Software Engineering final

Each student will be identified with their 6-digit ID number

functional

Students can view grades

functional

The system will generate management reports for administration officials

functional

What are the most important benefits of test-driven development?

Code coverage, Regression testing, simplified debugging, and system documentation.

Why are iterations usually limited when the waterfall model is used?

Cost typically constrains iterations of the waterfall model. Waterfall is document-driven and rework and approval of documents is costly.

Software Pricing

Estimates are made to discover the cost, to the developer, of producing a software system

What 5 things should be included in a scenario?

1. A description of what the system and users expect when the scenario starts. 2. A description of the normal flow of events in the scenario. 3. A description of what can go wrong and how resulting problems can be handled. 4. Information about other activities that might be going on at the same time. 5. A description of the system state when the scenario ends.

What do Gamma et al. suggest are the four essential elements of a design pattern?

1. A name that is a meaningful reference to the pattern. 2. A description of the problem area that explains when the pattern may be applied. 3. A solution description of the parts of the design process, their relationships, and their responsibilities. 4. A statement of the consequences - results and trade offs

What are essential tools in a software development platform?

1. An integrated compiler and syntax-directed editing system that allows you to create, edit, and compile code. 2. A language debugging system. 3. Graphical editing tools, such as tools to edit UML models. 4. Testing tools, such as JUnit, that can automatically run a set of tests on a new version of a program. 5. Tools to support refactoring and program visualization. 6. Configuration management tools to manage source code versions and to integrate and build systems.

Give 5 reasons why eliciting requirements is difficult.

1. Stakeholders often don't know what they want from a computer system except in the most general terms 2. Stakeholders in a system naturally express requirements in their own terms and with implicit knowledge of their own work. 3. Different stakeholders, with diverse requirements, may express their requirements in different ways. Requirements engineers have to discover all potential sources of requirements and discover commonalities and conflict. 4. Political factors may influence the requirements of a system. Managers may demand specific system requirements because these will allow them to increase their influence in the organization. 5. The economic and business environment in which the analysis takes place is dynamic. It inevitably changes during the analysis process.

What are the fundamental elements of a legacy system?

1. System hardware 2. Support hardware 3. Application software 4. Application data 5. Business processes 6. Business policies and procedures

What are the essential elements of an organizational security policy?

1. The assets that must be protected 2. The level of protection that is required to protect different types of assets 3. The responsibilities of the individual users, managers, and the organization 4. The existing security procedures and technologies that should be maintained.

What are the 5 key activities in an object-oriented design process?

1. Understand and define the context and the external interactions with the system. 2. Design the system architecture. 3. Identify the principal objects in the system. 4. Develop design models. 5.Specify interfaces.

Briefly describe three approaches that may be used to identify object classes

1. Use grammatical analysis of a natural language description of the system to be constructed. Objects and attributes are nouns. Operations and services are verbs. 2. Use tangible entities (things) in the application domain such as aircraft, roles such as manager, events such as request, interactions such as meetings, etc. 3. Use a scenario-based analysis where various scenarios of system use are identified and analyzed in turn. As each are analyzed the team responsible must determine the required objects, attributes, and operations.

What 5 checks should be applied during requirements validation?

1. Validity 2. Consistency 3. Completeness 4. Realism 5. Verifiability

What is a Scrum sprint?

A Scrum sprint is a planning unit in which the work to be done is assessed, features are selected for development, and the software is implemented; usually within a 2 - 4 week interval.

Algorithmic Cost Modeling

A formulaic approach is used to compute the project effort based on estimates of product attributes. Effort = A*Size^B*M, where A is the organization dependent constant, B reflect the disproportionate effort for large projects and M is a multiplier reflecting produce, process, and people attributes

Quality Review

A group of people carefully examine part or all of a software system and its associated documentation

What is the fundamental characteristic of a repository architecture?

A repository architecture is a system that will allow several interfacing components to share the same data. Each component interfaces the same dataset that is utilized system wide. They have subsystems which must exchange data: - Shared data is held in a central database or repository and may be accessed by all sub-systems; -Each sub-system maintains its own database and passes data explicitly to other sub-systems.

What is illustrated in a UML sequence diagram?

A sequence of interactions between the actors in a system's environment and the objects in the system itself. The sequence of interactions describes the implementation of a system feature or function.

What is an architectural pattern?

A stylized abstract description of good practice in architectural design that has been tried and tested in different systems and environments. The pattern should include information on when it is and is not appropriate to use that architectural design. It may be represented using tabular and graphical descriptions.

Briefly describe pipe and filter architecture?

A system is decomposed into a set of functional transformations that consume inputs and produce outputs. Data flows from one function to another (the pipeline) and is transformed as it passes through the sequence.

What are the principal components of a textual use-case description?

A tabular format seems to be the most useful when giving a description of the components in a use-case diagram. This is typically a simple textual description, a structured description in a table, or a sequence diagram. It usually includes actors which can be people or other systems, a description, a response, data, stimulus, and comments as well.

What is TDD? (Test Driven Development)

A technique where the test is developed to test the requirement and then the code is developed to pass the test

Project

A temporary endeavor undertaken to create a unique product, service, or result.

Select the types of USER testing

Acceptance, Beta, Alpha

What UML diagram types do you need to represent the essential features of a system?

Activity diagrams, Use case diagrams, Sequence diagrams, Class diagrams, and State diagrams are all essential features of a system. Activity diagrams show the activities involved in a process. Use case show the interactions between a system and its environment. Sequence diagrams show interactions between actors and the system and between system components. Class diagrams show the object classes in the system and the associations between other classes. State diagrams show how the system reacts to internal and external events.

