advantage of a PersonalAreaNetwork/Home
database, one can perform statistical Networkis a computer network used
analysis and pattern discovery on the for communication among
content of a database using a technique computer(s) and different information
called datamining. Such operations can technological devices close to one
be used to support a number of business person. The devices connected to such
activities that include, but are not limited a network may include PCs, faxes,
to, marketing, fraud detection, and trend PDAs, and TVs. This is the base on
analysis. which the Internet of Things is built.
Numerous ways for performing data LocalAreaNetwork (LAN) connects
mining have been invented in the past computers and devices in a limited
decade and include such common geographical area, such as a school
techniques as class description, class campus, computer laboratory, office
discrimination, cluster analysis, building, or closely positioned group
association analysis, and outlier analysis. of buildings.
CampusNetwork is a computer
13. Network Communication Basics network made up of an
[8*, c12] interconnection of local area networks
(LANs) within a limited geographical
A computer network connects a collection area.
of computers and allows users of different Wide area network (WAN) is a
computers to share resources with other computer network that covers a large
users. A network facilitates the geographic area, such as a city or
communications between all the country or even across
Software Quality 10-26
and strategies that provide the foundation Based on the above discussion, it is
for distributed computation; in the latter possible to classify concurrent systems as
definition, distributed computing studies being parallel or distributed based on
the ways of dividing a problem into many the existence or nonexistence of shared
tasks and assigning such tasks to various memory among all the processor: parallel
computers involved in the computation. computing deals with computations within
Fundamentally, distributed computing is a single computer; distributed computing
another form of parallel computing, albeit deals with computations within a set of
on a grander scale. In distributed computers. According to this view,
computing, the functional units are not multicore computing is a form of parallel
ALU, FPU, or separate cores, but computing.
individual computers. For this reason,
some people regard distributed computing 14.3. ParallelandDistributed
as being the same as parallel computing. ComputingModels
Because both distributed and parallel
computing involve some form of Since multiple computers/processors/cores
concurrency, they are both also called are involved in distributed/parallel
concurrent computing. computing, some coordination among the
involved parties is necessary to ensure
14.2. Differencebetween correct behavior of the system.
ParallelandDistributed Different ways of coordination give rise to
Computing different computing models. The most
common models in this regard are the
Though parallel and distributed computing shared memory (parallel) model and the
resemble each other on the surface, there message-passing (distributed) model.
is a subtle but real distinction between In a sharedmemory(parallel)model, all
them: parallel computing does not computers have access to a shared central
necessarily refer to the execution of memory where local caches are used to
programs on different computers speed up the processing power. These
instead, they can be run on different caches use a protocol to insure the
processors within a single computer. In localized data is fresh and up to date,
fact, consensus among computing typically the MESI protocol. The
professionals limits the scope of parallel algorithm designer chooses the program
computing to the case where a shared for execution by each computer. Access to
memory is used by all processors involved the central memory can be synchronous or
in the computing, while distributed asynchronous, and must be coordinated
computing refers to computations where such that coherency is maintained.
private memory exists for each processor Different access models have been
involved in the computations. invented for such a purpose.
Another subtle difference between In a message-passing(distributed)
parallel and distributed computing is that model, all computers run some programs
parallel computing necessitates concurrent that collectively achieve some purpose.
execution of several tasks while The system must work correctly regardless
distributed computing does not have this of the structure of the network. This model
necessity. can be further classified into client-server
(C/S), browser-server (B/S), and n-tier
10-29 SWEBOK Guide V3.0
models. In the C/S model, the server handling of error messages, and the
provides services and the client requests robustness of the software in general.
services from the server. In the B/S model,
the server provides services and the client 15.1. InputandOutput
is the browser. In the n-tier model, each
tier (i.e. layer) provides services to the tier Input and output are the interfaces
immediately above it and requests services between users and software. Software is
from the tier immediately below it. In fact, useless without input and output. Humans
the n-tier model can be seen as a chain of design software to process some input and
client-server models. Often, the tiers produce desirable output. All software
between the bottommost tier and the engineers must consider input and output
topmost tier are called middleware, which as an integral part of the software product
is a distinct subject of study in its own they engineer or develop. Issues
right. considered for input include (but are not
limited to):
14.4. MainIssuesinDistributed
Computing What input is required?
How is the input passed from users to
Coordination among all the components in computers?
a distributed computing environment is What is the most convenient way for
often complex and time-consuming. As users to enter input?
the number of cores/ CPUs/computers What format does the computer
increases, the complexity of distributed require of the input data?
computing also increases. Among the
many issues faced, memory coherency and The designer should request the
consensus among all computers are the minimum data from human input, only
most difficult ones. Many computation when the data is not already stored in the
paradigms have been invented to solve system. The designer should format and
these problems and are the main edit the data at the time of entry to reduce
discussion issues in distributed/parallel errors arising from incorrect or malicious
computing. data entry.
15. Basic User Human Factors For output, we need to consider what
[3*, c8] [9*, c5] the users wish to see:
Software is developed to meet human In what format would users like to see
desires or needs. Thus, all software design output?
and development must take into What is the most pleasing way to
consideration human-user factors such as display output?
how people use software, how people If the party interacting with the software
view software, and what humans expect isnt human but another software or
from software. There are numerous factors computer or control system, then we need
in the human-machine interaction, and to consider the input/ output type and
ISO 9241 document series define all the format that the software should produce to
detailed standards of such interactions. ensure proper data exchange between
[10] But the basic human-user factors systems.
considered here include input/output, the
Software Quality 10-30
There are many rules of thumb for However, messages relating to security
developers to follow to produce good access errors should not provide extra
input/output for a software. These rules of information that would help unauthorized
thumb include simple and natural persons break in.
dialogue, speaking users language, 15.3. SoftwareRobustness
minimizing user memory load,
consistency, minimal surprise, Software robustness refers to the ability of
conformance to standards (whether agreed software to tolerate erroneous inputs.
to or not: e.g., automobiles have a standard Software is said to be robust if it continues
interface for accelerator, brake, steering). to function even when erroneous inputs
are given. Thus, it is unacceptable for
15.2. ErrorMessages software to simply crash when
encountering an input problem as this may
It is understandable that most software cause unexpected consequences, such as
contains faults and fails from time to time. the loss of valuable data. Software that
But users should be notified if there is exhibits such behavior is considered to
anything that impedes the smooth lack robustness.
execution of the program. Nothing is more Nielsen gives a simpler description of
frustrating than an unexpected termination software robustness: The software should
or behavioral deviation of software have a low error rate, so that users make
without any warning or explanation. To be few errors during the use of the system
user friendly, the software should report and so that if they do make errors they can
all error conditions to the users or upper- easily recover from them. Further,
level applications so that some measure catastrophic errors must not occur [9*].
can be taken to rectify the situation or to There are many ways to evaluate the
exit gracefully. There are several robustness of software and just as many
guidelines that define what constitutes a ways to make software more robust. For
good error message: error messages example, to improve robustness, one
should be clear, to the point, and timely. should always check the validity of the
First, error messages should clearly inputs and return values before
explain what is happening so that users progressing further; one should always
know what is going on in the software. throw an exception when something
Second, error messages should pinpoint unexpected occurs, and one should never
the cause of the error, if at all possible, so quit a program without first giving
that proper actions can be taken. Third, users/applications a chance to correct the
error messages should be displayed right condition.
when the error condition occurs.
According to Jakob Nielsen, Good error 16. Basic Developer Human Factors
messages should be expressed in plain [3*, c3132]
language (no codes), precisely indicate the
problem, and constructively suggest a Developer human factors refer to the
solution [9*]. Fourth, error messages considerations of human factors taken
should not overload the users with too when developing software. Software is
much information and cause them to developed by humans, read by humans,
ignore the messages all together. and maintained by humans. If anything is
wrong, humans are responsible for
10-31 SWEBOK Guide V3.0
Coding of security into software can be security of software, security must be built
achieved by following recommended into the software engineering process. One
rules. A few such rules follow: trend that emerges in this regard is the
Structure the process so that all Secure Development Lifecycle (SDL)
sections requiring extra privileges are concept, which is a classical spiral model
modules. The modules should be as that takes a holistic view of security from
small as possible and should perform the perspective of software lifecycle and
only those tasks that require those ensures that security is inherent in
privileges. software design and development, not an
Ensure that any assumptions in the afterthought later in production. The SDL
program are validated. If this is not process is claimed to reduce software
possible, document them for the maintenance costs and increase reliability
installers and maintainers so they of software concerning software security
know the assumptions that attackers related faults.
will try to invalidate.
Ensure that the program does not 17.6. SoftwareSecurity
share objects in memory with any Guidelines
other program.
The error status of every function Although there are no bulletproof ways for
must be checked. Do not try to secure software development, some
recover unless neither the cause of the general guidelines do exist that can be
error nor its effects affect any security used to aid such effort. These guidelines
considerations. The program should span every phase of the software
restore the state of the software to the development lifecycle. Some reputable
state it had before the process began, guidelines are published by the Computer
and then terminate. Emergency Response Team (CERT) and
below are its top 10 software security
17.4. SoftwareTesting practices (the details can be found in [12]:
Security 1. Validate input.
2. Heed compiler warnings.
Software testing security determines that 3. Architect and design for security
software protects data and maintains policies.
security specification as given. For more 4. Keep it simple.
information, please refer to the Software 5. Default deny.
Testing KA. 6. Adhere to the principle of least
privilege.
17.5. BuildSecurityinto 7. Sanitize data sent to other software.
SoftwareEngineering 8. Practice defense in depth.
Process 9. Use effective quality assurance
techniques. 10. Adopt a software
Software is only as secure as its construction security standard.
development process goes. To ensure the
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Software Quality 10-2
Voland [2*]
2003 NielsenBishop
[9*] 2
1993 [1
McConnell 2004 2008
Brookshear Sommerville 2011
[3*]Horowitz
[4*] et al.
Null2007
and Lobur 2006
[6*]
[5*] [8*]
4. Programming
c6
Language Basics
4.1. Programming
s6.1
Language Overview
4.2. Syntax and
Semantics of
s6.2
Programming
Language
Voland [2*]
2003 NielsenBishop
[9*] 2
1993 [1
McConnell 2004 2008
Brookshear Sommerville 2011
[3*]Horowitz
[4*] et al.
Null2007
and Lobur 2006
[6*]
[5*] [8*]
Voland [2*]
2003 NielsenBishop
[9*] 2
1993 [1
McConnell 2004 2008
Brookshear
[4*]Sommerville
[3*]Horowitz et al.
Null20072011
and Lobur 2006
[6*]
[5*] [8*]
s3.3
3.6,
s4.1
4.8,
s5.1
7.4. Algorithmic 5.7,
Design Strategies s6.1
6.3,
s7.1
7.6,
s11.1,
s12.1
s3.3
3.6,
s4.1
4.8,
s5.1
7.5. Algorithmic 5.7,
Analysis Strategies s6.1
6.3,
s7.1
7.6,
s11.1,
s12.1
8. Basic Concept of a
c10
System
8.1. Emergent
s10.1
System Properties
8.2. System
s10.2
Engineering
8.3. Overview of a
Computer System
Software Quality 10-6
Voland [2*]
2003 NielsenBishop
[9*] 2
1993 [1
McConnell 2004 2008
Brookshear Sommerville 2011
[3*]Horowitz
[4*] et al.
