Abstract
Today, the demand for security software is Six Sigma quality, i.e. practically zero-defects. A practical and stochastic method is proposed for a Six Sigma security software quality management. Monte Carlo Simulation is used in a Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) approach to security software testing. This elaboration used a published real project’s data from the final product testing lasted for 15 weeks, after which the product was delivered. The experiment utilised the first 12 weeks’ data to allow the results verification on the actual data from the last three weeks. A hypothetical testing project was applied, supposed to be completed in 15 weeks. The product due-date was Week 16 with zero-defects quality assurance aim. The testing project was analysed at the end of the 12th week with three weeks of testing remaining. Running a Monte Carlo Simulation with data from the first 12 weeks produced results which indicated that the product would not be able to meet its due-date with the desired zero-defects quality. To quantify an improvement, another simulation was run to find when zero-defects would be achieved. Simulation predicted that zero-defects would be achieved in week 35 with 56% probability, and there would be 82 defects from Weeks 16 - 35. Therefore, to meet the quality goals, either more resources should be allocated to the project, or the deadline for the project should be moved to Week 36. The paper concluded that utilising Monte Carlo Simulations in a Six Sigma DMAIC structured framework is better than conventional approaches using static analysis methods. When the simulation results were compared to the actual data, it was found to be accurate within ﹣3.5% to +1.3%. This approach helps to improve software quality and achieve the zero-defects quality assurance goal, while assigning quality confidence levels to scheduled product releases.
Highlights
Six Sigma methodologies were originally formulated by Motorola in the mid-1980s
A practical and stochastic method is proposed for a Six Sigma security software quality management
Monte Carlo Simulation is used in a Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) approach to security software testing
Summary
Six Sigma methodologies were originally formulated by Motorola in the mid-1980s. Subsequently, Six Sigma evolved into a set of comprehensive and powerful improvement frameworks and tools. DMAIC comprises [1] [2]: 1) Define: defining the process, objectives and quality goals; 2) Measure: establishing the metrics and measuring the current process performance; 3) Analyse: analysing the measurement results and collected data to determine the root causes of the process variability and risk; 4) Improve: considering alternatives to eliminate the root causes and determining and applying the improvement solution to upgrade the process; and 5) Control: continuous monitoring and establishing corrective mechanisms to rectify the deviations and control the process performance in the future It has been well understood for more than a decade that the root-cause of most security exposures is in the software itself, and that these vulnerabilities are introduced during the development process. A fuzz approach to security testing was presented by Pietikäinen et al The authors emphasised the challenges, experiences, and practical ways of utilizing fuzzing in soft-
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