Shows activities involved in a process

Activity model

What are the benefits/problems with agile software development?

Agile is very useful to many companies now a days. It is widely used as the organizational process for new and medium sized companies for its flexibility and rapid deployment of software. Benefits - 1. It has quick and rapid deployment 2. You can get customer feedback quickly and make changes as needed. 3. Bugs seen on previous deployments can be addressed and maintained throughout the next sprint. So issues are found on the get go. Problems - 1. Informality of agile development is incompatible with a legalistic approach to contract definitions seen in large companies. 2. It's more appropriate for new software rather than trying to maintain software in a large company. 3. Won't work well with large team. Best used in small, co-located teams.

What good is a software architecture document?

All of these: It is a tool for communicating with stakeholders in the early design phase of a project, In the early stages of planning, it encourages a detailed analysis of the system, and In large organizations with large systems it is helpful with large-scale reuse.

What are the three types of user testing?

Alpha, Beta, and Acceptance Testing. Alpha - Users of the software work with the development team to test the software at the developer's site. Beta - A release of the software is made available to users to allow them to experiment and to raise problems that they discover with the system developers. Acceptance - customers test a system to decide whether or not it is ready to be accepted from the system developers and deployed in the customer environment.

What guidelines does Whittaker suggest for defect testing?

Choose inputs that force the system to generate all error messages. Design inputs that cause input buffers to overflow. Repeat the same inputs or series of inputs numerous times. Force invalid outputs to be generated. Force computation results to be too large or too small.

What perspectives should be used for developing models of a software system?

An external perspective should be used where you model the context or environment of the system. You should also have an interaction perspective, where you model the interactions between a system and its environment, or between the components of a system. It is also keen to have a structural perspective, where you model the organization of a system or the structure of the data that is processed by the system. Last but not least, a behavioral perspective, where you model the dynamic behavior of the system and how it responds to events.

ISO 9001 Standards Framework

An international set for standards used as a basis for developing quality management systems

identifies the major components of a system and their interaction

Architectural design

List 4 questions that should be asked when deciding whether or not to adopt an agile method of software development.

Are you prepared to change the way you make decisions on scope, budget, and the timeline of the sprint? Are you prepared to potentially restructure your delivery organization? Are you prepared to make technical investments alongside the business and organizational ones? Are customers ready to receive changes quickly? If there are third party vendors involved, can they keep up with your changes?

List 4 design guidelines for secure systems engineering?

Avoid a single point of failure, fail securely, log user actions, compartmentalize your assets. Ensure that a security failure can only result when there is more than one failure in security procedures. For example, have password and question-based authentication. When systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorized users even although normal security procedures are unavailable. Maintain a log of user actions that can be analyzed to discover who did what. If users know about such a log, they are less likely to behave in an irresponsible way. Organize the system so that assets are in separate areas and users only have access to the information that they need rather than all system information.

____ is a non-reciprocal license that allows you to use open source code in proprietary systems and you do not have to re-publish changes to that code.

BSD

Story Based Planning

Based on user stories that reflect the features that should be included in the system

shows what happens, or what is supposed to happen, when a system responds to a stimulus

Behavior model

Task Allocation

Breaking down the user stories into development tasks

Project Planning

Breaking down the work into parts and assigning these to project team members, anticipate problems that may rise and prepare solutions to problems

Inspection Checklists

Checklist of common errors should be used to drive the inspection

What are the fundamental activities that are common to all software processes?

Common activities include specification, design and implementation, validation, and evolution Specification is determining what the system will do. Design/Implementation refers to organizing the system and implementing it. Validation is checking that what you are creating is doing what the customer wants it to do. Evolution is changing the system in response to change in customer needs.

What tests should be included in object class testing?

Complete test coverage of a class involves testing all operations associated with an object, setting and interrogating all object attributes, and exercising the object in all possible states.

What is the distinction between computer science and software engineering?

Computer Science focuses on theory and fundamentals, and software engineering is concerned with the practicalities of developing and delivering useful software.

Quality Management

Concerned with ensuring that the required level of quality is achieved in a product

Risk Management

Concerned with identifying risks and drawing up plans to minimize their effect on a project

structural model that demonstrates the other systems in the environment

Context model

What is described in a context model?

Context models are used to illustrate the operational context of a system - they show what lies outside the system boundaries. Social and organizational concerns may affect the decision on where to position system boundaries.

The philosophy behind agile methods is reflected in the agile manifesto. List and briefly describe the 5 principles of agile methods.

Customer Involvement - This is important because agile works close to the customer; feedback is important. They provide and prioritize new system requirements. Incremental delivery - short 2 - 4 week sprints to bring in new features to an application or system. The customer specifies the requirements for the next delivery. People not process - it is about the who not the what. It should be customer focused. Skills of the development team should be recognized and exploited. Embrace change - If the user or customer doesn't like something, embrace the change they request. System requirements will change, it is important to design the system to accommodate that. Maintain simplicity - Focus on simplicity in the software and the process. Agile doesn't work well with complexity. This can lead to carrying over into the next sprint and not completing work.

List the 5 principles of agile methods.

Customer involvement Incremental delivery People not process Embrace change Maintain simplicity

What are transaction-processing applications?

Database-centered applications that process user requests for information and update the information in the database. They are organized so that transactions cannot interfere with each other and the integrity of the database is maintained.

Process Standards

Defines the processes that should be followed during the software development.

Software Standards

Defines the required attributes of a product or process.

