19.3.2 The Cost of Quality
The argument goes commodity like this — we know that quality is important, but
. it costs us time and plutocrat — too important time and plutocrat to get the position of software
quality we really want.There’s no question that quality has a cost, but
. lack of quality also has a cost — not only to end druggies who must live with perambulator
software, but also to the software association that has erected and must maintain
. it. The real question is this which bring should we be upset about? To answer
this question, you must understand both the cost of achieving quality and the cost
. of low- quality software.
conditioning and the downstream costs of lack of
quality. To understand these costs, an association should collect criteria to
. give a birth for the current cost of quality, identify openings for
. reducing these costs, and give a regularized base of comparison. The cost
of quality can be divided into costs associated with forestallment, appraisal, and
Prevention costs include (1) the cost of operation conditioning needed to
plan and coordinate all quality control and quality assurance conditioning, (2) the
. cost of added specialized conditioning to develop complete conditions and design
models,( 3) test planning costs, and (4) the cost of all training associated with
. these conditioning.
Appraisal costs include conditioning to gain sapience into product condition the
“ fi rst time through” each process. Exemplifications of appraisal costs include (1) the
cost of conducting specialized reviews ( Chapter 20) for software engineering work
products, (2) the cost of data collection and criteria evaluation ( Chapter 30), and
Failure costs are those that would vanish if no crimes appeared before
Dispatching a product to guests. Failure costs may be subdivided into internal
failure costs and external failure costs. Internal failure costs are incurred when
you descry an error in a product previous to payload. Internal failure costs include
(1) the cost needed to perform rework ( form) to correct an error, (2) the cost
.that occurs when rework inadvertently generates side goods that must be eased, and (3) the costs associated with the collection of quality criteria that allow
. an association to assess the modes of failure. External failure costs are associated with blights plant after the product has been packed to the client.
Exemplifications of external failure costs are complaint resolution, product return and
. relief, help line support, and labor costs associated with bond work.
A poor character and the performing loss of business is another external failure
cost that’s diffi cult to quantify but nevertheless veritably real. Bad effects be
when low- quality software is produced.
. safety, their entertainment, their opinions, and their veritably lives on computer software. It more be right.” The recrimination is that low- quality software increases
pitfalls for both the inventor and the end stoner. In the antedating subsection, we
. Bandied one of these pitfalls ( cost). But the strike of inadequately designed and enforced operations doesn’t always stop with bones and time. An extreme
illustration (Gag04) might serve to illustrate.
Throughout the month of November 2000 at a sanitarium in Panama, 28 cases
. entered massive overdoses of gamma shafts during treatment for a variety of cancers. In the months that followed, 5 of these cases failed from radiation poisoning and 15 others developed serious complications. What caused this tragedy?
pre22126_ch19_411- 430. indd 424re22126_ch19_411-430. indd42413/12/ 13 613 PM3/12/13 613 PM
CHAPTER 19 QUALITY Generalities 425
A software package, developed by aU.S. company, was modifi ed by sanitarium technicians to cipher modifi ed boluses of radiation for each case.
The three Panamanian medical physicists, who tweaked the software to give
. Fresh capability, were charged with alternate- degree murder. TheU.S. company
was faced with serious action in two countries. Gage and McCormick comment
This isn’t a exemplary tale for medical technicians, indeed though they can fi nd themselves fi ghting to stay out of jail if they misinterpret or misuse technology. This
also isn’t a tale of how mortal beings can be injured or worse by inadequately designed or
Inadequately explained software, although there are plenitude of exemplifications to make the point.
Poor quality leads to pitfalls, some of them veritably serious.
19.3.4 Negligence and Liability
The story is each too common. A governmental or commercial reality hires a major software inventor or consulting company to dissect conditions and also design
and construct a software- grounded “ system” to support some major exertion. The system might support a major commercial function (e.g., pension operation) or some
. governmental function(e.g., health care administration or motherland security).
Work begins with the stylish of intentions on both sides, but by the time the system is delivered, effects have gone bad. The system is late, fails to deliver asked features and functions, is error-prone, and doesn’t meet with client
. blessing. Action ensues.
In utmost cases, the client claims that the inventor has been careless (in
.the manner in which it has applied software practices) and is thus not entitled to payment. The inventor frequently claims that the client has constantly
changed its conditions and has demoralized the development cooperation in
other ways. In every case, the quality of the delivered system comes into question.
19.3.5 Quality and Security
As the criticality of Web- grounded and mobile systems grows, operation security
. has come decreasingly important. Stated simply, software that doesn’t parade
. high quality is easier to hack, and as a consequence, low- quality software can
. laterally increase the security threat with all of its attendant costs and problems.
In an interview in ComputerWorld, author and security expert Gary McGraw
. commentary (Wil05)
Software security relates entirely and fully to quality. You must suppose about
security, trustability, vacuity, responsibility — at the morning, in the design,
. Armature, test, and rendering phases, all through the software life cycle ( process).
pre22126_ch19_411-430. indd 425re22126_ch19_411-430. indd42513/12/ 13 613 PM3/12/13 613 PM
426 PART THREE QUALITY Operation
Indeed people apprehensive of the software security problem have concentrated on late life- cycle
stuff. The before you fi nd the software problem, the better. And there are two kinds
of software problems. One is bugs, which are perpetration problems. The other is
software fl aws — architectural problems in the design. People pay too important attention
to bugs and not enough on fl aws.
To make a secure system, you must concentrate on quality, and that focus must begin
. during design. The generalities and styles bandied in Part 2 of this book lead
to a software armature that reduces “ fl aws.” A more detailed discussion of
security engineering is presented in Chapter 27.