Beruflich Dokumente
Kultur Dokumente
Types of Review
There are a number of types of review ranging in formailty and effect. These include:
Buddy Checking
having a person other than the author informally review a piece of work. generally does not require collection of data difficult to put under managerial control generally does not involve the use of checklists to guide inspection and is therefore not repeatable.
Types of Review
Walkthroughs
generally involve the author of an artifact presenting that document or program to an audience of their peers The audience asks questions and makes comments on the artifact being presented in an attempt to identify defects often break down into arguments about an issue usually involve no prior preparation on behalf of the audience usually involve minimal documentation of the process and of the issues found process improvement and defect tracking are therefore not easy
Types of Review
Review by Circulation
similar in concept to a walkthrough artifact to be reviewed is circulated to a group of the author(s) peers for comment avoids potential arguments over issues, however it also avoids the benefits of discussion reviewer may be able to spend longer reviewing the artifact there is documentation of the issues found, enabling defect tracking usually minimal data collection
Types of Review
Inspection (Fagan 76)
formally structured and managed peer review processes involve a review team with clearly defined roles specific data is collected during inspections inspections have quantitative goals set reviewers check an artifact against an unambiguous set of inspection criteria for that type of artifact The required data collection promotes process improvement, and subsequent improvements in quality.
Software Inspection
The inspection process comprises three broad stages:
preparation collection Repair
Gilb and Graham [GilbGraham93] expand this three stage process into the inspection steps; Entry, Planning, Kickoff Meeting, Individual Checking, Logging Meeting, Root Cause Analysis Edit, Follow Up, Exit.
Benefits of Inspection
30% to 100% net productivity increases; Overall project time saving of 10% to 30%; 5 to 10 times reduction in test execution costs and time; Reduction in maintenance costs of up to one order of magnitude; Improvement in consequent product quality; Minimal defect correction backlash at systems integration time. In addition to these tangible benefits, less tangible benefits such as a training effect for inspectors are also evident.
Disadvantages
Up front costs (although far outweighed by benefit):
Training Implementation Support Ongoing allocation of staff resources
A Sample Form
Inspection Roles
Moderator / Leader Author / Producer Reviewer / Reader Scribe
Inspection Metrics
Total Defects Found = A + B - C, where A and B are the number found by reviewer A and B respectively and C is the number found by both A and B. Estimated Total Defects = AB/C Yield = Total Defecs Found / Estimated Total Defects * 100% Defect Density = Total Defects Found / Size Inspection rate = size / total inspection hours
AUDIT
The goal is to provide a guide to those responsible for software-related auditing and how best to achieve the final outcome of a fair, objective, and useful software-related audit that improves the situation as found. An independent examination of a work product or set of work products to assess compliance with specifications, standards, contractual agreements, or other criteria IEEE Purpose: to provide an independent evaluation of conformance of software products and processes to applicable regulations, standards, guidelines, plans, and procedures
Reasons
A specific project milestone has been reached and an audit is initiated as planned or as required by the auditing organizations charter. External parties or customers request an audit of a specific item, at a specific date, or at a project milestone. This could be part of a contract agreement. An internal organization has requested the audit, establishing a clear and specific need.
Software-related Audit
The client, person, or organization that requests the audit; The auditor or team who performs the audit; The auditee whose work is being examined.
Auditors Responsibilities
Determining the team size; Briefing team members on the audit scope and areas to be audited; Providing background about the organization being audited; Assigning the workload of who will audit what areas; Determining the audit schedule; Notifying and briefing the audited organization on the scope of the audit and materials that need to be provided; Ensuring that the audit team is prepared to conduct the audit; Ensuring that the audit plan or procedures are performed; Issuing reports in accordance with the audit plan or procedures.
Auditees Responsibilities
Establishing a professional, positive attitude about the audit among the members of the audited organization; Participating in the audit; Providing all relevant materials and resources to the audit team; Understanding the concerns of the auditors and verifying their factual accuracy; Providing a response to the audit report; Correcting or resolving deficiencies cited by the audit team.
Security Audit
Issues
Backups Antivirus. Firewall Access control.
Security Audit
ISO 17799 It is organized into 10 sections
Business continuity planning; Systems access control; System development and maintenance; Physical and environmental security; Compliance; Personnel security; Security organization; Computer and operations management; Asset classification and control; Security policy.
Security Audit
Security Audit
CMMI-DEV appraisal
CMMI-DEV appraisal
Phase 1 1.1 1.2 1.3 1.4 Process Plan and Prepare for Appraisal Analyze Requirements Develop Appraisal Plan Select and Prepare Team Obtain and Inventory Initial Objective Evidence
1.5
2 2.1 2.2 2.3 2.4 2.5 2.6 3 3.1 3.2
CMMI-DEV appraisal
Benefits to the organization:
Improved accuracy in appraisal results delivered by external appraisal teams (i.e., clear understanding of implemented processes, strengths, and weaknesses); Detailed understanding of how each project or support group has implemented CMMImodel practices, and the degree of compliance and tailoring of organizational standard processes; Assets and resources for monitoring process compliance and process improvement progress; Residual appraisal assets that can be reused on subsequent appraisals, minimizing the effort necessary for preparation.
Automated Audits