Taguig City University

Summary Report in Ethics In Information Technology

Submitted By:
Alingod, Junel T. Buenaflor, Nikko R.. Perea, Camelle L. Reyes, Terrence I.

Submitted to:
Mr. Lyndon De Leon

BS Computer Science A41

STRATEGIES TO ENGINEER QUALITY SOFTWARE

High quality software systems are easy to learn and easy to use. They perform the functions needed to meet their users needs in a quick and efficient manner. Now that the use of computers and software has become an integral part of many lives, more and more users are demanding high quality in the software they use every day. Software manufacturers are struggling with economic, ethical and organizational issues associated with improving the quality of the software.

Software defect

Any error that, if not remove, would cause a software system fail to meet the needs of its users.

Software quality

Is the degree to which the attributes of software product enable it to meet the needs of its user.

Quality management
Addresses how to define, measure, and refine the quality of the information systems

development process and products that develop during various stages of the process.

*The importance of software quality

Most people think of business information system when they first think about software, BUSINESS INFORMATION SYSTEM are composed of a set interrelated component including hardware, software, database, network, people, and procedure that collect data, process it, and disseminate output. One common form of business system is transaction. Processing system used to capture and record business transaction. Software is also used to control many industrial processes in an effort to reduce costs, eliminate human error, improve quality, and shorten the time it takes to make produces.

Example: Steel manufacturers used process-control software to capture data from sensors about the equipment that rolls steel in to bars and about the furnace use to heat the steel before its rolled. Software is also used to control the operation of many industrial and consumer product. Automobiles, medical diagnostic and treatment equipment, televisions, radios stereos, refrigerator, stove, washers, dryer, toaster, and irons.

Software defects are rarely lethal and number of personal injuries related to software failure is currently quire low. However, the use of software does introduce a new dimension to product liability that concerns many executives read the legal overview, special interest box to learn more about software product liability.

LEGAL OVERVIEW
Software product reliability Software product litigation is certainly not new. One lawsuit from the early 1990s involved a financial institution that became insolvent because defects in purchased software application caused errors in its integrated general ledgers system, and its customers passbook and loan statements. The liability of manufacturers, sellers, lessors, and other for injuries caused by defective products is commonly referred to as product liability. If a software product defect causes injury to purchasers, lessees, or users of the product, the incused parties may be able to sue as a result. Strict liability means that the defendant is held responsible for injuring another person, regardless of negligence or intent. To establish the government contractor defence, a government contractor must prove that 1. The precise specifications for the software were provided by the government, 2. The software conformed to this application, 3. The contractor warned the government or any known defects in the software. Lastly, there are also statutes limitations for claims of liability, so an injured party must file suit within a certain time period after the injury occurs.

Negligence is an area of great risk for software manufacturers or organizations with software-intensive products. A warranty assures buyers or lessees that a product meets certain standards of quality. This implied warranty requires that the following standards met: 1. The goods must be fit for the ordinary purpose for which they are used. 2. The goods must be adequately contained, packaged and labelled:
3. The goods must be of an even kind, quality and quantity within each unit;

4. The goods must conform to any promise or affirmation of fact made on the container/label 5. The quality of the goods must pass without objection in the trade;

6. The goods must meet a fair average of middle range of quality.

The plaintiff must have a valid contract that the supplier did not fulfil in order to win a breach warranty claim. Because the software suppliers write the warranty, this can be extremely difficult to prove. Intentional misrepresentation occurs when a seller or lessor either misrepresents the quality of a product or conceals a defect in it. Most software manufacturers used limited warranties and disclaimers to avoid any claim of misrepresentation.

*Software development process

Developing of information system software is not simple process. Many organizations for which the development of high quality software is important have adopted standards, proven work process that enables system analysts, programmers, project managers and others to make controlled and orderly progress in developing high quality software. A methodology recommends specific techniques for accomplishing the various activities; it offers guidelines for managing the quality of the products produce during the various stages of the development life cycle. This will be applied to any software development process that the company undertakes.

Software quality These methods are applied throughout the development life cycle of the software produ

DIFFERENT TYPES OF TEST IN SOFTWARE DEVELOPMENT PROCESS Dynamic testing When a programmer completes a unit of software, one quality assurance measure is to test the code by actually entering test, data and comparing actual result to the expected result

Two forms of dynamic testing: Black box testing White box testing

Static testing Special programs, called static analyzer, are nor against the new code. Rather than reviewing input and output, the static analyzer is software that looks for suspicious in programs that might indicate a defect. Integration testing The software units are combined into an integrated system that undergoes rigorous integration testing. System Testing Various subsystems are combined and system testing is conducted to test the entire system as a complete entity. User acceptance testing An independent test performed by trained and users to ensure that the system operates as expected from their view points

*Capability Maturity Model for Software

The software engineering institute at Carnegie institute developed a Capability Maturity Model for software (SW-CMM) in 1986. The SW-CMM is a globally used method to improve an organizations ability to predict and control quality, schedule, cost, cycle time, and productivity when acquiring, building or enhancing software systems. The SW-CMM defines five levels of software development process maturity and identifies the issues most critical to software quality and process improvement. As the maturity level increases, the ability of the organization to deliver quality software on time and on budget is improved. In the awarding of software contracts, particularly with the government, organizations bidding on the contract may be required to have adopted the SW-CMM and be performing at a certain level. After an organization decides to adopt the SW-CMM, it must conduct an assessment of its current software development practices and determine where they fit in the capability model. The assessment will identify specific opportunities for improvement and the action plans needed to upgrade the software development process.