Null2007
and Lobur 2006
[6*]
[5*] [8*]
9. Computer
c14
Organization
9.1. Computer
s1.1
Organization
1.2
Overview
9.2. Digital Systems c3
9.3. Digital Logic c3
9.4. Computer
c2
Expression of Data
9.5. The Central
s4.1
Processing Unit
4.2
(CPU)
9.6. Memory System
s4.6
Organization
9.7. Input and Output
s4.5
(I/O)
10. Compiler Basics s6.4 s8.4
10.1. Compiler
s8.4
Overview
10.2. Interpretation
s8.4
and Compilation
10.3. The
s6.4 s8.4
Compilation Process
11. Operating
c3
Systems Basics
11.1. Operating
s3.2
Systems Overview
10-7 SWEBOK Guide V3.0
11.2. Tasks of
s3.3
Operating System
11.3. Operating
s3.2
System Abstractions
11.4. Operating
Systems s3.1
Classification
Voland [2*]
2003 NielsenBishop
[9*] 2
1993 [1
McConnell 2004 2008
Brookshear Sommerville 2011
[3*]Horowitz
[4*] et al.
Null2007
and Lobur 2006
[6*]
[5*] [8*]
12. Database
Basics and Data c9
Management
12.1. Entity and
s9.1
Schema
12.2. Database
Management s9.1
Systems (DBMS)
12.3. Database
s9.2
Query Language
12.4. Tasks of
s9.2
DBMS Packages
12.5. Data
s9.5
Management
12.6. Data Mining s9.6
13. Network
Communication c12
Basics
13.1. Types of s12.2
Network 12.3
Software Quality 10-8
Voland [2*]
2003 NielsenBishop
[9*] 2
1993 [1
McConnell 2004 2008
Brookshear Sommerville 2011
[3*]Horowitz
[4*] et al.
Null2007
and Lobur 2006
[6*]
[5*] [8*]
14.2. Differences
between Parallel s9.4.4
and Distributed 9.4.5
Computing
14.3. Parallel
s9.4.4
and Distributed
9.4.5
Computing Models
14.4. Main Issues
in Distributed
Computing
10-9 SWEBOK Guide V3.0
CHAPTER 14 MATHEMATICAL
FOUNDATIONS
4. Identity Laws:
X=X XU=X
5. Complement Laws:
X X' = U X
X' =
6. Idempotent Laws: X
X=X X
X=X
7. Bound Laws: X U
Figure 14.6. Venn Diagram for X Y
=U X=
Software Quality 10-5
8. Absorption Laws: X A: {(3, 9), (5, 8), (7, 6), (3, 9), (6,
(X Y) = X 3)}. B: {(5, 8), (7, 8), (3, 8), (6, 8)}.
X (X Y)
=X Are these functions as well?
In case of relation A, the domain is all
9. De Morgans Laws: the x-values, i.e., {3, 5, 6, 7}, and the
(X Y)' = X' Y' (X Y)' = X' Y' range is all the y-values, i.e., {9, 6, 3, 8,
9}.
1.3. RelationandFunction Relation A is not a function, as there are
two different range values, 9 and 9, for
A relation is an association between two the same x-value of 3.
sets of information. For example, lets In case of relation B, the domain is same
consider a set of residents of a city and as that for A, i.e., {3, 5, 6, 7}. However,
their phone numbers. The pairing of the range is a single element {8}. This
names with corresponding phone numbers qualifies as an example of a function even
is a relation. This pairing is orderedfor the if all the x-values are mapped to the same
entire relation. In the example being y-value. Here, each x-value is distinct and
considered, for each pair, either the name hence the function is well behaved.
comes first followed by the phone number Relation B may be represented by the
or the reverse. The set from which the first equation y = 8.
element is drawn is called the domainset The characteristic of a function may be
and the other set is called the rangeset. verified using a vertical line test, which is
The domain is what you start with and the stated below:
range is what you end up with. Giventhegraphofarelation,ifonecan
A function is a well-behaved relation. A drawaverticallinethatcrossesthegraph
relation R(X, Y) is well behaved if the inmorethanoneplace,thentherelation
function maps every element of the isnotafunction.
domain set X to a single element of the
range set Y. Lets consider domain set X as
a set of persons and let range set Y store
their phone numbers. Assuming that a
person may have more than one phone
number, the relation being considered is
not a function. However, if we draw a
relation between names of residents and
their date of births with the name set as
domain, then this becomes a well-behaved Figure 14.7. Vertical Line Test for Function
relation and hence a function. This means
that, while all functions are relations, not In this example, both lines L1 and L2
all relations are functions. In case of a cut the graph for the relation thrice. This
function given an x, one gets one and signifies that for the same x-value, there
exactly one y for each ordered pair (x, y). are three different y-values for each of
For example, lets consider the case. Thus, the relation is not a function.
following two relations. 2. Basic Logic
[1*, c1] 2.1. PropositionalLogic
10-6 SWEBOK Guide V3.0
and, hence, are not theorems. 3.1. established if P(1) is true, and secondly,
MethodsofProvingTheorems k [2 ... n] if P(k) P(k + 1).
It may be noted here that, for a proof by
DirectProof. Direct proof is a technique to mathematical induction, it is not assumed
establish that the implication p q is true that P(k) is true for all positive integers k.
by showing that q must be true when p is Proving a theorem or proposition only
true. requires us to establish that if it is assumed
For example, to show that if n is odd P(k) is true for any arbitrary positive
then n21 is even, suppose n is odd, i.e., n integer k, then P(k + 1) is also true. The
= 2k + 1 for some integer k: correctness of mathematical induction as a
valid proof technique is beyond discussion
n2 = (2k + 1)2 = 4k2 + 4k + 1. of the current text. Let us prove the
following proposition using induction.
As the first two terms of the Right Hand Proposition: Thesumofthefirstn
Side (RHS) are even numbers irrespective positiveoddintegersP(n)isn2.
of the value of k, the Left Hand Side Basis Step: The proposition is true for n
(LHS) (i.e., n2) is an odd number. = 1 as P(1) = 1 2 = 1. The basis step is
Therefore, n21 is even. complete.
ProofbyContradiction. A proposition p Inductive Step: The induction
is true by contradiction if proved based on hypothesis (IH) is that the proposition is
the truth of the implication p q where true for n = k, k being an arbitrary positive
q is a contradiction. integer k.
For example, to show that the sum of 2x
+ 1 and 2y 1 is even, assume that the 1 + 3 + 5+ + (2k 1) = k2
sum of 2x + 1 and 2y 1is odd. In other
words, 2(x + y), which is a multiple of 2, Now, its to be shown that P(k) P(k +
is odd. This is a contradiction. Hence, the 1).
sum of 2x + 1 and 2y 1 is even.
An inference rule is a pattern P(k + 1) = 1 + 3 + 5+ +(2k 1) + (2k
establishing that if a set of premises are all + 1)
true, then it can be deduced that a certain = P(k) + (2k + 1)
conclusion statement is true. The reference = k2 + (2k + 1) [using IH]
rules of addition, simplification, and = k2 + 2k
conjunction need to be studied. + 1 = (k
ProofbyInduction. Proof by induction + 1)2
is done in two phases. First, the
proposition is established to be true for a Thus, it is shown that if the proposition
base casetypically for the positive is true for n = k, then it is also true for n =
integer 1. In the second phase, it is k + 1.
established that if the proposition holds for The basis step together with the
an arbitrary positive integer k, then it must inductive step of the proof show that P(1)
also hold for the next greater integer, k+ is true and the conditional statement P(k)
1. In other words, proof by induction is P(k + 1) is true for all positive integers
based on the rule of inference that tells us k. Hence, the proposition is proved.
that the truth of an infinite sequence of
propositions P(n), n [1 ] is 4. Basics of Counting
Software Quality 10-9
other occurs is the sum of their individual = (V, E) where V = {A, B, C}, E = {e1, e2,
probabilities. e3}, and F = {(e1, (A, C)), (e2, (C, B)),
Permutation is an arrangement of (e3, (B, A))}.
objects in which the order matters without The graph in Figure 14.8 is a simple
repetition. One can choose r objects in a graph that consists of a set of vertices or
particular order from a total of n objects nodes and a set of edges connecting
by using nPr ways, where, npr = n! / (n r)!. unordered pairs.
Various notations like nPr and P(n, r) are The edges in simple graphs are
used to represent the number of undirected. Such graphs are also referred
permutations of a set of n objects taken r at to as undirected graphs.
a time. For example, in Figure 14.8, (e1, (A, C))
Combination is a selection of objects in may be replaced by (e1, (C, A)) as the pair
which the order does not matter without between vertices A and C is unordered.
repetition. This is different from a This holds good for the other two edges
permutation because the order does not too.
matter. If the order is only changed (and In a multigraph, more than one edge
not the members) then no new may connect the same two vertices. Two
combination is formed. One can choose r or more connecting edges between the
objects in any order from a total of n same pair of vertices may reflect multiple
objects by using nCr ways, where, nCr = n! / associations between the same two
[r! * (n r)!]. vertices. Such edges are called parallel or
5. Graphs and Trees multiple edges.
[1*, For example, in Figure 14.9, the edges
e3 and e4 are both between A and B.
c10, c11] 5.1. Graphs Figure 14.9 is a multigraph where edges e3
and e4 are multiple edges.
A graph G = (V, E) where V is the set of
vertices (nodes) and E is the set of edges.
Edges are also referred to as arcs or links.
For example, in Figure 14.10, the edge In a weighted graph G = (V, E), each
e4 both starts and ends at B. Figure 14.10 edge has a weight associated with it. The
is a pseudograph in which e4 is a loop. weight of an edge typically represents the
numeric value associated with the
relationship between the corresponding
two vertices.
For example, in Figure 14.12, the
weights for the edges e1, e2, and e3 are
taken to be 76, 93, and 15 respectively. If
the vertices A, B, and C represent three
cities in a state, the weights, for example,
could be the distances in miles between
these cities.
Let G = (V, E) be an undirected graph
with edge set E. Then, for an edge e E
Figure 14.11. Example of a Directed Graph where e = {u, v}, the following
terminologies are often used:
A directed graph G = (V, E) consists of a
set of vertices V and a set of edges E that u, v are said to be adjacentor
neighborsor connected.
are ordered pairs of elements of V. A
edge e is incident with vertices u and
directed graph may contain loops.
v.
For example, in Figure 14.11, G = (V, E)
edge e connects u and v.
where V = {A, B, C}, E = {e1, e2, e3},
and F = {(e1, (A, C)), (e2, (B, C)), (e3, (B, vertices u and v are endpoints for edge
A))}. e.
