Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!cs.utexas.edu!sun-barr!newstop!sun!amdcad!dgcad!dg-rtp!farmhand!cole
From: cole@farmhand.rtp.dg.com (Bill Cole)
Newsgroups: comp.software-eng
Subject: Re: SE Terms Confusion
Message-ID: <1991Apr12.175652.12949@dg-rtp.dg.com>
Date: 12 Apr 91 17:56:52 GMT
References: <1991Apr11.144028.20787@murdoch.acc.Virginia.EDU>
Sender: cole@farmhand (Bill Cole)
Organization: Data General Corporation, Research Triangle Park, NC
Lines: 47


|> I have been fighting with some SE terms recently and
|> am looking for some help in defining them and how
|> they relate to each other.  The terms I am referring to are:
|> 
|> Software Quality (& Software Quality Assurance)
|> Software Risk
|> Software Testing
|> Verification and Validation
|> Software Reliability
|> 
|> To get the ball rolling, here are some of my observations:
|> 1. Software Reliability is one component of Software Quality.
|> 2..V&V is essentially synonymous to Software Testing.
|> 3..Software Risk is the risk of a software project not
|>     being completed, e.g. not fulfilling its specifications?  
|>     Does this make it a component of Software Reliability?
|> 4. Software Quality is measuring quantitatively the quality
|>     of a piece of software on a number of attributes as
|>     defined by the specific project.  These attributes often
|>     are similar across many projects.
|> 

From the bottom up:
On what basis do you measure released software?  You say 'attributes' but that's very non-specific.
Weinberg states that the first measure of quality is whether of not the software does what we say it
does.  In very large software projects (my area of inquiry is database software), what attributes should
be measured?  Let's assume that I've tested it thoroughly and gone through the V&V process.  Now, I've
got several thousand users out there running this software and occasionally finding problems.  Do I count
the number of reported problems? or database corruptions?  Or do I count some specific class of reported
problems as bugs?  I use the reported problems as a basis to know 'software quality', but I get lots of
arguments from the academicians and pedagogues.

Risk can have the component of what-happens-if-we-don't-do-the-project which can be measured against the
rate of return for having done the project.  The risk aspect can also include (as part of the quality
issue) a statement of how-good-is-good-enough?  If you test a product for three months and find 100 bugs
of a non-serious nature, does it make sense to spend another three months looking for bugs?  What's the
risk associated with shipping software in its current state.

V&V is NOT synonymous with software testing.  These are purely positive tests; testing includes negative
tests as well.  In negative testing, you try to break the software, go beyond limits or look for limits.

Reliability is, of course, a component of Quality.  But who measures it?  If you have 1000 users and 900
have no problem but 100 have varying problems, you have 10% of your user base saying the software is
useless because of its reliability while 90% are happy/satisfied/not disgruntled.

The views are my own,
/Bill