KEY ISSUES Although defects in any system can cause serious problems, there are certain systems in which the consequences of software defects can be deadly. The ethical decisions involving a trade-off-if one might even be considered between quality and any other factors such as cost, ease of use, or time to market require extremely serious examination.

Development of safety critical Systems

A safely critical system is one whose failure may cause injury or death to human beings. There are many safety-critical systems whose safe operations relies on the flawless performance of softwareautomobile anti-lock breaking systems, nuclear power plant reactor control systems, airplane navigation and control systems, roller coaster braking systems, elevator control systems, and numerous medical devices. In june 1994, a Chinook helicopter took off from northern Ireland with 25 british intelligence officials travelling to security conference Inverness. Just 18 minutes in to its flight the helicopter crashed on the peninsula of Kintyre in Argyll, Scotland, with no survivors. A senior ministry of defense, dated January 11, 1995, revealed there were problems with the Chinook, many of which were traced eventually back to software design and system integration problems which were experienced from February-July 1994. In particular the engine management software, which controlled the acceleration and deceleration of the engines, was suspect. One of the most widely cited software related accidents in safety critical systems involved a computerized radiation therapy machine called THERAC-25. This medical linear accelerator was designed to deliver either protons or electrons at various energy levels to create high energy beams that would destroy tumors with minimal impact on the surrounding healthy tissue. In the development of safety critical systems, a key assumption must be that safety will not automatically result from the following your organizations standard software development methodology. Safety critical software must go through a much more rigorous and time consuming development process. All tasks, including requirements definition, system analysis, design, coding, fault analysis, testing implementation, and change control, require additional steps, more through documentation, and more checking and rechecking. In designing, building, and operating a safety critical system, a great deal of effort must go into considering what can go wrong. Risk is the probability of an desirable event occurring times the magnitude of the consequence of the event happening (damage to property, lost of money, injury to people, lost of life, and so on).

Redundancy is the provision of multiple interchangeable components to perform a single function in order to cope with failures and errors. A simple redundant system would be an automobile with spare tire or a parachute with back chute attached. A more complex redundant system use in IT would redundant array of independent disks (RAID), commonly used in high-volume data storage for file servers. RAID systems use many small capacity disk drives to store large amount of data and to provide increased reliability and redundancy. After all risks pertinent to a system determined, it is necessary to decide what level of risk is acceptable. This is an extremely difficult and controversial decision because it involves forming personal judgements about the value of human life, accessing potential liability in case of an accident, evaluating the surrounding natural environment, and estimating the cost and benefits of the system. System modification must be made if the level of risk inherent in design is judged to be too great. The modifications can include adding redundant components or using safety shutdown systems, containing vessels, protective walls, or escape systems. Manufacturers of safety critical systems must sometimes make a decision about whether to recall a product when data indicates there may be a problem.

Reliability is the probability of a component or system performing its mission over a certain length of time. If component has a reliability of 99.9 %, it has one chance in 1000 of failing over the life of its mission. Although this may seem very low, remember that most systems are made up of many components. In such case, the overall reliability of the complete system is based upon statistical probabilities. One of the most important and difficult areas of safety critical system design is the human system interface. Human behavior is not nearly as predictable as the reliability of the hardware and software components a complex system. The system designer must consider what human operators might do to cause the system to operate less safety or effectively.

Quality management standards

The international organization for standardization (ISO), founded in 1947, is a worldwide federation on national standards bodies from some 100 countries. The ISO issued its 9000 series of business management standards in 1988. These standards require organization to develop formal quality management system that focus on identifying and meeting the need, wants, and expectation of their customers.

Although companies can use the standard as a management guide for their own purposes in achieving effective control, the bottom line for many is having a certificate awarded by a qualified external agency to say that they have achieved ISO 9000 certificate to win a contract. In order to get this coveted certificate, it is necessary for the organization to submit to an examination by an external assessor. To be certified, a company must do 3 things: 1. Have written procedures for everything they do. 2. Follow does procedures. 3. Prove to an auditor that they written procedures and that they follow those procedures.

The various ISO 9000 series of standards address the following activities:

ISO 9000 Design, development, production, installation, servicing. ISO 9002 Production, installation servicing ISO 9003 Inspection and testing ISO 9000-3 The development, supply, and maintenance of software. ISO 9004 Quality management and quality systems elements.

Failure Mode and Effect Analysis (FMEA) Is an important technique used to develop any ISO 9000-compliant quality system. FMEA is used as a reliability evaluation technique to determine the effect of the system and equipment failures.