If vertex v is in the set of vertices for the An adjacency list is a table with one row
directed graph G(V, E), then
per vertex, listing its adjacent vertices. The
adjacency listing for a directed graph
in-degree of v, deg(v), is the number
maintains a listing of the terminal nodes
of edges going to v, i.e., for which v is
for each of the vertex in the graph.
the terminal vertex.
out-degree of v, deg+(v), is the number Adjacency
Vertex
of edges coming from v, i.e., for which List
v is the initial vertex. A B, C
degree of v, deg(v) = deg(v) + deg+
(v), is the sum of vs in-degree and out- B A, B, C
degree.
a loop at a vertex contributes 1 to both C A, B
indegree and out-degree of this vertex. Figure 14.14. Adjacency Lists for Graphs in Figures
14.10
and 14.11
It may be noted that, following the
definitions above, the degree of a node is
unchanged whether we consider its edges For example, Figure 14.14 illustrates the
to be directed or undirected. adjacency lists for the pseudograph in
In an undirected graph, a path of length Figure 14.10 and the directed graph in
n from u to v is a sequence of n adjacent Figure 14.11. As the out-degree of vertex
C in Figure 14.11 is zero, there is no entry
edges from vertex u to vertex v.
against C in the adjacency list.
A path is a circuit if u=v. Different representations for a graph
A path traversesthe vertices along it. like adjacency matrix, incidence matrix,
A path is simple if it contains no edge and adjacency listsneed to be studied.
more than once.
5.2. Trees
Software Quality 10-13
A tree T(N, E) is a hierarchical data to v. Each node in the tree has a unique
structure of n = |N| nodes with a specially parent node except the root of the tree.
designated root node R while the For example, in Figure 14.15, root node
remaining n 1 nodes form subtrees under A is the parent node for nodes B, C, and D.
the root node R. The number of edges |E| Similarly, B is the parent of E, F, G, and so
in a tree would always be equal to |N| 1. on. The root node A does not have any
The subtree at node X is the subgraph of parent.
the tree consisting of node X and its A node that has children is called an
descendants and all edges incident to those internal node.
descendants. As an alternate to this For example, in Figure 14.15, node A or
recursive definition, a tree may be defined node B are examples of internal nodes.
as a connected undirected graph with no The degree of a node in a tree is the
simple circuits. same as its number of children.
For example, in Figure 14.15, root node
A and its child B are both of degree 3.
Nodes C and D have degree 2.
The distance of a node from the root
node in terms of number of hops is called
its level. Nodes in a tree are at different
levels. The root node is at level 0.
Alternately, the level of a node X is the
length of the unique path from the root of
the tree to node X.
For example, root node A is at level 0 in
Figure 14.15. Nodes B, C, and D are at
Figure 14.15. Example of a Tree level 1. The remaining nodes in Figure
14.15 are all at level 2.
However, one should remember that a The height of a tree is the maximum of
tree is strictly hierarchical in nature as the levels of nodes in the tree.
compared to a graph, which is flat. In case For example, in Figure 14.15, the height
of a tree, an ordered pair is built between of the tree is 2.
two nodes as parent and child. Each child A node is called a leaf if it has no
node in a tree is associated with only one children. The degree of a leaf node is 0.
parent node, whereas this restriction For example, in Figure 14.15, nodes E
becomes meaningless for a graph where through K are all leaf nodes with degree 0.
no parent-child association exists. The ancestors or predecessors of a
An undirected graph is a tree if and only nonroot node X are all the nodes in the
if there is a unique simple path between path from root to node X.
any two of its vertices. For example, in Figure 14.15, nodes A
Figure 14.15 presents a tree T(N, E) and D form the set of ancestors for J.
where the set of nodes N = {A, B, C, D, E, The successors or descendents of a node
F, G, H, I, J, K}. The edge set E is {(A, B), X are all the nodes that have X as its
(A, C), (A, D), (B, E), (B, F), (B, G), (C, ancestor. For a tree with n nodes, all the
H), (C, I), (D, J), (D, K)}. remaining n 1 nodes are successors of
The parent of a nonroot node v is the the root node.
unique node u with a directed edge from u
10-14 SWEBOK Guide V3.0
For example, in Figure 14.15, node B For example, in Figure 14.16, the two
has successors in E, F, and G. binary trees are different as the positions
IfnodeXisanancestorofnodeY,then of occurrences of the children of A are
nodeYisasuccessorofX. different in the two trees.
Two or more nodes sharing the same
parent node are called sibling nodes.
For example, in Figure 14.15, nodes E
and G are siblings. However, nodes E and
J, though from the same level, are not
sibling nodes.
Twosiblingnodesareofthesamelevel,
buttwonodesinthesamelevelarenot
necessarilysiblings.
A tree is called an ordered tree if the
relative position of occurrences of children
nodes is significant. Figure 14.17. Example of a Full Binary Tree
For example, a family tree is an ordered
tree if, as a rule, the name of an elder According to [1*], a binary tree is called
sibling appears always before (i.e., on the a full binary tree if every internal node has
left of) the younger sibling. exactly two children.
In an unordered tree, the relative For example, the binary tree in Figure
position of occurrences between the 14.17 is a full binary tree, as both of the
siblings does not bear any significance and two internal nodes A and B are of degree
may be altered arbitrarily.
2.
A binary tree is formed with zero or
A full binary tree following the
more nodes where there is a root node R
definition above is also referred to as a
and all the remaining nodes form a pair of strictlybinarytree.
ordered subtrees under the root node. For example, both binary trees in Figure
In a binary tree, no internal node can 14.18 are complete binary trees. The tree
have more than two children. However, in Figure 14.18(a) is a complete as well as
one must consider that besides this a full binary tree. A complete binary tree
criterion in terms of the degree of internal has all its levels, except possibly the last
nodes, a binary tree is always ordered. If one, filled up to capacity. In case the last
the positions of the left and right subtrees level of a complete binary tree is not full,
for any node in the tree are swapped, then nodes occur from the leftmost positions
a new tree is derived. available.
PreOrder(T) = R, PreOrder(TL),
PreOrder(TR)
eqn. 1
Figure 14.18. Example of Complete Binary Trees The recursive process of finding the
preorder traversal of the subtrees continues
Interestingly, following the definitions till the subtrees are found to be Null. Here,
above, the tree in Figure 14.18(b) is a commas have been used as delimiters for
complete but not full binary tree as node B the sake of improved readability.
has only one child in D. On the contrary, The postorder and in-order may be
the tree in Figure 14.17 is a full but not similarly defined using eqn. 2 and eqn. 3
completebinary tree, as the children of respectively.
B occur in the tree while the children of C
do not appear in the last level. PostOrder(T) = PostOrder(TL),
A binary tree of height H is balanced if PostOrder(TR), R eqn 2
all its leaf nodes occur at levels H or H InOrder(T) = InOrder(TL), R,
1. For example, all three binary trees in InOrder(TR) eqn 3
Figures 14.17 and 14.18 are balanced
binary trees.
There are at most 2H leaves in a binary
tree of height H. In other words, if a binary
tree with L leaves is full and balanced,
then its height is H = log2L.
For example, this statement is true for
the two trees in Figures 14.17 and 14.18(a)
as both trees are full and balanced.
However, the expression above does not
match for the tree in Figure 14.18(b) as it
is not a full binary tree.
A binary search tree (BST) is a special
Figure 14.19. A Binary Search Tree
kind of binary tree in which each node
contains a distinct key value, and the key
value of each node in the tree is less than For example, the tree in Figure 14.19 is
every key value in its right subtree and a binary search tree (BST). The preorder,
greater than every key value in its left postorder, and in-order traversal outputs
subtree. for the BST are given below in their
A traversal algorithm is a procedure for respective order.
systematically visiting every node of a
binary tree.
10-16 SWEBOK Guide V3.0
8. Grammars
[1*, c13]
free languages are the theoretical basis for 9. Numerical Precision, Accuracy, and
the syntax of most programming Errors
languages. [2*, c2]
RegularGrammar. All fragments in the
RHS are either single terminals or a pair The main goal of numerical analysis is to
built by a terminal and a nonterminal; i.e., develop efficient algorithms for computing
if A a, then either a T, or a = cD, or a precise numerical values of functions,
= Dc for c T, D N. solutions of algebraic and differential
If a = cD, then the grammar is called a equations, optimization problems, etc.
right linear grammar. On the other hand, if A matter of fact is that all digital
a = Dc, then the grammar is called a left computers can only store finite numbers.
linear grammar. Both the right linear and In other words, there is no way that a
left linear grammars are regular or Type-3 computer can represent an infinitely large
grammar. numberbe it an integer, rational number,
The language L(G) generated by a or any real or all complex numbers (see
regular grammar G is called a regular section 10, Number Theory). So the
language. mathematics of approximation becomes
A regular expression A is a string (or very critical to handle all the numbers in
pattern) formed from the following six the finite range that a computer can
pieces of information: a S, the set of handle.
alphabets, e, 0 and the operations, OR (+), Each number in a computer is assigned
PRODUCT (.), CONCATENATION (*). a location or word, consisting of a
The language of G, L(G) is equal to all specified number of binary digits or bits. A
those strings that match G, L(G) = {x k bit word can store a total of N = 2 k
S*|x matches G}. different numbers.
For example, a computer that uses 32 bit
For any a S, L(a) = a; L(e) = {}; arithmetic can store a total of N = 2 32 4.3
L(0) = 0. 109 different numbers, while another one
+ functions as an or, L(A + B) = L(A) that uses 64 bits can handle N = 2 64 1.84
L(B). 1019 different numbers. The question is
. creates a product structure, L(AB) = how to distribute these N numbers over the
L(A) . real line for maximum efficiency and
L(B). accuracy in practical computations.
* denotes concatenation, L(A*) = One evident choice is to distribute them
{x1x2xn | xi L(A) and n 0} evenly, leading to fixed-point arithmetic.
In this system, the first bit in a word is
For example, the regular expression used to represent a sign and the remaining
(ab)* matches the set of strings: {e, ab, bits are treated for integer values. This
abab, ababab, abababab, }. allows representation of the integers from
For example, the regular expression 1 N, i.e., = 1 2k1 to 1. As an
(aa)* matches the set of strings on one approximating method, this is not good for
letter athat have even length. noninteger numbers.
For example, the regular expression Another option is to space the numbers
(aaa)* + (aaaaa)* matches the set of closely togethersay with a uniform gap
strings of length equal to a multiple of 3 or of 2nand so distribute the total N
5. numbers uniformly over the interval
Software Quality 10-21
2n1N < x 2n1N. Real numbers lying determiner of the size of the error. The
between the gaps are represented by either present convention is that errors are
rounding (meaning the closest exact always 0, and are = 0 if and only if the
representative) or chopping (meaning the approximation is exact.
exact representative immediately below An approximation x* has k significant
or above, if negativethe number). decimal digits if its relative error is < 5
Numbers lying beyond the range must 10k1. This means that the first k digits of
be represented by the largest (or largest x* following its first nonzero digit are the
negative) number that can be represented. same as those of x.
