Unit6 - Subjective Questions

ISO 9001 is a set of standards established by the International Organization for Standardization that defines the requirements for a Quality Management System (QMS). In software engineering, it ensures that an organization has structured processes in place to consistently produce high-quality software that meets customer requirements.

Key Principles of ISO 9001:

• Customer Focus: Understanding current and future customer needs to meet requirements and exceed expectations.
• Leadership: Leaders establish unity of purpose and direction, creating an environment where people are engaged.
• Engagement of People: Competent, empowered, and engaged people at all levels are essential.
• Process Approach: Understanding activities as interrelated processes that function as a coherent system.
• Improvement: A successful organization has an ongoing focus on improvement.
• Evidence-based Decision Making: Decisions based on the analysis and evaluation of data and information.
• Relationship Management: Managing relationships with interested parties, such as providers (suppliers).

SEI CMMI is a process improvement training and appraisal program and service administered by the CMMI Institute (originally Software Engineering Institute). It guides process improvement across a project, a division, or an entire organization.

The 5 Maturity Levels:

1. Initial: Processes are unpredictable, poorly controlled, and reactive. The success depends on individual heroics rather than a stable process.
2. Managed: Processes are characterized for projects and is often reactive. Requirements, processes, and results are managed and documented.
3. Defined: Processes are characterized for the organization and are proactive. Standard processes are established and improved over time.
4. Quantitatively Managed: Processes are measured and controlled. Quantitative data is used to establish predictable processes that align with business needs.
5. Optimizing: Focus on continuous process improvement. The organization uses data to identify defects and process variations to improve performance.

Six Sigma is a set of techniques and tools for process improvement. In software engineering, it aims to eliminate defects (bugs) and minimize variability in development processes. Statistically, it strives for near-perfection, targeting no more than $3.4$ defects per million opportunities (DPMO).

The DMAIC Methodology:

• Define: Define the project goals and customer (internal and external) deliverables.
• Measure: Measure the process to determine current performance and quantify the problem.
• Analyze: Analyze and determine the root cause(s) of the defects.
• Improve: Improve the process by eliminating and preventing root causes of defects.
• Control: Control future process performance to ensure that improvements are sustained.

The Personal Software Process (PSP) is a structured software development process that is intended to help software engineers understand and improve their own performance. It was developed by Watts Humphrey at the SEI.

Key Aspects of PSP:

• Self-Measurement: Engineers track their own work, defects, and time spent on tasks.
• Estimation: Using historical data to make better estimates for future projects.
• Quality Management: Encourages developers to find and fix defects early in the development cycle (e.g., during design or code review) rather than in testing.
• Discipline: It provides a disciplined framework for individual engineers, serving as the foundation for the Team Software Process (TSP).

CASE (Computer-Aided Software Engineering) tools are software applications used to support, accelerate, and smooth the software development lifecycle (SDLC). They automate various activities involved in software development.

Distinction between Upper and Lower CASE:

Software maintenance is the modification of a software product after delivery to correct faults, improve performance, or adapt to a changed environment.

Types of Maintenance:

1. Corrective Maintenance: Reactive modification to fix discovered problems or bugs.
   • Example: Fixing a login error that prevents users from accessing the system.
2. Adaptive Maintenance: Modification to keep the software usable in a changed or changing environment.
   • Example: Updating the software to work with a new version of the Windows or Android operating system.
3. Perfective Maintenance: Modification to improve performance or maintainability (enhancements).
   • Example: Optimizing a database query to make a report generate faster, or adding a 'Dark Mode' feature.
4. Preventive Maintenance: Modification to detect and correct latent faults in the software product before they become effective faults.
   • Example: Refactoring code to reduce complexity and improve documentation to prevent future bugs.

