It is important to assess process quality, as it is a driver of product quality; however, it is also important to measure the quality of the resulting artefacts: documents like requirements, architecture, test plan; model for specifying and reasoning on structural or behavioral aspects of the software; source code, test suites.
A whole spectrum of techniques can be used can be used to this end, ranging from the simplest to the most complex (and requiring more heavy tool support): manual review, static analysis based on software metrics, static analysis based on deeper semantic reasoning and formal verification techniques.
Business demands, time-to-market pressures and resource constraints drive development teams to make trade-offs. These trade-offs have a direct impact on the quality of software design and code, and, if they are ill-considered, they can result in structural risks to an application, increased development and maintenance costs, and loss of market share.
For the past decade, CETIC has acquired extensive expertise in the application of quality models based on ISO9126/SQuaRE that is the foundation of its tooled application code analysis expertise with targeted quality attributes, such as maintainability, security and reliability. CETIC has also developed specific quality models and tool chains for Open Source ecosystems and security critical applications.
Using CETIC’s methodology and best-of-breed tooling, the quality of an application is measured in terms of cumulative technical debt, an expression which quantifies the cost of the non-quality of an application and is a figure on which both manager and developer can agree.
This expertise enables companies to monitor and control the structural quality of their applications cost-effectively, without significant impact on the delivery cycle. Direct benefits include a lower cost of delivered projects, better time-to-market and increased team productivity. The customer is then able to install a quality gate in order to control application delivery. From the supplier side, this is the opportunity to set up a long-lasting relationship of trust with their customers. It also provides better risk control over the IT maturity of new businesses.