This becomes a symbol for overflow. Significant digits are the digits of a
Overflow occurs when a computation number that are known to be correct. In a
produces a value larger than the maximum measurement, one uncertain digit is
value in the range. included.
When processing speed is a significant For example, measurement of length
bottleneck, the use of the fixed-point with a ruler of 15.5 mm with 0.5 mm
representations is an attractive and faster maximum allowable error has 2 significant
alternative to the more cumbersome digits, whereas a measurement of the same
floating-point arithmetic most commonly length using a caliper and recorded as
used in practice. 15.47 mm with 0.01 mm maximum
Lets define a couple of very important allowable error has 3 significant digits.
terms: accuracy and precision as
associated with numerical analysis. 10. Number Theory
Accuracy is the closeness with which a [1*, c4]
measured or computed value agrees with
the true value. Number theory is one of the oldest
Precision, on the other hand, is the branches of pure mathematics and one of
closeness with which two or more the largest. Of course, it concerns
measured or computed values for the same questions about numbers, usually meaning
physical substance agree with each other. whole numbers and fractional or rational
In other words, precision is the closeness numbers. The different types of numbers
with which a number represents an exact include integer, real number, natural
value. number, complex number, rational
Let x be a real number and let x* be an number, etc.
approximation. The absoluteerror in the
approximation x* x is defined as | x* x 10.1.Divisibility
|. The relativeerror is defined as the ratio
of the absolute error to the size of x, i.e., | Lets start this section with a brief
x* x| / | x |, which assumes x 0; description of each of the above types of
otherwise, relative error is not defined. numbers, starting with the natural
For example, 1000000 is an numbers.
approximation to 1000001 with an NaturalNumbers. This group of
absolute error of 1 and a relative error of numbers starts at 1 and continues: 1, 2, 3,
106, while 10 is an approximation of 11 4, 5, and so on. Zero is not in this group.
with an absolute error of 1 and a relative There are no negative or fractional
error of 0.1. Typically, relative error is numbers in the group of natural numbers.
more intuitive and the preferred The common mathematical symbol for the
set of all natural numbers is N.
10-22 SWEBOK Guide V3.0
An integer p > 1 is prime if and only if it is structures. Each of these is defined in this
not the product of any two integers greater section.
than 1, i.e., p is prime if p > 1 a, b 11.1. Group
N: a > 1, b > 1, a * b = p.
The only positive factors of a prime p A set S closed under a binary operation
are 1 and p itself. For example, the forms a group if the binary operation
numbers 2, 13, 29, 61, etc. are prime satisfies the following four criteria:
numbers. Nonprime integers greater than 1
are called composite numbers. A Associative: a, b, c S, the
composite number may be composed by equation (a b)
multiplying two integers greater than 1. c = a (b c) holds.
There are many interesting applications Identity: There exists an identity
of prime numbers; among them are the element I S such that for all a S,
publickey cryptography scheme, which I a = a I = a.
involves the exchange of public keys Inverse: Every element a S, has an
containing the product p*q of two random inverse a' S with respect to the
large primes p and q (a private key) that binary operation, i.e., a a' = I; for
must be kept secret by a given party. example, the set of integers Z with
The greatest common divisor gcd(a, b) respect to the addition operation is a
of integers a, b is the greatest integer d that group. The identity element of the set
is a divisor both of a and of b, i.e., d = is 0 for the addition operation. x
Z, the inverse of x would be x, which
gcd(a, b) for max(d: d|a d|b) is also included in Z.
For example, gcd(24, 36) = 12. Closure property: a, b S, the
Integers a and b are called relatively result of the operation a b S.
prime or coprime if and only if their GCD A group that is commutative, i.e., a b
is 1. = b a, is known as a commutative or
For example, neither 35 nor 6 are prime, Abelian group.
but they are coprime as these two numbers
have no common factors greater than 1, so The set of natural numbers N (with the
their GCD is 1. operation of addition) is not a group, since
A set of integers X = {i1, i2, } is there is no inverse for any x > 0 in the set
relatively prime if all possible pairs ih, ik, h of natural numbers. Thus, the third rule (of
k drawn from the set X are relatively inverse) for our operation is violated.
prime. However, the set of natural number has
some structure.
11. Algebraic Structures Sets with an associative operation (the
first condition above) are called
This section introduces a few semigroups; if they also have an identity
representations used in higher algebra. An element (the second condition), then they
algebraic structure consists of one or two are called monoids.
sets closed under some operations and Our set of natural numbers under
satisfying a number of axioms, including addition is then an example of a monoid, a
none. structure that is not quite a group because
For example, group, monoid, ring, and it is missing the requirement that every
lattice are examples of algebraic
10-24 SWEBOK Guide V3.0
element have an inverse under the A group G is cyclic if G = {an for any
operation. integer n}.
A monoid is a set S that is closed under Since any group generated by an
a single associative binary operation and element in a group is a subgroup of that
has an identity element I S such that for group, showing that the only subgroup of a
all a S, I a = a I = a. A monoid must group G that contains a is G itself suffices
contain at least one element. to show that G is cyclic.
For example, the set of natural numbers For example, the group G = {0, 2, 4, 6,
N forms a commutative monoid under 1, 3, 5, 7}, with respect to addition modulo
addition with identity element 0. The same 8 operation, is cyclic. The subgroups J=
set of natural numbers N also forms a {0, 4} and H= {0, 2, 4, 6} are also cyclic.
monoid under multiplication with identity 11.2. Rings
element 1. The set of positive integers P
forms a commutative monoid under If we take an Abelian group and define a
multiplication with identity element 1. second operation on it, a new structure is
It may be noted that, unlike those in a found that is different from just a group. If
group, elements of a monoid need not this second operation is associative and is
have inverses. A monoid can also be distributive over the first, then we have a
thought of as a semigroup with an identity ring.
element. A ring is a triple of the form (S, +, ),
A subgroup is a group H contained where (S, +) is an Abelian group, (S, ) is a
within a bigger one, G,such that the semigroup, and is distributive over +;
identity element of G is contained in H, i.e., a, b, c S, the equation a (b + c) =
and whenever h1 and h2 are in H, then so (a b) + (a c) holds. Further, if is
are h1 h2 and h11. Thus, the elements of H, commutative, then the ring is said to be
equipped with the group operation on G commutative. If there is an identity
restricted to H, indeed form a group. element for the operation, then the ring is
Given any subset S of a group G, the said to have an identity.
subgroup generated by S consists of For example, (Z, +, *), i.e., the set of
products of elements of S and their integers Z, with the usual addition and
inverses. It is the smallest subgroup of G multiplication operations, is a ring. As (Z,
containing S. *) is commutative, this ring is a
For example, let G be the Abelian group commutative or Abelian ring. The ring has
whose elements are G = {0, 2, 4, 6, 1, 3, 5, 1 as its identity element.
7} and whose group operation is addition Lets note that the second operation may
modulo 8. This group has a pair of not have an identity element, nor do we
nontrivial subgroups: J= {0, 4} and H= need to find an inverse for every element
{0, 2, 4, 6}, where J is also a subgroup of with respect to this second operation. As
for what distributive means, intuitively it
H.
is what we do in elementary mathematics
In group theory, a cyclic group is a
when performing the following change: a
group that can be generated by a single
* (b + c) = (a * b) + (a * c).
element, in the sense that the group has an
A field is a ring for which the elements
element a (called the generator of the
of the set, excluding 0, form an Abelian
group) such that, when written
group with the second operation.
multiplicatively, every element of the
group is a power of a.
Software Quality 10-25
A simple example of a field is the field R, where a,b are integers and b 0.
of rational numbers (R, +, *) with the The additive inverse of such a fraction is
usual addition and multiplication simply a/b, and the multiplicative inverse
operations. The numbers of the format a/b is b/a provided that a 0.
MATRIX OF TOPICS VS. REFERENCE MATERIAL
Rosen [1*]
2011
Cheney and
CHAPTER 15 ENGINEERING
FOUNDATIONS
important point to note is that most of the samples must be drawn in a manner so as
studies are carried out on the basis of to ensure that the draws are independent,
samples and so the observed results need and the rules of drawing the samples must
to be understood with respect to the full be predefined so that the probability of
population. Engineers must, therefore, selecting a particular sampling unit is
develop an adequate understanding of known beforehand. This method of
statistical techniques for collecting reliable selecting samples is called probability
data in terms of sampling and analysis to sampling.
arrive at results that can be generalized. Random variable. In statistical
These techniques are discussed below. terminology, the process of making
observations or measurements on the
2.1. UnitofAnalysis(SamplingUnits), sampling units being studied is referred to
Population,andSample as conducting the experiment. For
example, if the experiment is to toss a coin
Unitofanalysis.While carrying out any 10 times and then count the number of
empirical study, observations need to be times the coin lands on heads, each 10
made on chosen units called the units of tosses of the coin is a sampling unit and
analysis or sampling units. The unit of the number of heads for a given sample is
analysis must be identified and must be the observation or outcome for the
appropriate for the analysis. For example, experiment. The outcome of an experiment
when a software product company wants is obtained in terms of real numbers and
to find the perceived usability of a defines the random variable being studied.
software product, the user or the software Thus, the attribute of the items being
function may be the unit of analysis. measured at the outcome of the
Population. The set of all respondents or experiment represents the random variable
items (possible sampling units) to be being studied; the observation obtained
studied forms the population. As an from a particular sampling unit is a
example, consider the case of studying the particular realization of the random
perceived usability of a software product. variable. In the example of the coin toss,
In this case, the set of all possible users the random variable is the number of
forms the population. heads observed for each experiment. In
While defining the population, care statistical studies, attempts are made to
must be exercised to understand the study understand population characteristics on
and target population. There are cases the basis of samples.
when the population studied and the The set of possible values of a random
population for which the results are being variable may be finite or infinite but
generalized may be different. For example, countable (e.g., the set of all integers or
when the study population consists of only the set of all odd numbers). In such a case,
past observations and generalizations are the random variable is called a discrete
required for the future, the study randomvariable. In other cases, the
population and the target population may random variable under consideration may
not be the same. take values on a continuous scale and is
Sample. A sample is a subset of the called a continuousrandomvariable.
population. The most crucial issue towards Event. A subset of possible values of a
the selection of a sample is its random variable is called an event.
representativeness, including size. The Suppose X denotes some random variable;
Software Quality 10-4
then, for example, we may define different random variable can be computed through
events such as X x or X < x and so on. the probability mass function, called the
Distributionofarandomvariable. The pmf. The pmf is defined at discrete points
range and pattern of variation of a random and gives the point massi.e., the
variable is given by its distribution. When probability that the random variable will
the distribution of a random variable is take that particular value. Likewise, for a
known, it is possible to compute the continuous random variable, we have the
chance of any event. Some distributions probability density function, called the
are found to occur commonly and are used pdf. The pdf is very much like density and
to model many random variables occurring needs to be integrated over a range to
in practice in the context of engineering. A obtain the probability that the continuous
few of the more commonly occurring random variable lies between certain
distributions are given below. values. Thus, if the pdf or pmf is known,
the chances of the random variable taking
Binomial distribution: used to model certain set of values may be computed
random variables that count the theoretically.