Software maintenance is often considered the most expensive phase of the SDLC. Several challenges contribute to this cost and difficulty:

• Legacy Code: Maintaining old code with obsolete technologies (e.g., COBOL) where expertise is scarce.
• Lack of Documentation: Original developers often fail to document code properly, making it difficult for maintenance engineers to understand the logic.
• Personnel Turnover: The original authors of the code may leave the organization, taking tacit knowledge with them.
• Ripple Effects: Changing one part of a complex system may inadvertently break other parts (regression).
• Lehman’s Laws: As a system evolves, its complexity increases unless work is done to maintain or reduce it.
• Cost: It requires significant budget allocation, often diverted from new development.

Software Reuse is the process of creating software systems from existing software assets rather than building them from scratch. Assets can include source code, design patterns, requirements specifications, and test cases.

Benefits:

• Increased Reliability: Reused components have typically been tested and used before, reducing bugs.
• Reduced Development Cost: Less code to write means lower costs.
• Faster Time-to-Market: assembling existing components is faster than creating new ones.

Barriers:

• "Not Invented Here" (NIH) Syndrome: Developers preferring to write their own code.
• Maintenance of Library: Creating and maintaining a repository of reusable components requires effort.
• Lack of Standards: Difficulty in finding components that fit specific architectural requirements.

Component-Based Software Development (CBSD) is a paradigm that emphasizes the design and construction of computer-based systems using reusable software components. It involves shifting from programming software line-by-line to composing software systems by wiring together pre-built components (often Commercial Off-The-Shelf or COTS).

Differences from Traditional Development:

• Granularity: Focuses on loosely coupled 'components' with well-defined interfaces rather than functions or objects.
• Development Cycle: The lifecycle involves finding, selecting, and integrating components rather than requirements-design-code-test in a linear fashion.
• Independence: Components are designed to be independent and deployable contexts, whereas traditional modules might be tightly coupled to the specific application.

Cloud-native software development is an approach to building and running applications that exploits the advantages of the cloud computing delivery model. It focuses on how applications are created and deployed, not just where.

Core Technologies/Pillars:

1. Microservices: Breaking applications into small, independent services that communicate via APIs.
2. Containers: Packaging software (code + dependencies) into standard units (e.g., Docker) for consistent deployment across environments.
3. DevOps & CI/CD: Continuous Integration and Continuous Delivery pipelines to automate testing and deployment.
4. Orchestration: Managing the lifecycle of containers (e.g., Kubernetes) to handle scaling and failover dynamically.

Artificial Intelligence is transforming the SDLC by automating repetitive tasks, improving code quality, and accelerating development.

Role of AI Tools (Copilot/CodeWhisperer):

• Intelligent Code Completion: These tools use Large Language Models (LLMs) to predict and complete lines or blocks of code based on context and comments.
• Natural Language to Code: Developers can describe a function in plain English (e.g., "Write a function to calculate the Fibonacci sequence"), and the AI generates the syntax.
• Test Case Generation: AI can analyze code and automatically generate unit tests to ensure coverage.
• Refactoring & Explanation: AI can explain complex legacy code snippets or suggest more efficient ways to write existing logic.
• Bug Detection: Identifying potential vulnerabilities or logic errors before the code is even run.

Low-code / No-code (LCNC) platforms are development environments that allow users to create application software through graphical user interfaces (GUIs) and configuration instead of traditional computer programming.

• Low-Code: Requires some coding skill but reduces the amount of boilerplate code. Targeted at developers to speed up delivery.
• No-Code: Requires zero coding knowledge. Targeted at "Citizen Developers" (business users).

Impact on Industry:

• Democratization: Business analysts and non-technical staff can build internal tools without waiting for IT.
• Speed: Drastically reduces development time for standard CRUD (Create, Read, Update, Delete) applications.
• Resource Management: Allows professional developers to focus on complex, high-value problems while standard apps are handled via LCNC.

Reverse Engineering and Forward Engineering are two opposing directions of the software engineering process, often used together in software re-engineering.

• Forward Engineering:

  • Definition: The traditional process of moving from high-level abstractions and logical designs to the physical implementation of a system.
  • Flow: Requirements Design Code.
  • Goal: To create a new system from scratch.