Commercial software goes through three stages of testing: ___ testing is where bugs and defects are discovered during system construction.

Development

Briefly describe the three principal stages of testing for a commercial software system

Development Testing, Release Testing, and User Testing are the three types Development is where the system is tested during development to discover bugs and defects. Release testing, where a separate testing team test a complete version of the system before it is released to users. User testing, where users or potential users of a system test the system in their own environment.

What are the advantages of inspections over testing?

During testing, errors can mask (hide) other errors. Because inspection is a static process, you don't have to be concerned with interactions between errors. Incomplete versions of a system can be inspected without additional costs. If a program is incomplete, then you need to develop specialized test harnesses to test the parts that are available. Inspections can also consider broader quality attributes of a program, such as compliance with standards, portability and maintainability.

Explain the distinction between a Vulnerability and an Exposure.

Exposure - Possible loss or harm to a computing system. This can be loss or damage to data or can be a loss of time and effort if recovery is necessary after a security breach. Vulnerability - A weakness in a computer-based system that may be exploited to cause loss or harm.

What are the three different types of software maintenance and how is effort distributed across these maintenance types?

Fault Repairs, Environmental Adaptation, Functionality addition/modification Fault repairs refers to fixing bugs and vulnerabilities. Environmental adaptation refers to maintenance of a software to adapt to a different operating environment (Different OS, different mobile devices, IE, Chrome, IE8 for old systems) Functionality addition/modification refers to modifying the system to meet new requirements.

What is the distinction between functional and non-functional requirements?

Functional Requirements: These are statements of services the system should provide, how the system should react to particular inputs, and how the system should behave in particular situations. Non-Functional Requirements: These are constraints on the services or functions offered by the system. They include timing constraints, development process constraints, and constraints imposed by standards.

____ is a reciprocal license that allows you to use licensed open source software in your software, and in return, you must make that software open source.

GPL

What are the two fundamental types of software products?

Generic products and Customized (bespoke) software products. Generic refers to products made for anyone who would want to use them usually made by an organization and sold on the open market. Customized are made for a particular customer to suit a specific need. A software contractor will design and implement the software especially for that customer.

What are the essential attributes of good software?

Good software is maintainable, dependable, and usable. It should provide the required functionality and performance to a user.

What are the 4 general issues that affect many different types of software?

Heterogeneity, Business and social change, Security and trust, and Scale. Heterogeneity refers to the operation of software across multiple devices. This includes distributed systems across networks that include different types of computer and mobile devices, and the ability to run on general purpose computers. It should also be able to run on mobile phones and tablets as well. Business and Social change refers to the rapid change within companies and in society where there is a need to change their existing software and to develop new software to meet new needs. Value delivery time needs to be reduced. Security and Trust refers to trusting the software we use. Especially for remote software systems accessed through a web page or web service. We must ensure malicious users cannot successfully attack our software and that information security is maintained. Scale refers to software having a wide range of scales from very small embedded systems in portable or wearable devices through to internet-scale, cloud-based systems that serve a global community.

4-16 hours

How long should a development task be?

List 4 fundamental questions that should be addressed in architectural design? (any 4 from these)

How will the system be distributed across hardware cores or processors? What architectural patterns or styles might be used? How should the architecture of the system be documents? What will be the fundamental approach used to structure the system?

Why might it sometimes be necessary to bypass the normal change management system and make urgent changes to a system?

If a serious system fault needs to be repaired to allow operations to continue, changes to the system, like a software update have unexpected effects, or if there are business changes that require a very rapid response.

What are 4 ways to incorporate deployment support in a system?

Include support for viewing and analyzing configurations You should always include facilities in a system that allow administrators or permitted users to examine the current configuration of the system. Minimize default privileges You should design software so that the default configuration of a system provides minimum essential privileges. Localize configuration settings When designing system configuration support, you should ensure that everything in a configuration that affects the same part of a system is set up in the same place. Provide easy ways to fix security vulnerabilities You should include straightforward mechanisms for updating the system to repair security vulnerabilities that have been discovered.

Product Standards

Includes document standards, such as the structure of requirements documents, documentation standards, such as the comment header for an object class definition, and coding standards, which define how a programming language should be used

makes it more difficult to design object class tests

Inheritance

What are the identified levels in the SEI's Capability Maturity Model?

Initial, Managed, Defined, Quantitatively managed, and Optimizing are the 5 levels in the Capability maturity Model 1. Initial - goals associated with the process are satisfied, and for all processes the scope of the work to be performed is explicitly set out and communicated to the team members. 2. managed - the goals associated with the process area are met, and the organizational policies are in place that define when each process should be used. There must be documented project plans that define the project goals. Resource management and process monitoring procedures must be in place across the institution. 3 defined - this level focuses on organizational standardization and deployment of processes 4. Quantitatively managed - at this level, there is an organizational responsibility to use statistical and other quantitative methods to control sub processes. 5. Optimizing - at this level the organization must use the process and product measurements to drive process improvement.

Tests that do not require execution of the system

Inspections

List 4 types of security threats.

Interception, Modification, Fabrication, and Interruption threats are four different security threats. Interception refers to an attacker gaining access to an asset. Modification refers to a system asset being tampered with. Fabrication refers to false info being added to a system. Interruption refers to an attacker making part of an asset unavailable.

What are the three important classes of interface errors?

Interface misuse - A calling component calls another component and makes an error in its use of its interface e.g. parameters in the wrong order. Interface misunderstanding - A calling component embeds assumptions about the behavior of the called component which are incorrect. Timing errors - The called and the calling component operate at different speeds and out-of-date information is accessed.