number of successes in n trials carried Conceptofestimation[2*, c6s2, c7s1,
out independently of each other, where c7s3]. The true values of the parameters of
each trial results in success or failure. a distribution are usually unknown and
We make an assumption that the need to be estimated from the sample
chance of obtaining a success remains observations. The estimates are functions
constant [2*, c3s6]. of the sample values and are called
Poisson distribution: used to model statistics. For example, the sample mean is
the count of occurrence of some event a statistic and may be used to estimate the
over time or space [2*, c3s9]. population mean. Similarly, the rate of
Normal distribution: used to model occurrence of defects estimated from the
continuous random variables or sample (rate of defects per line of code) is
discrete random variables by taking a a statistic and serves as the estimate of the
very large number of values [2*, population rate of rate of defects per line
c4s6]. of code. The statistic used to estimate
some population parameter is often
Conceptofparameters. A statistical referred to as the estimator of the
distribution is characterized by some parameter.
parameters. For example, the proportion of A very important point to note is that the
success in any given trial is the only results of the estimators themselves are
parameter characterizing a binomial random. If we take a different sample, we
distribution. Similarly, the Poisson are likely to get a different estimate of the
distribution is characterized by a rate of population parameter. In the theory of
occurrence. A normal distribution is estimation, we need to understand
characterized by two parameters: namely, different properties of estimators
its mean and standard deviation. particularly, how much the estimates can
Once the values of the parameters are vary across samples and how to choose
known, the distribution of the random between different alternative ways to
variable is completely known and the obtain the estimates. For example, if we
chance (probability) of any event can be wish to estimate the mean of a population,
computed. The probabilities for a discrete we might use as our estimator a sample
10-5 SWEBOK Guide V3.0
numerals serve only as labels, and words Measurement in ordinal scale satisfies
or letters would serve as well. The the transitivity property in the sense that if
nominal scale of measurement involves A > B and B > C, then A > C. However,
only classification and the observed arithmetic operations cannot be carried out
sampling units are put into any one of the on variables measured in ordinal scales.
mutually exclusive and collectively Thus, if we measure customer satisfaction
exhaustive categories (classes). Some on a 5-point ordinal scale of 5 implying a
examples of nominal scales are: very high level of satisfaction and 1
implying a very high level of
Job titles in a company dissatisfaction, we cannot say that a score
The software development life cycle of four is twice as good as a score of two.
(SDLC) model (like waterfall, So, it is better to use terminology such as
iterative, agile, etc.) followed by excellent, above average, average, below
different software projects average, and poor than ordinal numbers in
order to avoid the error of treating an
In nominal scale, the names of the ordinal scale as a ratio scale. It is
different categories are just labels and no important to note that ordinal scale
relationship between them is assumed. The measures are commonly misused and such
only operations that can be carried out on misuse can lead to erroneous conclusions
nominal scale is that of counting the [6*, p274]. A common misuse of ordinal
number of occurrences in the different scale measures is to present a mean and
classes and determining if two occurrences standard deviation for the data set, both of
have the same nominal value. However, which are meaningless. However, we can
statistical analyses may be carried out to find the median, as computation of the
understand how entities belonging to median involves counting only.
different classes perform with respect to Interval scales: With the interval scale,
some other response variable. we come to a form that is quantitative in
Ordinalscale:Refers to the the ordinary sense of the word. Almost all
measurement scale where the different the usual statistical measures are
values obtained through the process of applicable here, unless they require
measurement have an implicit ordering. knowledge of a true zero point. The zero
The intervals between values are not point on an interval scale is a matter of
specified and there is no objectively convention. Ratios do not make sense, but
defined zero element. Typical examples of the difference between levels of attributes
measurements in ordinal scales are: can be computed and is meaningful. Some
examples of interval scale of measurement
Skill levels (low, medium, high) follow:
Capability Maturity Model Integration
(CMMI) maturity levels of software Measurement of temperature in
development organizations different scales, such as Celsius and
Level of adherence to process as Fahrenheit. Suppose T1 and T2 are
measured in a 5-point scale of temperatures measured in some scale.
excellent, above average, average, We note that the fact that T1 is twice T2
below average, and poor, indicating does not mean that one object is twice
the range from total adherence to no as hot as another. We also note that the
adherence at all zero points are arbitrary.
10-9 SWEBOK Guide V3.0
cultural and societal considerations. create a solution that works. This has been
[8, p12] an important insight for software designers
for several decades [10*, c5s1].
In a similar manner, ABET defines 4.3. StepsInvolvedinEngineeringDesign
engineering design as [7*, c4]
It is to be noted that engineering design is All of the engineering design steps are
primarily a problem solving activity. iterative, and knowledge gained at any
Design problems are open ended and more step in the process may be used to inform
vaguely defined. There are usually several earlier tasks and trigger an iteration in the
alternative ways to solve the same process. These steps are expanded in the
problem. Design is generally considered to subsequent sections.
be a wickedproblema term first coined
by Horst Rittel in the 1960s when designa. Definetheproblem. At this stage, the
methods were a subject of intense interest. customers requirements are gathered.
Rittel sought an alternative to the linear, Specific information about product
step-by-step model of the design process functions and features are also closely
being explored by many designers and examined. This step includes refining the
design theorists and argued that most of problem statement to identify the real
the problems addressed by the designers problem to be solved and setting the
are wicked problems. As explained by design goals and criteria for success.
Steve McConnell, a wicked problem is The problem definition is a crucial stage
one that could be clearly defined only by in engineering design. A point to note is
solving it or by solving part of it. This that this step is deceptively simple. Thus,
paradox implies, essentially, that a wicked enough care must be taken to carry out this
problem has to be solved once in order to step judiciously. It is important to identify
define it clearly and then solved again to needs and link the success criteria with the
Software Quality 10-12
the state of the system, a simulation clock, finished product. In either case, prototype
and a random number generator. Output is construction must have a clear purpose
generated by the simulation and must be and be planned, monitored, and controlled
analyzed. it is a technique to study a specific
An important problem in the problem within a limited context [6*,
development of a discrete simulation is c2s8].
that of initialization. Before a simulation In conclusion, modeling, simulation,
can be run, the initial values of all the state and prototyping are powerful techniques
variables must be provided. As the for studying the behavior of a system from
simulation designer may not know what a given perspective. All can be used to
initial values are appropriate for the state perform designed experiments to study
variables, these values might be chosen various aspects of the system. However,
somewhat arbitrarily. For instance, it these are abstractions and, as such, may
might be decided that a queue should be not model all attributes of interest.
initialized as empty and idle. Such a 6. Standards
choice of initial condition can have a [5*, c9s3.2] [13*, c1s2]
significant but unrecognized impact on the
outcome of the simulation. Moore states that a
Kan 2002
[4*] Fairley Moore [1
2
Voland Tockey
2003
[5*] 2004
2009[7*]
[6*]McConnell 2004
[10*]
Sommerville
Null and Lobur 2006 [12*
[3*] Cheney and Kincai
Montgomery and Runger 2007 [11*]
[2*]
1. Empirical
Methods and
c1
Experimental
Techniques
1.1. Designed
Experiment
1.2.
Observational
Study
1.3.
Retrospective
Study
2. Statistical c9s1,
c10s3
Analysis c2s1
c3s6,
c3s9,
2.1. Concept of
c4s6,
Unit of Analysis
c6s2,
(Sampling
c7s1,
Units), Sample, c7s3,
and Population c8s1,
c9s1
Software Quality 10-18
2.2. Concepts of
c11s2,
Correlation and
c11s8
Regression
c3s1,
3. Measurement c4s4 c7s5
c3s2
3.1. Levels
p442
(Scales) of c3s2 c7s5
447
Measurement
3.2. Direct
and Derived
Measures
Kan 2002
[4*] Fairley Moore [1
2
Voland Tockey
2003
[5*] 2004
2009[7*]
[6*]McConnell 2004
[10*]
Sommerville
Null and Lobur 2006 [12*
[3*] Cheney and Kincai
Montgomery and Runger 2007 [11*]
[2*]
[4*] S.H. Kan, MetricsandModelsin [11*] E.W. Cheney and D.R. Kincaid,
SoftwareQualityEngineering, 2nd NumericalMathematicsand
ed., AddisonWesley, 2002. Computing, 6th ed., Brooks/Cole,
2007.
[5*] G. Voland, EngineeringbyDesign,
2nd ed., Prentice Hall, 2003. [12*] I. Sommerville, Software
Engineering, 9th ed., Addison-Wesley,
[6*] R.E. Fairley, ManagingandLeading 2011.
SoftwareProjects, Wiley-IEEE
Computer Society Press, 2009. [13*] J.W. Moore, TheRoadMapto
SoftwareEngineering:AStandards-
[7*] S. Tockey, ReturnonSoftware: BasedGuide, Wiley-IEEE Computer
MaximizingtheReturnonYour Society Press, 2006.
SoftwareInvestment, Addison-Wesley,
2004. [14] A. Abran, SoftwareMetricsand
SoftwareMetrology, Wiley-IEEE
[8] Canadian Engineering Accreditation Computer Society Press, 2010.
Board, Engineers Canada,
Accreditation Criteria and [15] W.G. Vincenti, WhatEngineers
Procedures, Canadian Council of KnowandHowTheyKnowIt, John
Hopkins University Press, 1990.
APPENDIX A
This document presents the specifications community at large notably through the
provided to the Knowledge Area Editors official recognition of the 2004 Version as
(KA Editors) regarding the Knowledge ISO/IEC Technical Report 19759:2005.
Area Descriptions (KA Descriptions) of The list of knowledge areas (KAs) and the
the Version 3 (V3) edition of the Guideto breakdown of topics within each KA is
theSoftwareEngineeringBodyof described and detailed in the introduction
Knowledge(SWEBOKGuide). This of this
document will also enable readers, SWEBOK Guide.
reviewers, and users to clearly understand Consequently, the SWEBOK Guide is
what specifications were used when foundational to other initiatives within the
developing this version of the SWEBOK IEEE Computer Society:
Guide.
This document begins by situating the a) The list of KAs and the breakdown of
SWEBOK Guide as a foundational topics within each KA are also
document for the IEEE Computer Society adopted by the software engineering
suite of software engineering products and certification and associated
more widely within the software professional development products
engineering community at large. The role offered by the IEEE Computer Society
of the baseline and the Change Control (see www. computer.org/certification).
