Table of contents
- Everyone Wants High-Quality Software
- ISO/IEC 9126: A Starting Point for Quality Standards: Exploring the Six Key Attributes
- ISO 25000 (SQuaRE): An Evolution in Quality Assessment: New Aspects and Features
- CMMI: Organizational Maturity Standards: Evaluating Software Quality from an Organizational Perspective
- CISQ: Quality from a Software Engineering Perspective: Technical Metrics for Practical Assessment
- Finding Your Lane: Wrapping Up the Journey to Software Quality
Everyone Wants High-Quality Software
Everyone wants their application to be versatile and meet all the characteristics of "good software." Many of us instinctively understand what software quality means, but we rarely think about it in terms of theoretical frameworks. Is it enough to follow principles like Clean Code, SOLID, YAGNI, and other acronyms for "good software" to become a reality? Not necessarily.
When we look at quality holistically, encompassing not just classes or services but the entire system, the matter becomes more complex. What does a "good system" even mean? Different people may provide different answers, but they all converge on one point: the "goodness" of software depends on business requirements and the specifics of the application. To bring some order to this chaos, the IT industry has developed various approaches and standards for assessing software quality.
ISO/IEC 9126: A Starting Point for Quality Standards: Exploring the Six Key Attributes
The ISO/IEC 9126 standard was one of the first attempts to define software quality. It was based on six key attributes, which remain fundamental for quality assessment to this day:
Functionality: Does the system meet business requirements? Are data processed correctly? It may be useful during initial development and acceptance testing phases to ensure that the software delivers the intended business value. For example, testing a financial system to ensure compliance with transaction regulations. For more information, see the ISO/IEC 9126 official documentation.
Reliability: How long can the system operate without failure? This is critical for systems that need continuous operation, such as healthcare applications or live streaming platforms. For instance, ensuring high uptime for a hospital's patient record system.
Usability: Can users intuitively use the system? This is important during user interface design and pre-release testing to improve user satisfaction. For example, refining the navigation of an e-commerce website.
Performance: How efficiently does the system utilize resources? This is relevant for performance-critical systems, especially during stress testing phases. For example, ensuring fast load times for a ticketing system during peak sales.
Maintainability: How easy is it to introduce changes or fix bugs? This is essential for long-term projects where ongoing updates are expected. For example, ensuring clean code for a cloud-based CRM system.
Portability: Can the system run on different platforms? This is critical for software intended for multiple platforms, such as mobile apps for iOS and Android. For example, ensuring compatibility of a game across various operating systems.
If you are interested in this standard, please refer to the official ISO/IEC 9126 official documentation, but please note that this is an archived version - after a few years it was updated and replaced by a new ISO document.
ISO 25000 (SQuaRE): An Evolution in Quality Assessment: New Aspects and Features
The ISO 25000 standard evolved and incorporating new aspects. Key features added or detailed include:
User Efficiency: How well does the system support users in achieving their goals? It is useful for systems aimed at task optimization, such as productivity tools or project management applications. For example, evaluating the usability of a task-tracking tool.
Security: Are user data well-protected? This is critical for systems handling sensitive information, such as financial, medical, or personal data.
Risk Management: How does the system handle failures or cyberattacks? This is necessary for applications operating in high-risk environments, such as e-commerce platforms during a sales event. For example, implementing fallback mechanisms for payment processing.
This evolution introduced a significant number of elements under the umbrella of software product quality. Below is a table summarizing criteria used to assess software quality according to this standard. For in-depth information, you can visit the ISO 25000 website.
CMMI: Organizational Maturity Standards: Evaluating Software Quality from an Organizational Perspective
The Capability Maturity Model Integration (CMMI) assesses software quality from the perspective of the organization's ability to create quality software (so it is a bit different point of view). I think it is an interesting approache, so as a curiosity I wrote a few words about organisation level and what lies behind it. You can evaluate the company you work for yourself and assess its level :)
Level 1: Chaotic: Teams operate without established processes; changes in projects are made without planning. This is common path for startups or small teams transitioning to more structured workflows. For example, identifying inefficiencies in a chaotic development process.
Level 2: Repeatable: Processes such as SCRUM or Kanban improve project management. This is ideal for organizations aiming to deliver consistent results in multiple projects. For example, introducing SCRUM for managing a growing number of client applications.
Level 3: Defined: Coding standards and deployment processes are documented. This is suitable for mid-sized organizations scaling up their development teams. For instance, documenting deployment pipelines for a SaaS product.
Level 4: Quantitatively Managed: Performance data (e.g., build times in CI/CD) are regularly collected. This is essential for organizations seeking data-driven insights into development efficiency. For example, tracking build failures to optimize CI/CD pipelines.
Level 5: Optimizing: Advanced methods, such as machine learning, are used to analyze trends and predict issues. This is best for mature organizations looking to innovate and improve continuously. For instance, using AI to predict system bottlenecks before they occur.
CMMI is most valuable when an organization wants to improve its processes systematically and align them with business goals. It helps not only in delivering higher-quality software but also in achieving long-term strategic objectives. Check out the official CMMI website if you are interested in more specific details :).
CISQ: Quality from a Software Engineering Perspective: Technical Metrics for Practical Assessment
The Consortium for IT Software Quality (CISQ) provides technical metrics supporting practical aspects of software engineering. It was founded in 2009 as a joint initiative by the Software Engineering Institute (SEI) at Carnegie Mellon University and Object Management Group (OMG). Its adoption is encouraged by global companies seeking more objective and quantitative ways to evaluate software quality, with increased traction in the early 2010s. Even though almost 15 years have passed since their creation, they are still evolving and may prove helpful. Examples of metrics include:
Reliability: Analysis of failure rates in source code using tools like SonarQube. This is critical during development for high-stakes systems, such as aerospace or medical software. For example, using static code analysis to prevent runtime failures.
Performance: Identifying bottlenecks in applications using profilers. This is useful for systems with strict performance requirements, such as gaming or financial trading platforms.
Security: Conducting code audits for vulnerabilities (e.g., SQL injection). This is necessary for applications dealing with sensitive data or compliance requirements.
For more information about CISQ you can refer to their official guidelines.
Finding Your Lane: Wrapping Up the Journey to Software Quality
There is no single definition of "good software." Various standards and approaches, such as ISO/IEC 9126, ISO 25000, CMMI, and CISQ, provide tools for evaluating it. Each of these models is valuable, but the choice of which quality aspects to prioritize depends on the specifics of the project and the organization.
Key takeaways include understanding that software quality is multi-dimensional and context-dependent. By leveraging these standards, organizations can tailor their quality assessment to align with business goals and project requirements. Creating high-quality systems requires conscious decisions at every stage— from planning to implementation and maintenance. Emphasizing the right quality aspects ensures that the software not only meets technical standards but also delivers business value and user satisfaction. Understanding and applying the described approaches can help not only in designing better systems but also in improving the work culture of the entire organization.