IEEE 1028-2008 en Software Reviews and Audits (IEEE Computer Society Document)《软件检查与审计》.pdf

1、IEEE Std 1028-2008(Revision of IEEE Std 1028-1997)IEEE Standard for Software Reviews and AuditsIEEE3 Park Avenue New York, NY 10016-5997, USA15 August 2008IEEE Computer SocietySponsored by theSoftware procedures for determining the necessity of a review or audit are not defined, and the disposition

2、of the results of the review or audit is not specified. Types included are management reviews, technical reviews, inspections, walk-throughs, and audits. Keywords: audit, inspection, review, walk-through The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-59

3、97, USA Copyright 2008 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 15 August 2008. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard

4、 for educational classroom use can also be obtained through the Copyright Clearance Center. Introduction This introduction is not part of IEEE Std 1028-2008, IEEE Standard for Software Reviews and Audits. This introduction provides the user with the rationale and background of the reviews and audits

5、 outlined in this standard and their relationships to other IEEE standards. Purpose This standard defines five types of software reviews and audits, together with procedures required for the execution of each type. This standard is concerned only with the reviews and audits; it does not define proce

6、dures for determining the necessity of a review or audit, nor does it specify the disposition of the results of the review or audit. Review types include management reviews, technical reviews, inspections, and walk-throughs. This standard is meant to be used either in conjunction with other IEEE sof

7、tware engineering standards or as a stand-alone definition of software review and audit procedures. In the latter case, local management must determine the events that precede and follow the actual software reviews and audits. The need for reviews and audits is described in several other IEEE standa

8、rds, as well as standards prepared by other standards-writing organizations. IEEE Std 1028-2008 is meant to support these other standards. In particular, reviews and audits required by the standards listed in Annex B can be executed using the procedures described herein. The use of IEEE Std 1044-199

9、3 B8ais encouraged as part of the reporting procedures for this standard. General application intent This standard applies throughout the scope of any selected software life-cycle model and provides a standard against which software review and audit plans can be prepared and assessed. Maximum benefi

10、t can be derived from this standard by planning for its application early in the project life cycle. This standard for software reviews and audits was written in consideration of both the software and its system operating environment. It can be used where software is the total system entity or where

11、 it is part of a larger system. Care should be taken to integrate software review and audit activities into any total system life-cycle planning; software reviews and audits should exist in concert with hardware and computer system reviews and audits to the benefit of the entire system. Reviews and

12、audits carried out in conformance with this standard may include both personnel internal to the project and customers or acquirers of the product, according to local procedures. Suppliers may also be included if appropriate. The information obtained during software reviews (particularly inspections)

13、 may be of benefit for improving the users software acquisition, supply, development, operation, and maintenance processes. The use of review data for process improvement is required for inspections. History Major changes were made to the structure and content of IEEE Std 1028 during the last comple

14、te revision in 1997. This version was reaffirmed in 2001. As part of the reaffirmation, many balloters submitted comments. The reaffirmation was approved by the IEEE Standards Board with the proviso that the reaffirmation comments be addressed during the next revision. aThe numbers in brackets corre

15、spond to those of the bibliography in Annex B. iv Copyright 2008 IEEE. All rights reserved. That was the context for the current revision: consider all the comments from the reaffirmation vote. Structural changes were not to be part of this effort. The Working Group considered all comments from the

16、reaffirmation, whether accompanying negative or affirmative votes, as well as additional clarification concerns that arose during the revision. With one exception, no structural change occurred. That exception was intended to clarify the difference between inspections and walk-throughs by requiring

17、process improvement to be mandatory for inspections (see 6.9), and to eliminate process improvement from walk-throughs. As a result, there is a clear progression in formality from the most formal, audits, followed by management and technical reviews, then to the less formal inspections, and finishin

18、g with the least formal, walk-throughs. Development procedure This standard was developed by the Software Engineering Review Working Group. The entire standards writing procedure was carried out via electronic mail. Notice to users Laws and regulations Users of these documents should consult all app

19、licable laws and regulations. Compliance with the provisions of this standard does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of i

20、ts standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private uses. These include both use, by reference

21、, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any rights in copyright to this document. Up

22、dating of IEEE documents Users of IEEE standards should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists o

23、f the current edition of the document together with any amendments, corrigenda, or errata then in effect. In order to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE Standards Associat

24、ion Web site at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously. For more information about the IEEE Standards Association or the IEEE standards development process, visit the IEEE-SA Web site at http:/standards.ieee.org. v Copyright 2008 IEEE. All r

25、ights reserved. vi Copyright 2008 IEEE. All rights reserved. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are encouraged to check this URL for errata periodically. Interpretations

26、Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no

27、position is taken with respect to the existence or validity of any patent rights in connection therewith. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims or determinin