Board is then described. Criteria and b) The list of KAs and the breakdown of
requirements are defined for the topics are also foundational to the
breakdowns of topics, for the rationale software engineering curricula
underlying these breakdowns and the guidelines developed or endorsed by
succinct description of topics, and for the IEEE Computer Society
reference materials. Important input (www.computer.org/portal/web/educat
documents are also identified, and their ion/ Curricula).
role within the project is explained. c) The Consolidated Reference List (see
Noncontent issues such as submission Appendix C), meaning the list of
format and style guidelines are also recommended reference materials (to
discussed. the level of section number) that
accompanies the breakdown of topics
THE SWEBOK GUIDE IS A within each KA is also adopted by the
FOUNDATIONAL DOCUMENT FOR software engineering certification and
THE associated professional development
IEEE COMPUTER SOCIETY SUITE products offered by the IEEE
OF Computer Society.
SOFTWARE ENGINEERING
PRODUCTS BASELINE AND CHANGE CONTROL
BOARD
The SWEBOK Guide is an IEEE Computer
Society flagship and structural document A-
1
for the IEEE Computer Society suite of
Due to the structural nature of the
software engineering products. The
SWEBOK Guide and its adoption by other
SWEBOK Guide is also more widely
products, a baseline was developed at the
recognized as a foundational document
outset of the project comprised of the list
within the software engineering
of KAs, the breakdown of topics within
Software Quality 10-3
each KA, and the Consolidated Reference f) The breakdown of topics within a KA
List. must be compatible with the
A Change Control Board (CCB) has breakdown of software engineering
been in place for the development of this generally found in industry and in the
version to handle all change requests to software engineering literature and
this baseline coming from the KA Editors, standards.
arising during the review process, or g) The breakdown of topics is expected
otherwise. Change requests must be to be as inclusive as possible.
approved both by the SWEBOK Guide h) The SWEBOK Guide adopts the
Editors and by the CCB before being position that even though the
implemented. This CCB is comprised of following themes are common
members of the initiatives listed above and across all Knowledge Areas, they are
acting under the authority of the Software also an integral part of all Knowledge
and Systems Engineering Committee of Areas and therefore must be
the IEEE Computer Society Professional incorporated into the proposed
Activities Board. breakdown of topics of each
Knowledge Area. These common
CRITERIA AND REQUIREMENTS themes are measurement, quality (in
FOR general), and security.
THE BREAKDOWN OF TOPICS i) The breakdown of topics should be at
WITHIN A KNOWLEDGE AREA most two or three levels deep. Even
though no upper or lower limit is
a) KA Editors are instructed to adopt the imposed on the number of topics
baseline breakdown of topics. within each KA, a reasonable and
b) The breakdown of topics is expected manageable number of topics is
to be expected to be included in each KA.
reasonable, not perfect. Emphasis should also be put on the
c) The breakdown of topics within a KA selection of the topics themselves
must decompose the subset of the rather than on their organization in an
Software Engineering Body of appropriate hierarchy.
Knowledge that is generally j) Topic names must be significant
recognized. See below for a more enough to be meaningful even when
detailed discussion of this point. cited outside the SWEBOK Guide.
d) The breakdown of topics within a KA k) The description of a KA will include a
must not presume specific application chart (in tree form) describing the
domains, business needs, sizes of knowledge breakdown.
organizations, organizational
structures, management philosophies, CRITERIA AND REQUIREMENTS
software life cycle models, software FOR
technologies, or software development DESCRIBING TOPICS
methods.
e) The breakdown of topics must, as Topics need only be sufficiently described
much as possible, be compatible with so the reader can select the appropriate
the various schools of thought within reference material according to his/her
software engineering. needs. Topic descriptions must not be
prescriptive.
10-4 SWEBOK Guide V3.0
engineering, dependability, and safety. The in the field of software engineering can be
analysis and regrouping of the standard found on this website. The SWEBOK
collections exposes the reader to key Guide is foundational to these products.
relationships between standards.
Even though the SWEBOK Guide is not STYLE AND TECHNICAL
a software engineering standard per se, GUIDELINES
special care will be taken throughout the
document regarding the compatibility of KA Descriptions should conform to
the Guide with the current IEEE and the Word template available at
ISO/IEC Systems and Software www.computer.
Engineering Standards Collection. org/portal/web/cscps/formatting.
KA Descriptions are expected to
4.SoftwareEngineering2004:Curriculum follow the IEEE Computer Society
GuidelinesforUndergraduateDegree Style Guide (www.
ProgramsinSoftwareEngineering, computer.org/portal/web/publications/
IEEE Computer Society and styleguide).
Association for Computing Machinery, Files are to be submitted in Microsoft
2004; http://sites. Word format.
computer.org/ccse/SE2004Volume.pdf. All citations of reference material are
[5] to be produced using EndNote Web as
indicated in the instructions provided
This document describes curriculum to KA Editors in this regard.
guidelines for an undergraduate degree in
software engineering. The SWEBOK OTHER DETAILED GUIDELINES
Guide is identified as being one of the
primary sources in developing the body When referencing the Guide to the
of knowledge underlying these guidelines. SoftwareEngineering Body of
Knowledge, use the title SWEBOK
5.ISO/IEC/IEEE24765:2010Systemsand Guide.
SoftwareEngineeringVocabulary, For the purpose of simplicity, avoid
ISO/ IEC/IEEE, 2010; footnotes and try to include their content
www.computer.org/ sevocab. [6] in the main text.
The hierarchy of references for Use explicit references to standards, as
terminology is MerriamWebsters opposed to simply inserting numbers
CollegiateDictionary (11th ed.) [7], referencing items in the bibliography. We
IEEE/ISO/IEC 24765 [6], and new believe this approach allows the reader to
proposed definitions if required. be better exposed to the source and scope
of a standard.
6.Certification and Training for Software The text accompanying figures and
Professionals, IEEE Computer Society, tables should be self-explanatory or have
2013; www.computer.org/certification. enough related text. This would ensure
[8] that the reader knows what the figures and
tables mean.
Information on the certification and To make sure that some information in
associated professional development the SWEBOK Guide does not become
products developed and offered by the rapidly obsolete and due to its generic
IEEE Computer Society for professionals nature, please avoid directly naming tools
Software Quality 10-9
and products. Instead, try to name their [2] Integrated Software and Systems
functions. Engineering Curriculum (iSSEc)
Project,
EDITING GraduateSoftwareEngineering
2009(GSwE2009):Curriculum
Editors of the SWEBOK Guide as well as GuidelinesforGraduateDegree
professional copy editors will edit KA ProgramsinSoftwareEngineering,
Descriptions. Editing includes copy Stevens Institute of Technology,
editing (grammar, punctuation, and 2009; www.gswe2009.org.
capitalization), style editing (conformance
to the Computer Society style guide), and [3] IEEEStd.12207-2008(a.k.a.ISO/IEC
content editing (flow, meaning, clarity, 12207:2008)StandardforSystems
directness, and organization). The final andSoftwareEngineeringSoftware
editing will be a collaborative process in LifeCycleProcesses,IEEE,2008.
which the Editors of the SWEBOK Guide
and the KA Editors work together to [4*] J.W. Moore, TheRoadMapto
achieve a concise, well-worded, and useful Software
KA Description. Engineering:AStandards-Based
Guide,
RELEASE OF COPYRIGHT Wiley-IEEE Computer Society Press,
2006.
All intellectual property rights associated [5] Joint Task Force on Computing
with the SWEBOK Guide will remain with Curricula, IEEE Computer Society and
the IEEE. KA Editors must sign a Association for Computing Machinery,
copyright release form. SoftwareEngineering2004:
It is also understood that the SWEBOK CurriculumGuidelinesfor
Guide will continue to be available free of UndergraduateDegreeProgramsin
charge in the public domain in at least one SoftwareEngineering, 2004;
format, provided by the IEEE Computer http://sites.
Society through web technology or by computer.org/ccse/SE2004Volume.pdf.
other means.
[6] ISO/IEC/IEEE24765:2010Systems
For more information, see
andSoftwareEngineering
www.computer.org/ copyright.htm.
Vocabulary, ISO/ IEC/IEEE, 2010.
REFERENCES
[1] Project Management Institute, A [7] Merriam-WebstersCollegiate
Guidetothe Dictionary, 11th ed., 2003.
ProjectManagementBodyof
Knowledge(PMBOK(R)Guide), 5th [8] IEEE Computer Society, Certification
ed., Project Management Institute, and Training for Software
2013. Professionals, 2013;
www.computer.org/certification.
APPENDIX B
10-2 SWEBOK Guide V3.0
the existence of standards takes a very title of the standard or simply use its
large (possibly infinite) trade space of number. In obtaining a standard of
alternatives and reduces that space to a interest, the reader should rely on the
smaller set of choicesa huge advantage number, not the title, given in this
for users. Nevertheless, it can still be article. For reasons of consistency, the
difficult to choose from dozens of article will use the IEEEs convention
alternatives, so supplementary guidance, for the capitalization of titlesnouns,
like this appendix, can be helpful. A pronouns, adjectives, verbs, adverbs,
summary list of the standards mentioned and first and last words have an initial
in this appendix appears at the end. capital letterdespite the fact that
To reduce tedium in reading, a few IEEE and ISO/IEC use differing
simplifications and abridgements are made conventions.
in this appendix: Because these standards are being
continually revised to take account of
ISO/IEC JTC 1/SC 7 maintains nearly two new technologies and usage patterns,
hundred standards on the subject. IEEE this article will be obsolescent before
maintains about fifty. The two it is published. Therefore, it will
organizations are in the tenth year of a occasionally discuss standards that
systematic program to coordinate and have not yet been published, if they
integrate their collections. In general, this are likely to assume significant
article will focus on the standards that are importance.
recognized by both organizations, taking Explicit trademarks are omitted. Suffice
this condition as evidence that wide it to say that IEEE places a trademark
agreement has been obtained. Other on all of its standards designations.
standards will be mentioned briefly.
Standards tend to have long, taxonomical There are some other conventions of
titles. If there were a single standard for interest:
building an automobile, the one for your
Camry probably would be titled In both IEEE and ISO/IEC, standards for
something like, Vehicle, internal systems engineering are maintained
combustion, fourwheel, passenger, by the same committee as those for
sedan. Also, modern standards software engineering. Many of the
organizations provide their standards standards apply to both. So, instead
Software Quality 10-3
coding conventions are not appropriate for are cooperating in the development of a
standardization because, in most cases, the four-part joint standard, 29119, that will
real benefit comes from the consistency of provide a comprehensive treatment of
applying an arbitrary convention rather than testing and supplant IEEE Std. 1008.
the convention itself. So, although coding
conventions are a good idea, it is generally
left to the organization or the project to IEEE Std. 1008-1987 Standard for
develop such a standard. Software Unit
Nevertheless, the subject of secure coding Testing
has attracted attention in recent years See Software Testing KA
because some coding idioms are insecure in
the face of attack. A Technical Report ISO/IEC/IEEE 29119 [four parts] (Draft)
prepared by ISO/IEC JTC 1/ SC 22 Software and Systems Engineering
(programming languages) describes Software Testing
vulnerabilities in programming languages See Software Testing KA
and how they can be avoided.