• Reverse Engineering:

  • Definition: The process of analyzing a system to identify the system's components and their interrelationships and create representations of the system in another form or at a higher level of abstraction.
  • Flow: Code Design Requirements (Mental Model).
  • Goal: To understand a legacy system for documentation, maintenance, or re-implementation.

While both models aim to improve software quality, they approach it differently.

Software Re-engineering is the examination and alteration of a subject system to reconstitute it in a new form and the subsequent implementation of the new form. It is often done to prevent software from becoming obsolete.

The Re-engineering Cycle:

1. Inventory Analysis: Assessing the portfolio of applications to determine which candidates should be re-engineered based on business value and technical quality.
2. Document Restructuring: Improving or creating documentation for the legacy system.
3. Reverse Engineering: analyzing the code to extract design and requirements.
4. Code Restructuring: Modifying the source code to make it structured and understandable (refactoring).
5. Data Restructuring: Cleaning and reorganizing the database schema.
6. Forward Engineering: Using the recovered design to generate the new system using modern technologies.

Integrated CASE (I-CASE) refers to a set of CASE tools that rely on a common repository and user interface to support the entire software development lifecycle, rather than just specific phases.

Key Features:

• Central Repository: All tools share a central database (repository) where requirements, designs, and code metadata are stored. This ensures consistency.
• Seamless Data Flow: Outputs from an Upper CASE tool (e.g., a DFD diagram) can be directly used by a Lower CASE tool (e.g., code generator) without manual re-entry.
• Consistency: Changes in the design phase automatically reflect in the documentation and potentially the code structure, maintaining synchronization.

Six Sigma is a statistical term used to measure the quality of a process. Sigma () represents the standard deviation or variation in a process.

Statistical Meaning:

• In a normal distribution curve, the area under the curve represents the population of opportunities.
• (Six Sigma): This level of quality means that the process limits are 6 standard deviations away from the mean on both sides.
• This results in an error rate of extremely low probability.

The Metric:
At the Six Sigma level, the process produces only $3.4$ Defects Per Million Opportunities (DPMO). This implies the process is defect-free.

Advantages of Cloud-Native:

• Scalability: Microservices can be scaled independently (horizontal scaling) based on demand.
• Resilience: If one microservice fails, the whole application does not crash.
• Faster Release: CI/CD allows for frequent updates without downtime.

Disadvantages/Challenges:

• Complexity: Managing distributed systems, networking, and data consistency between microservices is significantly harder than a monolith.
• Security: A larger attack surface due to many API endpoints.
• Debugging: Tracing a request through multiple services requires advanced monitoring (observability) tools.

AI-driven code generation (using tools like GitHub Copilot) is shifting the role of software engineers from "Code Writers" to "Code Reviewers" and "System Architects".

Impacts:

• Productivity Boost: Boilerplate code (e.g., API calls, UI structures) is generated instantly, saving time.
• Focus on Logic: Engineers spend more time on high-level logic, security, and architecture rather than syntax.
• New Skill - Prompt Engineering: Developers must learn how to effectively query the AI to get the best code output.
• Verification: There is a higher need for rigorous code review and security auditing, as AI can hallucinate or produce insecure code.
• Learning Curve: Juniors may rely too heavily on AI, potentially hindering their understanding of underlying principles if they don't study the generated code.

Software Configuration Management (SCM) is the task of tracking and controlling changes in the software. It is critical during the maintenance phase to prevent chaos.

Key Functions in Maintenance:

• Version Control: Keeping track of different versions of the software (e.g., v1.0, v1.1). If a maintenance patch fails, SCM allows rolling back to the previous stable state.
• Change Control: A formal process to approve or reject change requests (CRs) to ensure that maintenance doesn't introduce unnecessary features or risks.
• Auditing: Ensuring that the released software matches the documentation and requirements.
• Baseline Management: Defining a stable state of the software from which future changes are made.