sw_audit
The SEI Software Maturity Framework will identify the critical success
factors to establishing software excellence and software quality. It
can not be forced or immediately implemented. Growth in maturity will
happen one step at a time much as a child learns to crawl, stand, step,
walk and finally run. [August 1991 - CMU/SEI-91-TR-24]
The levels of maturity shown below can be audited by any organization
by answering the questions found in each category.
The five levels of maturity from the Carnegie Mellon report are defined
below:
<![CDATA[
o Initial
This level is characterized by good programmers with no boundary
constraints, chaos. They may produce depending on the level of
the programming staff. Often a super programmer makes things
happen despite the lack for any software process.
o Repeatable
At this stage the software process begins to do things which make
the development of software repeatable. Software costs with
schedules according to software functionality exist and are
managed by managers. Problems in the software cycle are beginning
to be seen outside of the development group.
The discipline of the software process is beginning to be applied
so that projects can be reviewed on the basis of schedules and
functionality.
o Defined
The software process has weathered a few projects and more understanding
of what to measure, how to estimate and what to ask for in terms of
deliverables emerges. This is the point where development and the
management levels come together in the common goal of a consistent
approach to the software process. It becomes stable for both software
engineers and management.
At this point a Process Group will form which will begin to own the
entire life cycle of software. Peer reviews will begin to emerge
as the entire staff begins to understand the advantages of the
software process. Training programs for employees happen to bring
everyone up to speed on these new techniques.
o Managed
Over time as these rules of thumb for measuring the progress of software
become defined, the software process becomes predictable. Quality goals
can start becoming the focus of the software cycle.
o Optimizing
This highest level is rarely achieved in the software industry. It
is the ability to make continuous improvements in the project to
achieve a better product.
]]>
<![CDATA[
Repeatable Process?
Yes/No
Y N Do you have a Software Quality Assurance function?
Y N Do you use software configuration control?
Y N Do you formally review each software project's contribution
prior to making commitments?
Y N Do you formally estimate software size, effort and cost?
Y N Do you formally plan software schedules?
Y N Do you measure and track the size and complexity of each
software module over time?
Y N Do you measure and track errors / defects throughout the
maintenance life cycle?
Y N Does management formally review the status of software projects?
Y N Do you use a mechanism to control changes to the software
requirements?
Y N Do you use a mechanism to control who changes the code & when?
-------
If the number of yes answers exceeds seven, give yourself
REPEATABLE.
]]>
<![CDATA[
Defined Process?
Yes/No
Y N Do you use a standardized and documented software maintenance
process on each project?
Y N Is there a software engineering process group that evolves
the maintenance process?
Y N Is there a required software engineering training program for
software professionals?
Y N Do you measure and track software design errors and defects?
Y N Do you conduct internal software design reviews/inspections?
Y N if so, are the action items resulting from design reviews
tracked to closure?
Y N Do you use a mechanism to control changes to the software
design?
Y N Do you conduct software code reviews/inspections?
Y N if so, are the action items resulting from code reviews
tracked to closure?
Y N Is there a formal training program for design and code review
leaders?
Y N Do you use a mechanism to ensure compliance with the software
engineering standards?
Y N Do you formally verify the adequacy of regression testing?
-------
If the number of yes answers exceeds nine, give yourself
DEFINED.
]]>
<![CDATA[
Managed Process?
Yes/No
Y N Is a formal mechanism used to manage the introduction of new
technologies?
Y N Are requirements, design, and code review standards applied?
Y N Are design, code, and test errors estimated and compared to
actual values?
Y N Are design and code review coverages measured and recorded?
Y N Is the design review data analyzed to evaluate the product
and reduce future defects?
Y N Is test coverage measured and recorded for each phase of
functional testing?
Y N Has a metrics database been established for process measurement
across all projects?
Y N Is the error data from code reviews and tests analyzed to
determine the likely distribution and characteristics of the
errors remaining in the product?
Y N Are analyses of errors conducted to determine their process
related causes?
Y N Is review efficiency analyzed for each project?
Y N Is a mechanism used for periodically assessing the software
engineering process and implementing indicated improvements?
-------
If the number of yes answers exceeds eight, give yourself
MANAGED.
]]>
<![CDATA[
Optimized Process?
Yes/No
Y N Is a mechanism used for identifying and replacing obsolete
technologies?
Y N Is a mechanism used for error cause analysis?
Y N Are error causes reviewed to determine the process changes
required to prevent them?
Y N Is a mechanism used for initiating error prevention actions?
-------
If the number of yes answers exceeds two, give yourself
OPTIMIZED.
]]>
<![CDATA[
Automated Process?
Yes/No ASK, do the software development and maintenance personnel use:
Y N automated configuration control to manage software changes
throughout the process?
Y N a high-order language?
Y N interactive source-level debuggers?
Y N interactive documentation facilities?
Y N computer tools for tracking and reporting the status of the
software in the library?
-------
If the number of yes answers exceeds three, give yourself
AUTOMATED.
]]>