IEEE Std. 1517-2010 Standard for Information software engineering practice. A second
TechnologySystem and Software Life Cycle objective is to describe the software
ProcessesReuse Processes engineering concepts and testing
See Software Engineering Process KA assumptions on which the standard
SOFTWARE TESTING approach is based. A third objective is to
provide guidance and resource
Oddly, there are few standards for testing. information to assist with the
IEEE Std. 829 is the most comprehensive. implementation and usage of the
standard unit testing approach.
IEEE and ISO/IEC JTC 1/SC 7 are
IEEE Std. 829-2008 Standard for Software and cooperating in a project to develop a
System Test Documentation single comprehensive standard that
covers all aspects of testing. One can
Test processes determine whether the hope for publication of the four-part
development products of a given activity standard by 2014. Portions of the content
conform to the requirements of that activity remain controversial. One taxonomical
and whether the system and/or software issue is whether static methodssuch
satisfies its intended use and user needs. as inspection, review, and static analysis
Testing process tasks are specified for should fall within the scope of
different integrity levels. These process tasks testing or should be distinguished as
determine the appropriate breadth and depth verification and validation. Although
of test documentation. The documentation the resolution of the issue is probably of
elements for each type of test documentation little importance to users of the standard,
can then be selected. The scope of testing it assumes great importance to the
encompasses software-based systems, standards-writers who must manage an
computer software, hardware, and their integrated suite of interoperating
interfaces. This standard applies to software- standards.
based systems being developed, maintained,
or reused (legacy, commercial offthe-shelf,
nondevelopmental items). The term ISO/IEC/IEEE 29119 [four parts] (Draft)
software also includes firmware, Software and Systems Engineering
microcode, and documentation. Test Software Testing
processes can include inspection, analysis,
demonstration, verification, and validation The purpose of ISO/IEC 29119 Software
of software and software-based system Testing is to define an internationally
products. agreed standard for software testing that
can be used by any organization when
performing any form of software testing.
most recent version of the PMBOK Guide processes. The jointly developed 16326
as an IEEE standard. standard, replacing two older standards,
expands those provisions with guidance
for application.
IEEE Std. 1490-2011 GuideAdoption of the
Project Management Institute (PMI) ISO/IEC/IEEE 16326:2009 Systems and
Standard, A Guide to the Project Management Software EngineeringLife Cycle
Body of Knowledge (PMBOK Guide) ProcessesProject Management
Fourth Edition
ISO/IEC/IEEE 16326:2009 provides
The PMBOK Guide identifies that subset normative content specifications for
of the project management body of project management plans covering
knowledge generally recognized as good software projects and softwareintensive
practice. Generally recognized means the system projects. It also provides detailed
knowledge and practices described are discussion and advice on applying a set
applicable to most projects most of the time of project processes that are common to
and there is consensus about their value and both the software and system life cycle
usefulness. Good practice means there is as covered by ISO/IEC 12207:2008
general agreement that the application of (IEEE Std. 12207-2008) and ISO/IEC
these skills, tools, and techniques can 15288:2008 (IEEE Std. 15288-2008),
enhance the chances of success over a wide respectively. The discussion and advice
range of projects. Good practice does not are intended to aid in the preparation of
mean the knowledge described should the normative content of project
always be applied uniformly to all projects; management plans. ISO/IEC/IEEE
the organization and/or project management 16326:2009 is the result of the
team is responsible for determining what is harmonization of ISO/IEC TR
appropriate for any given project. The 16326:1999 and IEEE Std. 1058-1998.
PMBOKGuide also provides and
promotes a common vocabulary within the Particularly in high-technology
project management profession for applications and high-consequence
discussing, writing, and applying project projects, the management of risk is an
management concepts. Such a standard important aspect of the overall project
vocabulary is an essential element of a management responsibilities. This
professional discipline. The Project standard deals with that subject.
Management Institute (PMI) views this
standard as a foundational project
management reference for its professional IEEE Std. 16085-2006 (a.k.a. ISO/IEC
development programs and certifications. 16085:2006)
Standard for Systems and Software
Engineering
Software Life Cycle ProcessesRisk
The 2008 revisions of ISO/IEC/IEEE Management
12207 and 15288 provide project
management processes for software and ISO/IEC 16085:2006 defines a process
systems and relate them to organization- for the management of risk in the life
level processes as well as technical cycle. It can be added to the existing set
of system and software life cycle
10-14 SWEBOK Guide V3.0
The analysis of risk and risk mitigation ISO/IEC/IEEE 26511:2012 Systems and
depends crucially upon measurement. This Software EngineeringRequirements for
international standard provides an Managers of User Documentation
elaboration of the measurement process from
ISO/IEC/IEEE 15288:2008 and ISO/IEC/IEEE 26511:2012 specifies
ISO/IEC/IEEE 12207:2008. procedures for managing user
documentation throughout the software
life cycle. It applies to people or
IEEE Std. 15939-2008 Standard Adoption of organizations producing suites of
ISO/ IEC 15939:2007 Systems and Software documentation, to those undertaking a
EngineeringMeasurement Process single documentation project, and to
documentation produced internally, as
ISO/IEC 15939 defines a measurement well as to documentation contracted to
process applicable to system and software outside service organizations. It provides
engineering and management disciplines. an overview of the software
The process is described through a model documentation and information
that defines the activities of the management processes, and also
measurement process that are required to presents aspects of portfolio planning
adequately specify what measurement and content management that user
information is required, how the measures documentation managers apply. It covers
and analysis results are to be applied, and management activities in starting a
how to determine if the analysis results are project, including setting up procedures
valid. The measurement process is flexible, and specifications, establishing
tailorable, and adaptable to the needs of infrastructure, and building a team. It
different users. includes examples of roles needed on a
Software Quality 10-15
guides. The discussion and advice are IEEE Std. 1220-2005 (a.k.a. ISO/IEC
intended to provide a reference model for 26702:2007)
life cycle models, facilitate use of the Standard for Application and Management
updated ISO/IEC 15288 and ISO/IEC of the Systems Engineering Process
12207, and provide a framework for the
development of updated application guides ISO/IEC 26702 defines the
for those International Standards. ISO/IEC interdisciplinary tasks which are
TR 24748-1 is a result of the alignment stage required throughout a systems life cycle
of the harmonization of ISO/IEC 12207 and to transform customer needs,
ISO/IEC 15288. requirements, and constraints into a
system solution. In addition, it specifies
the requirements for the systems
engineering process and its application
The next standard extends the provisions throughout the product life cycle.
of ISO/IEC/IEEE 12207 to deal with ISO/IEC 26702:2007 focuses on
systematic software reuse. engineering activities necessary to guide
product development, while ensuring
that the product is properly designed to
IEEE Std. 1517-2010 Standard for Information make it affordable to produce, own,
TechnologySystem and Software Life Cycle operate, maintain, and eventually
ProcessesReuse Processes dispose of without undue risk to health
or the environment.
A common framework for extending the
system and software life cycle processes of
IEEE Std. 12207:2008 to include the
systematic practice of reuse is provided. The Since SC 7 and IEEE have written so
processes, activities, and tasks to be applied many process standards, one may not be
during each life cycle process to enable a surprised to learn that their model for
system and/or product to be constructed process description is recorded in a
from reusable assets are specified. The Technical Report.
processes, activities, and tasks to enable the
identification, construction, maintenance,
and management of assets supplied are also IEEE Std. 24774-2012 GuideAdoption of
specified. ISO/IEC TR 24474:2010 Systems and
Software EngineeringLife Cycle
ManagementGuidelines for Process
Description
IEEE Std. 1220 has been widely applied
as a systems engineering process and was An increasing number of international,
adopted by ISO/IEC with the number 26702. national, and industry standards describe
Unfortunately, the standard is not completely process models. These models are
compatible with ISO/IEC/IEEE 15288 and is developed for a range of purposes
being revised to solve that problem. The including process implementation and
result will be published as ISO/IEC/IEEE assessment. The terms and descriptions
24748-4. used in such models vary in format,
content, and level of prescription.
ISO/IEC TR 24774:2010 presents
10-20 SWEBOK Guide V3.0
assessing and improving their processes provides a basis for use in process
after implementation. The 15504 series improvement and capability
provides for process assessment; it is determination;
currently being revised and renumbered takes into account the context in
330xx. which the assessed process is
implemented;
produces a process rating;
ISO/IEC 15504 [ten parts] Information addresses the ability of the process
TechnologyProcess Assessment to achieve its purpose;
is applicable across all application
ISO/IEC 15504-2:2003 defines the domains and sizes of organization;
requirements for performing process and
assessment as a basis for use in process may provide an objective
improvement and capability determination. benchmark between organizations.
Process assessment is based on a two-
dimensional model containing a process The minimum set of requirements
dimension and a capability dimension. The defined in ISO/IEC 15504-2:2003
process dimension is provided by an external ensures that assessment results are
process reference model (such as 12207 or objective, impartial, consistent,
15288), which defines a set of processes repeatable, and representative of the
characterized by statements of process assessed processes. Results of
purpose and process outcomes. The conformant process assessments may be
capability dimension consists of a compared when the scopes of the
measurement framework comprising six assessments are considered to be similar;
process capability levels and their associated for guidance on this matter, refer to
process attributes. ISO/IEC 15504-4.
The assessment output consists of a set of
process attribute ratings for each process
assessed, termed the process profile, and
may also include the capability level Several other standards are mentioned
achieved by that process. here because they are written as
ISO/IEC 15504-2:2003 identifies the elaborations of the processes of 12207 or
measurement framework for process 15288. They are allocated to other KAs
capability and the requirements for because each one deals with topics
described in those other KAs.
performing an assessment;
process reference models;
process assessment models; IEEE Std. 828-2012 Standard for
verifying conformity of process Configuration
assessment. Management in Systems and Software
Engineering See Software
The requirements for process assessment Configuration Management KA
defined in ISO/IEC 15504-2:2003 form a
structure that IEEE Std. 14764-2006 (a.k.a. ISO/IEC
14764:2006) Standard for Software
facilitates self-assessment; EngineeringSoftware Life
10-22 SWEBOK Guide V3.0
ISO/IEC/IEEE 16326:2009 Systems and IEEE has adopted the first two parts of
Software EngineeringLife Cycle Processes the ISO/ IEC 20000 series.
Project
Management SOFTWARE ENGINEERING
See Software Engineering Management KA MODELS
AND METHODS
ISO/IEC/IEEE 29148:2011 Systems and
Software EngineeringLife Cycle Processes Some approaches to software
Requirements engineering use methods that cut across
Engineering large parts of the life cycle, rather than
See Software Requirements KA focusing on specific processes. Chief
Programmer was one traditional
example. Agile development (actually
an example of traditional incremental
Some users desire process standards delivery) is a current example. Neither
usable for IT operations or IT service S2ESC nor SC 7 has a standard for agile
management. The ISO/IEC 20000 series development, but there is a standard for
describe IT service management. The developing user documentation in an
processes are less rigorously defined than agile project.