What are the two ways in which an architectural model of a system may be used?

It can facilitate discussion about the system design or it can be a way of documenting an architecture that has been designed. The first way is useful because it can be useful to communicate with system stakeholders and project planning because it is not cluttered with detail. Stakeholders can relate and understand an abstract view of the system. The second way's aim is to produce a complete system model that shows the different components in a system, their interfaces and their connections.

What is the basic assumption that underlies event-driven modelling?

It is based on the assumption that a system has a finite number of states and that events (stimuli) may cause a transition from one state to another. Event-driven modeling shows how a system responds to external and internal events.

Completeness (As it relates to software engineering and what we are studying)

It is one of the checks that is made during Requirements validation. The requirements document should include requirements that define all functions and the constraints intended by the system user.

Why is it increasingly irrelevant to distinguish between software development and evolution?

It should be seen that software engineering or development is an evolutionary process where software is continually changed over its lifetime in response to changing requirements and customer needs.

____ is a license that allows your software components to link to open source code without having to publish the source.

LGPL

Why is it expensive and risky to replace legacy systems with new systems?

Legacy systems continue to work and represent a huge investment to companies. If something needs to be replaced for the sake of being replaced it seems like a bad investment for companies. Often times they still work fairly well. There are a number of risks involved including undocumented business rules embedded in legacy systems, Lack of complete system specification, tight integration of the system and business processes, and new system software could be late or over budget.

Reusing existing software to create a new software system of product can be a cost-efficient approach to development in many software projects. It may not be cost-efficient in all projects. As a software engineer, you can determine if it is the best approach for your project only if you know, and can estimate, the associated costs. Which of the following costs is NOT one of the costs typically considered when estimating the cost of reuse?

Legal costs associated with defending against charges of copyright infringement

One of the standard architectural patterns is named MVC. What does MVC stand for?

Model-View-Controller

Interaction-Oriented People

Motivated by the presence and actions of co-workers

Consistency Respect Inclusion Honesty

Name some examples of people management factors

Name three important agile techniques that were introduced in extreme programming?

New version may be built several times per day. Increments are delivered to customers every two weeks. All tests must be run for every build and the build is only accepted if tests run successfully.

What process metrics might be used to assess maintainability?

Number of requests for corrective maintenance, average time required for impact analysis, average time required to implement change request, and number of outstanding change requests are a few process metrics.

How is generalization used to simplify the models of a system with many similar objects?

Often you will see generalization used in modeling systems by examining the classes in a system to see if there is scope for generalization. If changes are proposed, then you do not have to look at all classes in the system to see if they are affected by the change. Inheritance mechanisms are used in object-oriented languages to implement generalization. The attributes and operations with higher-level classes are also associated with the lower-level classes. The lower-level classes are subclasses that inherit the attribute and operations of their superclass. You can then add more specific attributes to the sub classes.

What are the 3 stages in the requirements change management process?

Once you have an identified problem. The three stages you go through is Problem Analysis and Change Specification, Change Analysis and Cost, and Change Implementation. These are the three stages that lead to revised requirements.

Briefly describe the idea of open-source development.

Open-source development is an approach to software development in which the source code of a software system is published and volunteers are invited to participate in the development process.

How does operational security differ from application and infrastructure security?

Operational Security is concerned with ensuring the people do not take actions that may compromise system security. For instance, telling others passwords, leaving PC's on. Application and Infrastructure refers to the engineering problems of designing applications to resist attacks (application) and configuring the infrastructure to resist attacks (infrastructure).

Why is software evolution important?

Organizations are ever evolving, and they have huge investments in their software because they are critical business assets. To continue to show value to these businesses, software must be updated, maintained, and changed in order to continue to show that value.

How do design patterns contribute to reuse?

Patterns support high-level concept reuse. When you try to reuse executable components, you are constrained to the design the interpreters created for executing. This can range from interface type components to algorithms used to implement different components. When the designs conflict with your requirements, reuse isn't possible or it is inefficient. Using certain design patterns means you can reuse the ideas, but can adapt the implementation to suit the system you are developing.

Program Inspections

Peer reviews where engineers examine the source of a system with the aim of discovering anomalies and defects

Task-Oriented People

People who are motivated by the work they do

Other than MVC, select 3 of the architectural patterns discussed in this class.

Pipe-and-Filter, Layered, Repository

Release Planning

Planning looking ahead for several months

Milestones

Points in the schedule against which you can assess progress

What are the 3 stages of risk assessment?

Preliminary Risk Assessment, Design Risk Assessment, and Operational Risk Assessment. Preliminary - The aim of this initial risk assessment is to identify generic risks that are applicable to the system and to decide if an adequate level of security can be achieved at a reasonable cost. Design - This risk assessment takes place during the system development life cycle and is informed by the technical system design and implementation decisions. Operational - This risk assessment process focuses on the use of the system and the possible risks that can arise.

Self Oriented People

Principally motivated by personal success and recognition

shows how a system is used in a broader business process

Process model

For what types of system are agile approaches to development particularly likely to be successful?

Product Development and Custom system development. Product development is where a software company develops a small to medium-sized product for sale. Virtually all software products and apps are now developed using an agile approach. Custom System development is within an organization. It is usually successful where there is a clear commitment from the customer to become involved in the development process and where there are few external stakeholders and regulations that affect the software.

List and briefly describe 3 types of non-functional requirement.

