CMMI Certification Might Not Yield Quality Software
Stories Columns Opinions Resources
Sun extends Groovy, PHP support to NetBeans
Version 6.5 of the IDE will see complete support for those two languages along with comple...
|
Sun reorganizes its software production infrastructure
Facing economic hardships, lost revenue and loss of employees, Sun has split its software ...
|
Adobe steers Flash toward RIA implementation
At this year's Adobe MAX Conference, the focus was on Flash, this time making Flash more o...
|
BigLever builds a bridge to SCM with Gears
The Gears Universal Configuration Management Bridge allows CM systems to integrate with Ge...
|
SOA Watch: New economic realities
In the current economic downturn, agile programming and SOA are attractive options that bu...
|
Integration Watch: A new twist on threads
The key to raising the efficiency of multiprocessors is to shrink the overall workload by ...
|
Integration Watch: The Return of NetRexx?
Java scripting languages are seeing a surge in popularity, with NetRexx looking particular...
|
Windows & .NET Watch: Transaction crowd gets a boost
With multicore chips becoming the standard for processors, the need for a flexible, usable...
|
From the Editors: Election should shake up JCP
Rod Johnson has the right ideas for opening up the Java Community Process, and he may be a...
|
Letters to the Editor: Sun gives REST, SOAP choice
A reader takes issue with a headline on our story about Sun working with REST along with S...
|
Guest View: Be smart and lazy
The optimal solution for problems is the simplest one, so always aim to streamline your ap...
|
Zeichick's Take: From EXEC to EXEC 2 to REXX to NetRexx
Andrew Binstock's column last week, "The Return of NetRexx," brought back some fond memori...
|
Practical tips for saving money on code maintenance
If software design is expensive, well, code maintenance is even more so. When you look...
|
Transform your app-dev quality by involving the whole community in testing
As the saying goes, the more eyes you have on software, the shallower the bugs. That’...
|
Build your dev and test labs for less – a lot less – with virtualization
You don’t have the budget to equip developers and software test teams with all the har...
|
Software Common Hacks and Counterattacks: A Guide to Protecting Software Products against the Top 7 Piracy Threats
Software piracy continues to be a growing epidemic. This white paper examines prevalen...
|
By Edward J. Correia
July 1, 2008 —
Capability Maturity Model Integration is a method by which organizations can measure the effectiveness of their business processes and work toward improvement. It calls for an awareness of things people do to get work done, whether or not those processes are organized, documented and managed, and if there’s a continual effort to improve them.
That’s CMMI in a nutshell. But it’s not the whole solution. Bill Curtis, one of the authors of the first CMM Methodology, says that CMMI treats application quality primarily as a process of finding and removing defects within a single project. “One of the common objections that we hear from prospective customers when we talk about our product is that they or their vendor are CMM certified and hence do not see a need for additional tools to measure quality.”
Curtis is now senior vice president and chief scientist at CAST Software, which positions its namesake software platform to smooth out the complexities of software development within the context of CMMI. “Application quality encompasses much more than the defect detection practices included in CMMI,” asserted Curtis. “It includes issues such as maintainability, robustness, security, interoperability and other attributes that control an application’s cost of ownership and value to the business.”
Although CMMI mentions these attributes as design considerations, it does not explicitly require that they be evaluated, he said, leaving projects to define their own quality criteria for verifying and validating their output throughout the development phase. As a consequence, it’s possible for an organization to be appraised at CMMI Level 5 (the highest level) without fully addressing application software quality in the development process.
When CMMI was first developed, Curtis said the goal was to view quality as the removal of defects. “We were interested in finding and removing defects, which is different from application software quality,” he said. “Even with no defects, it can still be difficult to maintain and add functionality because [the code] is still too complex, contains security [flaws] and what have you—quality issues beyond those you worry about when looking for defects. That’s the bigger picture.”
The complexity of today’s modern applications is enormous, particularly with the mixture of languages and interfaces, Internet connectivity, database communications, and the potential for being built by different teams possibly on different continents. “Developers simply can’t be an expert in all of that, and the ability to test is limited to how much you know. If we only define problems as defects we still have problems.”
CAST approaches the problem by analyzing pre-build source code and providing metrics to help manage quality. The software “aggregates the architecture into metrics to quantify what it sees about complexity, class hierarchy, interactions between technologies and decisions in business logic, as [they] might affect how data is stored in the database,” Curtis explained. A tester might lack knowledge in some of those areas, he added, and CAST software allows people to see the overall interaction of within the structure of an application and make decisions based on that information.
A group of code scanners goes through code and perform semantic analyses, compares it with more than 800 rules for coding best practices and determines its level of compliance with those practices. “The rules come from Ph.D-level computer scientists surveying reports from conferences, literature, user blogs and other areas that represent code practices,” Curtis said. “You can drill into those warning areas to the specific code or class where the problem is.”
Lots of companies offer code analysis products, but Curtis claims that CAST differentiates with the use of “cross-technology static analysis” once code development is complete.
“We run at build time; the value being that we run across all the technologies” that go into the application as a whole. The software also prioritizes issues to help teams decide what should be done before launch and what can wait. “Based on rules we’ve seen out there, we can suggest that a design will be slow or that it will slow down over time.”
The tool also provides additional information about architecture and coding practices so teams know what’s there, how it all interacts and how to remediate problems. “We can also look build-to-build to see if [quality is] getting better or worse. Managers can look at this level and get a sense of whether they’re maintaining quality or degrading and decide what to do.”
July is for Build Management
The July issue of Software Test & Performance magazine is available now. In this month’s build management issue, don’t miss OpenMake CTO Tracy Ragan’s techniques for building a continuous build and Flash-app testing tips from consultant Kristopher Schultz. Download the PDF now, with no charge and no registration!
Share this link: http://www.sdtimes.com/link/32462