Software Quality 10-23
Some organizations invest in software Their selection must be carried out with
engineering environments (SEE) to assist in careful consideration of both the
the construction of software. An SEE, per se, technical and management requirements.
is not a replacement for sound processes. ISO/IEC 14102:2008 defines both a
However, a suitable SEE must support the set of processes and a structured set of
processes that have been chosen by the CASE tool characteristics for use in the
organization. technical evaluation and the ultimate
selection of a CASE tool. It follows the
software product evaluation model
ISO/IEC 15940:2006 Information Technology defined in ISO/IEC 14598-5:1998.
Software Engineering Environment Services ISO/IEC 14102:2008 adopts the
general model of software product
ISO/IEC 15940:2006 defines software quality characteristics and
engineering environment (SEE) services subcharacteristics defined in ISO/IEC
conceptually in a reference model that can 91261:2001 and extends these when the
be adapted to any SEEs to automate one or software product is a CASE tool; it
more software engineering activities. It provides product characteristics unique
describes services that support the process to CASE tools.
definitions as in ISO/IEC 12207 so that the
set of SEE services is compatible with
ISO/IEC 12207. ISO/ IEC 15940:2006 can
be used either as a general reference or to The next document provides guidance
define an automated software process. on how to adopt CASE tools, once
selected.
Some organizations may be involved in all standards covers this approach in great
the above activities; others may specialize in detail.
one area. Whatever the situation, the
organizations quality management system
should cover all aspects (software related ISO/IEC 25000 through 25099 Software
and nonsoftware related) of the business. EngineeringSoftware Product Quality
ISO/IEC 90003:2004 identifies the issues Requirements and Evaluation (SQuaRE)
which should be addressed and is
independent of the technology, life cycle
models, development processes, sequence of
activities, and organizational structure used A few of the SQuaRE standards are
by an organization. Additional guidance and selected below for particular attention.
frequent references to the ISO/IEC JTC The first is the overall guide to the
1/SC 7 software engineering standards are series.
provided to assist in the application of ISO
9001:2000: in particular, ISO/IEC 12207,
ISO/IEC TR 9126, ISO/ IEC 14598, ISO/IEC 25000:2005 Software Engineering
ISO/IEC 15939, and ISO/IEC TR 15504. Software Product Quality Requirements
and Evaluation (SQuaRE)Guide to
SQuaRE
IEEE Std. 1633-2008 Recommended Practice IEEE Std. 1012-2012 Standard for System
for Software Reliability and Software Verification and Validation
The methods for assessing and predicting the Verification and validation (V&V)
reliability of software, based on a life cycle processes are used to determine whether
approach to software reliability engineering, the development products of a given
are prescribed in this recommended practice. activity conform to the requirements of
It provides information necessary for the that activity and whether the product
application of software reliability (SR) satisfies its intended use and user needs.
measurement to a project, lays a foundation V&V life cycle process requirements are
for building consistent methods, and specified for different integrity levels.
establishes the basic principle for collecting The scope of V&V processes
the data needed to assess and predict the encompasses systems, software, and
reliability of software. The recommended hardware, and it includes their
practice prescribes how any user can interfaces. This standard applies to
participate in SR assessments and systems, software, and hardware being
predictions. developed, maintained, or reused
[legacy, commercial off-theshelf
(COTS), nondevelopmental items]. The
term software also includes firmware
IEEE has an overall standard for software and microcode, and each of the terms
product quality that has a scope similar to system, software, and hardware includes
the ISO/IEC 250xx series described documentation. V&V processes include
previously. Its terminology differs from the the analysis, evaluation, review,
ISO/IEC series, but it is substantially more inspection, assessment, and testing of
compact. products.
The methodology spans the entire software IEEE Std. 1028-2008 Standard for
life cycle. Software Reviews and Audits
One approach to achieving software
quality is to perform an extensive program Five types of software reviews and
of verification and validation. IEEE Std. audits, together with procedures required
1012 is probably the worlds most widely for the execution of each type, are
applied standard on this subject. A revision defined in this standard. This standard is
was recently published. concerned only with the reviews and
audits; procedures for determining the
necessity of a review or audit are not
Software Quality 10-31
defined, and the disposition of the results of IEEE Std. 15026.1-2011 Trial-Use
the review or audit is not specified. Types Standard Adoption of ISO/IEC TR 15026-
included are management reviews, technical 1:2010 Systems and Software Engineering
reviews, inspections, walkthroughs, and Systems and Software AssurancePart
audits. 1: Concepts and Vocabulary
In many cases, a database of software
anomalies is used to support verification and This trial-use standard adopts ISO/IEC
validation activities. The following standard TR 15026-1:2010, which defines terms
suggests how anomalies should be classified. and establishes an extensive and
organized set of concepts and their
relationships for software and systems
IEEE Std. 1044-2009 Standard for
assurance, thereby establishing a basis
Classification for Software Anomalies
for shared understanding of the concepts
and principles central to ISO/IEC 15026
This standard provides a uniform approach
across its user communities. It provides
to the classification of software anomalies,
information to users of the subsequent
regardless of when they originate or when
parts of ISO/IEC 15026, including the
they are encountered within the project,
use of each part and the combined use of
product, or system life cycle. Classification
multiple parts. Coverage of assurance
data can be used for a variety of purposes,
for a service being operated and
including defect causal analysis, project
managed on an ongoing basis is not
management, and software process
covered in ISO/IEC 15026.
improvement (e.g., to reduce the likelihood
of defect insertion and/or increase the The second part of the standard
likelihood of early defect detection). describes the structure of an assurance
case, which is intended as a structured
argument that the critical property has
been achieved. It is a generalization of
In some systems, one particular property various domain-specific constructs like
of the software is so important that it safety cases.
requires special treatment beyond that
provided by a conventional verification and
validation program. The emerging term for IEEE Std. 15026.2-2011 Standard
this sort of treatment is systems and Adoption of ISO/ IEC 15026-2:2011
software assurance. Examples include Systems and Software Engineering
safety, privacy, high security, and Systems and Software AssurancePart 2:
ultrareliability. The 15026 standard is under Assurance Case
development to deal with such situations.
The first part of the four-part standard ISO/IEC 15026-2:2011 is adopted by
provides terminology and concepts used in this standard. ISO/IEC 15026-2:2011
the remaining parts. It was first written specifies minimum requirements for the
before the other parts and is now being structure and contents of an assurance
revised for complete agreement with the case to improve the consistency and
others. comparability of assurance cases and to
facilitate stakeholder communications,
engineering decisions, and other uses of
assurance cases. An assurance case
10-32 SWEBOK Guide V3.0
technical and specialized risk analysis and was originally developed in cooperation
development approaches. ISO/IEC TR with the US nuclear power industry.
15026-1 provides additional information and
references to aid users of ISO/IEC 15026-
3:2011. IEEE Std. 1228-1994 Standard for
ISO/IEC 15026-3:2011 does not require Software Safety Plans
the use of the assurance cases described by
ISO/IEC 15026-2 but describes how The minimum acceptable requirements
integrity levels and assurance cases can work for the content of a software safety plan
together, especially in the definition of are established. This standard applies to
specifications for integrity levels or by using the software safety plan used for the
integrity levels within a portion of an
assurance case. development, procurement,
maintenance, and retirement of safety-
critical software.
The final part of 15026 provides
This standard requires that the plan be
additional guidance for executing the life
prepared within the context of the
cycle processes of 12207 and 15288 when a
system safety program. Only the safety
system or software is required to achieve an
aspects of the software are included.
important property.
This standard does not contain special
provisions required for software used in
distributed systems or in parallel
ISO/IEC 15026-4:2012 Systems and Software
processors.
EngineeringSystems and Software Assurance
Part 4: Assurance in the Life Cycle
COMPUTING FOUNDATIONS
An SC 7 standard provides a framework
for comparisons among certifications of No standards are allocated to this KA.
software engineering professionals. That
standard states that the areas considered in MATHEMATICAL FOUNDATIONS
certification must be mapped to the
SWEBOK Guide. No standards are allocated to this KA.
ENGINEERING FOUNDATIONS
know how to get current designations and organization of the country in which one
descriptions of standards. This section lives. For example, in the US,
describes some helpful resources. international standards can be purchased
from the American National Standards
WHERE TO FIND STANDARDS Institute at http://webstore.ansi.org/.
Alternatively, standards can be
The list of standards published for ISO/IEC purchased directly from ISO/IEC at
JTC 1/SC 7 can be found at www.iso.org/iso/store.htm. It should be
www.iso.org/iso/iso_ noted that each individual nation is free
catalogue/catalogue_tc/catalogue_tc_browse to set its own prices, so it may be helpful
. htm?commid=45086. to check both sources.
Because the URL might change, readers IEEE standards may be available to
might have to navigate to the list. Begin at you for free if your employer or library
www.iso.org/ iso/store.htm, then click on has a subscription to IEEE Xplore:
browse standards catalogue, then browse http://ieeexplore.ieee.org/. Some
by TC, then JTC 1, then SC 7. subscriptions to Xplore provide access
Finding the current list of standards for only to the abstracts of standards; the
S2ESC is a bit more difficult. Begin at full text may then be purchased via
http://standards. ieee.org/. In the search box Xplore. Alternatively, standards may be
under Find Standards, type S2ESC. This purchased via the IEEE standards store
should produce a list of published standards at www.techstreet.com/ieeegate.html. It
for which S2ESC is responsible. should be noted that IEEE-SA
Keep in mind that the searchable sometimes bundles standards into groups
databases are compilations. Like any such available at a substantial discount.
database, they can contain errors that lead to Finally, the reader should note that
incomplete search results. standards that IEEE has adopted from
ISO/IEC, standards that ISO/IEC has
WHERE TO OBTAIN THE STANDARDS fast-tracked from IEEE, and standards
that were jointly developed or revised
Some readers will want to obtain standards are available from both sources. For all
described in this article. The first thing to standards described in this article, the
know is that some international standards IEEE version and the ISO/IEC version
are available free for individual use. The are substantively identical. The
current list of ISO/IEC standards available respective versions may have different
under these terms is located at front and back matter but the bodies are
http://standards.iso.org/ittf/ identical.
PubliclyAvailableStandards/index.html.
One of the publicly available standards is WHERE TO SEE THE SWEBOK
the ISO/IEC adoption of the SWEBOK GUIDE
Guide, ISO/ IEC 19759.
The definitions contained in The SWEBOK Guide is published under
ISO/IEC/IEEE 24765, System and an IEEE copyright. The current version
Software Vocabulary, are freely available at of the SWEBOK Guide is available free
www.computer.org/sevocab. to the public at www. swebok.org/. The
However, the vast majority of standards ISO/IEC adoption of the SWEBOK
are not free. ISO/IEC standards are generally Guide, ISO/IEC TR 19759, is one of the
purchased from the national standards freely available standards.
10-36 SWEBOK Guide V3.0
REFERENCE LIST