Product, Organizational, and External Requirements Product Requirements: These requirements specify or constrain the runtime behavior of the software. Examples include performance requirements for how fast the system must execute and how much memory it requires; reliability requirements that set out the acceptable failure rate; security requirements; and usability requirements. Organizational Requirements: These requirements are broad system requirements derived from policies and procedures in the customer's and developer's organizations. Examples include operational process requirements that define how the system will be used; development process requirements that specify the programming language; the development environment or process standards to be used; and environmental requirements that specify the operating environment of the system. External Requirements: This broad heading covers all requirements that are derived from factors external to the system and its development process. These may include regulatory requirements that must be followed to ensure that the system operates within the law; and the ethical requirements that ensure that the system will be acceptable to its users and the general public.

What are the possible problems of test-first development?

Programmers prefer programming to testing. So shortcuts might be made in testing, therefore not all grounds are covered and bugs might come up. Some tests might also be very difficult to write incrementally. A complex user-interface is often difficult to write unit tests for.

Deciding how the work in a project will be organized as separate tasks, and when and how these tasks will be executed is

Project Scheduling

Explain the difference between Reengineering and Refactoring as it relates to software maintenance.

Refactoring is smaller scale compared to Reengineering. Refactoring deals with taking existing code, maybe a class or method, and changing it in a way to allow it to run more efficiently than it did previously. Reengineering is taking a legacy system and not changing the functionality, but how it runs to meet a business's requirements. Reengineering might be a better option for companies if that system still presents value to the company. It might also be too risky to get rid of the system because they might not know what certain methods do if naming was too obscure. Therefore, reengineering might be a more viable option, than rebuilding a system from the ground up and missing key functionality.

Testing that focuses on making sure changes have not broken previously working code

Regression

Commercial software goes through three stages of testing: ___ testing is where a dedicated team tests a complete version of the system in the developer's environment.

Release

What are the principal requirements engineering activities?

Requirements elicitation and analysis, Requirements specification, and Requirements validation, and Feasibility Study are the four main activities in the requirements engineering process. Elicitation and analysis - is the process of deriving the system requirements through observation of existing systems, discussions with potential users and procurers, task analysis, and so on. Specification - the activity of translating the information gathered during requirements analysis into a document that defines a set of requirements. Two types of requirements may be included in this document. Validation - this activity checks the requirements for realism, consistency, and completeness. Errors are inevitably discovered, and then must be modified to correct the issues.

What are the 3 principal stages of the requirements engineering process?

Requirements elicitation, Requirements specification, and Requirements validation are three principal stages.

List three requirements validation techniques?

Requirements reviews - Systematic manual analysis of the requirements Prototyping - Using an executable model of the system to check requirements. Test-case generation -Developing tests for requirements to check testability.

What are the development stages in integration and configuration?

Requirements specification, Software discovery/evaluation, Requirements refinement, Application system configuration, and Component adaptation and integration Requirements specification - initial requirements for the system are proposed. They don't have to be elaborated in detail but should include brief descriptions of essential requirements and desirable system features. Software discovery and evaluation - given an outline of the software requirements, a search is made for components and systems that provide the functionality required. Requirements Refinement - requirements are refined using information about the reusable components and applications that have been discovered. Application System Configuration - if an off-the-shelf application system that meets the requirements is available, it may then be configured for use to create the new system. Component adaptation and integration - if there is no off-the-shelf system, individual reusable components may be modified and new components may be developed. They are then integrated to create the system.

Project Risks

Risk affecting schedule or resources.

Business Risks

Risk affecting the organization developing the procuring the software

Product Risks

Risk affecting the quality or performance of the software being made

shows how the system reacts to internal and external events

State model

What is an SQL Poisoning attack and how can testing determine if the source code is susceptible to such an attack?

SQL poisoning is where a malicious user inputs an SQL fragment that is interpreted by a server, is another fairly common attack. To check that buffer overflow errors will not occur, you can examine all input buffers to see if the program is checking that assignments to buffer elements are within bounds.

What are the strategic options for legacy system evolution?

Scrap the system entirely, and modify business processes so that it no longer requires the old system. Continue maintaining the system. Maintain it by re-engineering the system. Replace the system with a new system.

Why has the Scrum agile method been widely adopted in preference to methods such as XP?

Scrum Agile methods focus on providing a framework for agile project organization, and it does not mandate the use of specific development practices such as pair programming and test-first development. This means that it can be more easily integrated with existing practice in a company.

Explain 2 reasons why security testing is especially difficult.

Security requirements are 'shall not' requirements i.e. they specify what should not happen. It is not usually possible to define security requirements as simple constraints that can be checked by the system. The people attacking a system are intelligent and look for vulnerabilities. They can experiment to discover weaknesses and loopholes in the system.

Shows interaction between actors and the system

Sequence model

Quality Plan

Sets out the desired product qualities and how these are assessed and defines the most significant quality attributes.

Iteration Planning

Shorter term outlook, focuses on planning the next increment of a system

What is a software engineering code of ethics?

Software Engineering like many other disciplines is carried out within a social and legal framework where normal standards should be upheld. However, there are instances where standards of acceptable behavior are not bound by laws but by the more tenuous notion of professional responsibility. Some of these principles include, confidentiality, competence, intellectual property rights, and computer misuse.

What are the four fundamental activities in software processes?

Software Specification, Development, Validation, and Evolution. Software Specification, customers and engineers define the software that is to be produced and the constraints on its operation. Software Development, software is designed and programmed. Software Validation, where the software is checked to ensure that it is what the customer requires. Software Evolution, where the software is modified to reflect changing customer and market requirements.

Testing that focuses on testing component integrations

System

What is software engineering?

