Software Reviews and Audits
|Publication Date:||16 June 2008|
This standard provides minimum acceptable requirements for systematic software reviews, where "systematic" includes the following attributes:
a) Team participation
b) Documented results of the review
c) Documented procedures for conducting the review
Reviews that do not meet the requirements of this standard are considered to be nonsystematic reviews. This standard is not intended to discourage or prohibit the use of nonsystematic reviews.
The definitions, requirements, and procedures for the following five types of reviews are included within this standard:
a) Management reviews
b) Technical reviews
This standard does not establish the need to conduct specific reviews; that need is defined by other software engineering standards or by local procedures. This standard provides definitions, requirements, and procedures that are applicable to the reviews of software development products throughout the software life cycle.
Users of this standard shall specify where and when this standard applies and any intended deviations from this standard.
It is intended that this standard be used with other software engineering standards that determine the products to be reviewed, the timing of reviews, and the necessity for reviews. This standard is closely aligned with IEEE Std 1012-1986 [B5],1 but can also be used with IEEE Std 1074-1995 [B10], IEEE Std 730-1989 [B1], ISO/IEC 12207:1995 [B15], and other standards. Use with other standards is described in Annex A. A useful model is to consider IEEE Std 1028-1997 as a subroutine to the other standards. Thus, if IEEE Std 1012-1986 were used to carry out the verification and validation process, the procedure in IEEE Std 1012-1986 could be followed until such time as instructions to carry out a specific review are encountered. At that point, IEEE Std 1028-1997 would be "called" to carry out the review, using the specific review type described herein. Once the review has been completed, IEEE Std 1012-1986 would be returned to for disposition of the results of the review and any additional action required by IEEE Std 1012-1986.
In this model, requirements and quality attributes for the software product are "parameter inputs" to the review and are imposed by the "caller." When the review is finished, the review outputs are "returned" to the "caller" for action. Review outputs typically include anomaly lists and action item lists; the resolution of the anomalies and action items are the responsibility of the "caller."
1 The numbers in brackets correspond to those of the bibliography in Annex C.