Extracting Acyclic Dependency Models from Quality Standards for COTS Software Evaluation

Abstract

Commercial off-the-shelf (COTS) software has become a crucial component of many of today’s mission- and safety-critical products. As these products have proliferated internationally, global demand for software safety and performance quality has increased. Unfortunately, the current state-of-the-art in software assessment technology has not matured to the point where well-established and widely accepted schemes for evaluating COTS software quality have been presented. Without insight into the source code, COTS software users depend on a subjective assessment of attributes described by performance metrics, behavioral descriptions, and/or historical product data. Published techniques that attempt to formalize the above approach are often less than successful due to ill-defined and subjective metrics, and the naive assumption of independence between attributes. Recently, software standards have been seen as a means of improving the evaluation process by providing an acknowledged criterion for software metric comparison. Given the stated issues, is it possible to develop a standards-based dependency model of well-defined attributes that does not depend on naive assumptions? The answer to this question is yes. This paper describes a process that can be used to extract acyclic dependency models, if they exist, from various software product quality standards. Application of the extraction process will be used to reveal the attribute dependency model of the international software standard ISO/IEC 9126-1. Not only can this process be used for COTS software evaluation, but it can also be used by standards making bodies to clarify the reasoning, justifications and causal implications they employ when developing standards.