Software engineering is an engineering discipline that is concerned with all aspects of software production from conception of the idea to delivery, operation, and maintenance of the product.

What are the principal systems re-engineering activities?

Some activities include source code translation where you convert code to a new language, Reverse engineering where you analyse the program to understand it, program structure improvement restructure automatically for understandability, program modularization where you reorganize the program structure, or data reengineering where you clean up the system data.

Why is it important to specify the interfaces of components that are being developed by a software engineering team?

Specifying interfaces of components is important so that objects and subsystems can be designed in parallel. Once it has been specified, the developers of other objects can assume that interface will be implemented.

What are the advantages of explicitly designing and documenting a software architecture?

Stakeholder communication, System analysis, and Large-scale reuse are three different advantages of explicit architecture. Architecture may be used as a focus of discussion by system stakeholders. When it comes to system analysis, this means that analysis of whether the system can meet its non-functional requirements is possible. The architecture also may be reusable across a range of systems.

What should be the principal concerns of system testing?

System testing during development involves integrating components to create a version of the system and then testing the integrated system. The focus in system testing is testing the interactions between components. System testing checks that components are compatible, interact correctly and transfer the right data at the right time across their interfaces. It tests the emergent behavior of a system.

What is test-first development?

Test first Development is an automated unit test framework that is used to write tests for a new piece of functionality before that functionality itself is implemented.

Briefly summarize the test-driven development process

Test-driven development (TDD) is an approach to program development in which you inter-leave testing and code development. Tests are written before code and 'passing' the tests is the critical driver of development. You develop code incrementally, along with a test for that increment. You don't move on to the next increment until the code that you have developed passes its test.

Which of these should be the principal concerns of system testing?

Testing that reusable components integrated in the system function as expected. Testing component interfaces

What are the fundamental architectural views proposed in Krutchen's 4+ 1 model?

The 4 + 1 Krutchen's model refers to the 4 views: Logical view: which shows the key abstractions in the system as objects or object classes. Process view: which shows how, at run-time, the system is composed of interacting processes. Development view: which shows how the software is decomposed for development. Physical view: which shows the system hardware and how software components are distributed across the processors in the system. The + 1 refers to related using use cases or scenarios.

Initiating Planning Executing Monitoring and Controlling Closing

The 5 Process Groups of Project Management

What are the stages in the system evolution process and what triggers that process?

The Change request triggers the process: the stages include Impact Analysis, Release Planning, Change implementation, and System release.

Project Management

The application of knowledge, skills, tools, and techniques to project activities to meet project requirements

What are the three benefits of incremental development, compared to the waterfall model?

The cost of implementing requirements changes is reduced. It is easier to get customer feedback on the development work that has been done. Early delivery and deployment of useful software to the customer is possible, even if all of the functionality has not been included.

Explain why it is important to make a distinction between developing user requirements and developing system requirements in the requirements engineering process.

The distinction is to facilitate communication depending on the audience. Users may not understand the technical jargon in system requirements and developers need more detail than the user documentation.

Experience Based Estimation

The estimate of future effort requirements based on the manager's experience of past projects and the application domain

What are the 4 levels at which software reuse is possible?

The four levels include: 1. Abstraction level: You can reuse successful abstractions in the design of your software at this level. 2. Component level: These include objects and object classes that operate together. You often have to adapt and extend the component by adding some code of your own. An example of component-level reuse is where you build your user interface using a framework. 3. Object level: At this level you use objects from a library instead of writing the code yourself. 4. System level: At this level you reuse an entire application system.

What are the barriers to introducing agile methods into large companies?

The informality of agile development is incompatible with the legal approach to contract definition that is commonly used in large companies. Agile methods are most appropriate for new software development rather than software maintenance that might come with large companies. Agile methods are designed for small co-located teams yet much software development now involves worldwide distributed teams.

Teamwork

The most important thing needed in a software engineering project

What is the most important advantage of a client-server architecture?

The principal advantage of this model is that servers can be distributed across a network. General functionality (e.g., a printing service) can be available to all clients and does not need to be implemented by all services.

What are the principal functions of the 4 layers in a generic information system architecture?

The principal functions of a generic information system architecture include user interface, user communications, information retrieval, and system database. User interface is where the user will operate. User communications layer handles all input and output from the user interface. Information retrieval layer includes application specific logic for accessing and updating the database. Database is where data is stored that we can access for later use.

What are the two different approaches to process improvement and change that have been proposed?

The process maturity approach and the agile approach. Process Maturity - has focused on improving process and project management and introducing good software engineering practice into an organization. Agile - focuses on iterative development and the reduction of overheads in software process. Agile focuses on rapid delivery of functionality and responsive adjustments to customer needs.

Project Scheduling

The process of deciding how the work in a project will be organized as separate tasks, and when and how these tasks will be executed

What are the claimed benefits of model-driven engineering?

The pros to model-driven engineering are that it allows systems to be considered at higher levels of abstraction and generating code automatically means that it is cheaper to adapt systems to new platforms.

What do you understand by the system context and interaction model?

The system context and interaction model present complementary views of the relationship between the system and its environment. 1. The system context model is a structural model that demonstrates the other systems in the environment of the system being developed. 2. An interaction model is a dynamic model that shows how the system interacts with its environment as it is being used.

What is the distinction between the terms ʼshallʼ and ʻshouldʼ in a user requirements document, which is written in natural language?

The term 'shall' is used in verifiable non-functional requirements and 'should' is used for goals; which is the general intention of the user such as ease of use in non-functional requirements. 'Should' is usually written in natural language.

List 5 different types of software application.

