Security Group Project Quality Management Experience

In the process of software product development, software quality has always been at the core. The smooth development of software enterprises requires a lot of efforts. Software Quality Assurance plays an important role in the development process. For a software project, because most of the projects are presented in the form of mental labor results, it depends largely on the collective wisdom, coding level and group contribution of the project team members. Therefore, there are many dynamic uncertainties in the process from the beginning to the end of the software project (release), which inevitably increases the difficulty of project quality control, this makes it a tough issue to effectively ensure the quality of software on the premise of submitting software products on time.

Different Project Teams certainly have different solutions to quality assurance problems. Below I will sort out some quality management experiences of our security team, which must be one-sided and inadequate, we also ask you to criticize and correct the situation.

First: Pay attention to the Scale Estimation before the project starts
In order to submit software products on time, a feasible project schedule is required, and the workload to ensure software quality must be considered in this plan. The foundation for generating this plan is to estimate the scale of the entire project. In the software Scale Estimation of our group, the team members participated in the evaluation. Each person makes workload estimates for the upcoming work, and then weighted and averaged the estimated results to form the project team's common Scale Estimation results. This helps the team to have a common understanding of the project workload and work difficulty, and to prepare the workload for maintaining the software quality. To some extent, the impact on the quality of software products may be avoided due to unreasonable project schedules.

Second: The project determines the basic requirements for common coding
Software Quality is the quality of code. To improve the overall quality of code, it is very beneficial and necessary for developers to follow the common basic coding standards. Based on the accumulated coding experience and online technical documents, our security group puts forward the basic requirements for security group programming. This requirement is not all-inclusive, but must be practically promoted to improve the encoding quality. In order to increase flexibility, the requirements also differentiate between "mandatory compliance" and "recommended compliance" for the selection of group members.
Several programming requirements are listed as follows:
1. Try to initialize the variable while defining the variable. The pointer must be initialized at the time of definition;
2. Use explicit data type conversion to avoid implicit data type conversion by the compiler;
3. Check the parameter validity at the "entry" of the function body;
4. When defining a pointer, the initialization is null. before using the memory, check whether the pointer is null. before releasing the memory, check whether the pointer is null. After the memory is released, assign the pointer to null;
5. Use the "Hungary" Naming rules to mimic the programming style and annotation style of IBM code;

Third: strictly follow the company's CMM process management
Needless to say, introducing CMM's process management experience is a great help provided by the company to various project teams and an effective way for the project team to anticipate and avoid risks in a timely manner. Through each milestone inspection of CMM, participation and supervision of SQA personnel, unified management of configuration items of SCM personnel, weekly meetings of the Group, and other methods, this laid the foundation for the smooth implementation of the project. In addition, under the strict process control of CMM, through the explicit definition of requirements, the corresponding tracing of requirements in the corresponding design and test phases, and the unified controlled management and tracking of software bugs, etc, these provide a strong guarantee for the quality of the software products of the project team.
Fourth: Focus on testing activities and introduce tools to improve testing capability
As we all know, testing activities are the most direct and effective part of software product quality assurance. They can be divided: unit Testing, integration testing, and system (overall) testing. In addition to this method, exception testing, stress testing, and performance testing can also be classified based on the test bias. From such a detailed test division, we can see that the test work is extremely important in the software production process. It can be said that the test capability directly determines the final software product quality.
In terms of improving the testing capability, our group should first put all tests under control of the solution and plan, including the integrated test solution/plan and system test solution/plan. Bugs in the testing process are also included in the Bug Management Process of CMM, Which is tracked and monitored to ensure that all bugs are effectively improved and managed.
Secondly, we have introduced specialized testing tools to improve the testing capability and efficiency. For example, we use parasoft's c ++ test tool for strict unit testing, automatically checks the validity of parameters and pointers and performs static checks on the set encoding style. The bounds checker is used to check the memory leakage; iris is used to intercept and analyze packets transmitted over the network to verify the correctness of program data transmission. Through the use of these testing tools, the overall testing capability of our group has been greatly improved, and the depth and breadth of the testing have been guaranteed quantitatively.

The four experiences listed above are widely used in the project management process of our security group. The practice of some small and medium-sized projects shows that these experiences are feasible to guarantee the quality of software projects and can improve the controllability of project quality.

Of course, the above experience is just a summary of our group's work at ordinary times and is not completely suitable for the actual situation of other project teams of the company. I just hope that it can serve as a reference. I hope that some discussions on the software project quality assurance methods will be made in the company to jointly improve the project management experience, promote the healthy development of the company.