There are Stand-alone applications, Interactive transaction-based applications, Embedded Control systems, Batch processing systems, and entertainment systems. Stand-alone are applications that run on a PC or mobile device. Might not need to be connected to a network and includes all functionality necessary to run the application. Examples would be travel apps, productivity apps, etc. Interactive transaction-based are applications that execute on a remote computer and that are accessed by users from their own computers, phones, or tablets. These include web applications such as e-commerce applications where you interact with a remote system to buy goods and services. Embedded control systems are software control systems that control and manage hardware devices. Batch processing systems are business systems that are designed to process data in large batches. They process large numbers of individual inputs to create corresponding outputs. Entertainment Systems are systems for personal use that are intended to entertain the user. It might include special purpose console hardware.

Explain why a company might justifiably charge a much lower price for a software system than the software cost estimate.

There are five reasons according to the book why a company might have a lower price. Contractual terms, cost estimate uncertainty, financial health, market opportunity, and requirements volatility Contractual terms - the customer may allow the developer to keep the source code to the developer. Cost estimate uncertainty - uncertain of the cost estimate may be lower or higher its normal profit Financial health - companies may lower price to gain a contract due to financial strain. Its better to have smaller than normal profit than go out of business. Market opportunity - A development organization may quote a low price because it wishes to move into a new segment of the software market. Requirements volatility - If the requirements are likely to change, an organization may lower its price to win a contract. After the contract is awarded, high prices can be charged for changes to the requirements.

What are the advantages of using incremental development and delivery?

There are four advantages according to our book. 1. Customers can use the early increments as prototypes and gain experience that informs their requirements for later system increments. Unlike prototypes, these are part of the real system, so there is no relearning when the complete system is available. 2. Customers do not have to wait until the entire system is delivered before they can gain value from it. The first increment satisfies the most critical needs. 3. The process maintains the benefits of incremental development in that it should be relatively easy to incorporate changes into the system. 4. As the highest priority services are delivered first and later increments the integrated, the most important system services receive the most testing. This means that customers are less likely to encounter software failures in the most important parts of the system.

What fundamental issues have to be considered when designing system architecture for security? Are these issues compatible or conflicting - and why?

There are two fundamental issues: Protection: How should the system be organized so that critical assets can be protected against external attack? Distribution: How should system assets be distributed so that the effects of a successful attack are minimized? These issues are potentially conflicting. If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised.

What are the three types of abstract system model that are recommended by the MDA method?

There is the CIM (Computation Independent Model), PIM (Platform Independent Model), and the PSM (Platform Specific Model). CIMs show the important domain abstractions used in a system. CIMs are sometimes called domain models. PIMs show the operation of the system without reference to its implementation. The PIMs are usually described using UML models that show the static system structure and how it responds to external and internal events. PSMs are transformations of the platform-independent model with a separate PSM for each application platform. In principle, there may be layers of PSM, with each layer adding some platform-specific detail.

List 3 generic software process models and briefly describe a project where each would be better suited for use.

There is the waterfall model, integration/configuration model, and Incremental Development model Waterfall is plan driven, with separate and distinct phases of specification development. It is used in large systems engineering projects where it is developed at several places. Integration/Configuration - relies on the availability of reusable components or systems. If you already have a standard system that you can pull useful components from to implement a new system this would be beneficial. Incremental development - With this, specification development, and validation are interleaved, and can be plan driven or agile. It is best used when working close to a customer since its easier to get customer feedback. This would work well on a new system that might be used to replace an old system where the customers can be a user group for "testing" purposes. The most critical functions of this new system can be used by them and new features can be added as you go.

Non-functional requirements (As it relates to software engineering and what we are studying)

These are constraints on the services or functions offered by the system. They include timing constraints, constraints on the development process, and constraints imposed by standards. Non-functional requirements often apply to the system as a whole rather than individual system features or services.

Functional Requirements (As it relates to software engineering and what we are studying)

These are statements of services the system should provide, how the system should react to particular inputs, and how the system should behave in particular situations. In some cases, the functional requirements may also explicitly state what the system should not do.

How are activity diagrams used in describing the context of use of a system?

They may be used to define business process models. They show activities in a process and the flow of control from one activity to another. The start of a process is indicated by a filled circle, the end by a filled circle inside another circle. Rectangles with round corners represent activities, that is, the specific subprocesses that must be carried out. You may include objects in activity charts. Arrows represent the flow of work from one activity to another, and a solid bar indicates activity coordination. When the flow from more than one activity leads to a solid bar, then all of these activities must be complete before progress is possible.

What software engineering fundamentals apply to all types of software systems?

They should be developed using a managed and understood development process. The organization developing the software should plan the development process and have clear ideas of what will be produced and when it will be completed. Of course, the specific process that you should use depends on the type of software that you are developing. Dependability and performance are important for all types of systems. Software should behave as expected, without failures, and should be available for use when it is required. It should be safe in its operation and as far as possible, should be secure against attack. It should perform efficiently and without wasting resources. Understanding and managing the software specification and requirements (what the software should do) are important. You have to know what different customers and users of the system expect from it, and you have to manage their expectations so that a useful system can be delivered within budget and to schedule. You should make effective use of existing resources. This means that, where appropriate, you should reuse software that has already been developed rather than write new software.

What are three key characteristics of the engineering of web-based software engineering?

Three key factors in web-based software engineering include: Software reuse as the dominant approach in constructing web-based systems Web-based systems are usually developed and delivered incrementally Software may be implemented using service-oriented software engineering where the software components are stand-alone web services.

What factors should be assessed to understand the relationship between a system and its environment?

Tightly coupled systems require changes whenever the environment is changed. Factors that might influence this are the number and complexity of system interfaces, number of inherently volatile system requirements, and the business process where the system is used.

a set of different diagram types that may be used to model software systems

UML

Testing that focuses on testing functionality

Unit

shows interaction between a system and its environment

Use Case

Select diagrams that your textbook author considers to be the essential UML diagrams needed to describe any software system.

Use Case, Sequence, Class, Activity, and State diagrams

Use Case (As it relates to software engineering and what we are studying)

Use case is a type of UML diagram. It shows the interactions between a system and its environment.

Object-oriented design requires us to identify what objects/classes are needed in a system. There is no 'cookbook' approach to tell us exactly how to do this. There are, however, some general approaches that can be used to help identify objects. Number, name, and describe 4 of these approaches as discussed in the textbook.

Use grammatical analysis of a natural language description of the system to be constructed. Objects and attributes are nouns; operations or services are verbs Use tangible entities (things) in the application domain such as aircraft, roles such as manager, events such as request, interactions such as meetings, locations such as offices, organizational units such as companies, and so on. Use a scenario-based analysis where various scenarios of system use are identified and analyzed in turn. As each scenario is analyzed, the team responsible for the analysis must identify the required objects, attributes, and operations Create UML diagrams to help identify objects, context, actions, class naming, and how the system will work.

Project Plan

Used to communicate how the work will be done to the project team and customers

Commercial software goes through three stages of testing: ___ testing is where customers test the completed system in the customer's environment.

User

What are user requirements and system requirements?

User Requirements and System Requirements User: Statements in natural language and diagrams of the services the system provides and its operational constraints that are written for customers. System: A structured document setting out detailed descriptions of the system's functions, services and operational constraints. Defines what should be implemented so may be part of a contract between client and contractor.

User Requirements (As it relates to software engineering and what we are studying)

User requirements are diagrams or statements of the services the system provides and its operational constraints that are written for customers. This can be written on cards (tasks) by a project manager for developers and put in the product backlog.

Are we building the product right?

Validation

What is the distinction between validation and verification?

Validation: -These check that the requirements reflect the real needs of system users. Because of changing circumstances, the user requirements may have changed since they were originally elicited. Verification: - To reduce the potential for dispute between customer and contractor, system requirements should always be written so that they are verifiable. This means that you should be able to write a set of tests that can demonstrate that the delivered system meets each specified requirement.

Are we building the project right?

Verification

A possible loss or harm to a computing system is referred to as a

exposure

What are the principal aims of software configuration management?

Version management, System integration, Problem tracking, and Release management are some principal aims of software configuration management. 1. Version management is used to keep track of the different version of software components you develop, and stops overwriting of the same components by different developers. 2. System integration is referring to where support is provided to help developers define what versions of components are used to create each version of a system. 3. Problem tracking, refers to allowing feedback from users to keep track of bugs in your software application. and allow developers to see who is working on those bugs. 4. Release management is where new versions of a system are released to customers. This is concerned with planning the functionality of new releases.

A weakness in a computer-based system that may be exploited to cause loss or harm

Vulnerability

List 3 generic process models that are used in software engineering.

Waterfall Model, Incremental Development Model, and the Integration/Configuration Model Waterfall is a plan driven model. Separate and distinct phases of specification development. In the Incremental development model specification, development, and validation are interleaved. It can also be plan driven or agile. Integration/Configuration relies on the availability of reusable components or systems.

Use of reused systems and components Programming Language Distribution of system

What are some factors influencing the final size of the project?

Integration, Scope, Time, Cost, Quality, Human Resources, Communications, Risk, Procurement, Stakeholder

What are the 10 knowledge areas of project management?

Identification: Finding risks in a project Analysis: Assess probability and seriousness of risk Planning: Consider each risk and develop a strategy to manage the risk Monitoring: Checking up for upcoming risks

What are the 4 risk management processes?

What are the shared characteristics of different agile methods of software development?

Whether it is Plan-Based or Agile, both require Requirements Engineering and Design and Implementation steps in their development. After Design and implementation, both will go back to the Requirements Engineering process.

Deliverables

Work products that are the result of the completion of tasks in a development project.

A systematic way to estimate the effort required to develop a system

algorithmic cost model

Designed to resist attack

application security

An exploitation of a weakness in a computer system is a

attack

Triggers the software evolution process

change request

A work product delivered to the customer

deliverable

The stage where operational software is updated with new functionality

evolution

A technique where managers judge the effort required for a project is

experience-based estimating

Development teams use agile methods and maintenance teams use plan-driven methods, or vice-versa

handover problems

Configured to resist attack

infrastructure security

Older systems with languages and technology no longer used for new development

legacy

Points in a project schedule to assess progress

milestones

Grades must remain secure

non-functional

The programs will be coded in Java

non-functional

The system development process will use SCRUM

non-functional

The system must be available 98 percent of the time

non-functional

Secure use of the organization's systems

operational security

The stage where operational software is used with no further changes

phase-out

Ensuring that software is delivered on time, on budget, and meets expectations

project management

Risks that affect schedule or resources are

project risks

A massive upgrade to part, or all, of a legacy system without changing its functionality is known

reengineering

The agile term for making improvements to a program to slow down degradation through change is

refactoring

The probability and seriousness of each security risk is assessed by a

risk analysis

Developing systems that can resist malicious attacks

security engineering

The stage where operational software has bugs fixed with no new functionality.

servicing

Circumstances that have potential to cause loss or harm are a

threat