28、g whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk

29、 of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association. Participants At the time this standard was submitted to the IEEE-SA Standards Board for approval, the Software Reviews Working Group had the following membe

30、rship: J. Dennis Lawrence, Chair Edward Addy T. Scott Ankrun Chris Bagge William Bartholomew David Bowen Massimo Cardaci Norbert Carte Michael Chonoles Terry Dietz Antonio Doria Edward Dudash Andrew Fieldsend Gregg Giesler Pirooz Joodi George Kyle David J. Leciston Carol A. Long Michael McCaffrey Mi

31、roslav Pavlovic Jamey Sanders Helmut H. Sandmayr Robert Schaaf Hans Schaefer Luca Spotorno Thomas Starai K. S. Subrahmanyam Douglas Thiele John Thuywissen vii Copyright 2008 IEEE. All rights reserved. The following members of the individual balloting committee voted on this standard. Balloters may h

32、ave voted for approval, disapproval, or abstention. Butch Anton Chris Bagge Pieter Botman Daniel Brosnan Juan Carreon Norbert Carte Lawrence Catchpole Danila Chernetsov Keith Chow Raul Colcher Paul Croll Geoffrey Darnton Teresa Doran Antonio Doria Scott P. Duncan Kenneth D. Echeberry Kameshwar Erank

33、i Carla Ewart Harriet Feldman Andrew Fieldsend Andre Fournier David Friscia John Geldman Gregg Giesler Lewis Gray Michael Grimley John Harauz M. Hashmi Rutger A. Heunks Richard Hilliard Werner Hoelzl Robert Holibaugh Peter Hung Mark Jaeger St. Clair James Michael C. Jett James Jones Piotr Karocki Ma

34、rk Knight Thomas Kurihara George Kyle Marc Lacroix Claude Y. Laporte J. Dennis Lawrence David J. Leciston Yury Makedonov Edward McCall James Moore Ronald G. Murias Rajesh Murthy Michael S. Newman Mark Paulk Miroslav Pavlovic William Petit Ulrich Pohl Annette Reilly Michael Roberts Robert Robinson Te

35、rence Rout Randall Safier Jamey Sanders Helmut H. Sandmayr Robert Schaaf Hans Schaefer David J. Schultz Jungwoo Seo Carl Singer Luca Spotorno Thomas Starai Walter Struppler Marcy Stutzman K. S. Subrahmanyam Douglas Thiele John Thywissen Thomas Tullia Vincent J. Tume Charlene Walrad P. Wolfgang Oren

36、Yuen Janusz Zalewski The final conditions for approval of this standard were met on 16 June 2008. This standard was conditionally approved by the IEEE-SA Standards Board on 12 June 2008, with the following membership: Robert M. Grow, Chair Thomas Prevost, Vice Chair Steve M. Mills, Past Chair Judith

37、 Gorman, Secretary Victor Berman Richard DeBlasio Andy Drozd Mark Epstein Alexander Gelman William Goldbach Arnie Greenspan Ken Hanus Jim Hughes Richard Hulett Young Kyun Kim Joseph L. Koepfinger* John Kulick David J. Law Glenn Parsons Ron Petersen Chuck Powers Narayanan Ramachandran Jon Walter Rosd

38、ahl Anne-Marie Sahazizian Malcolm Thaden Howard Wolfman Don Wright *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representative Michael H. Kelley, NIST Representative Lisa Perry IEEE Standards Project Editor Malia Zaman IEEE Stan

39、dards Program Manager, Technical Program Development Contents 1. Overview 1 1.1 Scope . 1 1.2 Purpose 2 1.3 Relationship with IEEE Std 12207-2008. 2 1.4 Conformance . 2 1.5 Organization of this standard. 3 1.6 Application of this standard. 3 2. Normative references 5 3. Definitions 5 4. Management r

40、eviews 6 4.1 Introduction to management reviews. 6 4.2 Responsibilities 7 4.3 Input. 9 4.4 Entry criteria 9 4.5 Procedures . 9 4.6 Exit criteria 11 4.7 Output 11 5. Technical reviews. 11 5.1 Introduction to technical reviews. 11 5.2 Responsibilities 12 5.3 Input. 13 5.4 Entry criteria 13 5.5 Procedu

41、res . 14 5.6 Exit criteria 16 5.7 Output 16 6. Inspections 16 6.1 Introduction to inspections 16 6.2 Responsibilities 17 6.3 Input. 18 6.4 Entry criteria 19 6.5 Procedures . 20 6.6 Exit criteria 23 6.7 Output 23 6.8 Data collection. 23 6.9 Improvement 25 7. Walk-throughs 25 7.1 Introduction to walk-

42、throughs . 25 7.2 Responsibilities 26 7.3 Input. 26 viii Copyright 2008 IEEE. All rights reserved. 7.4 Entry criteria 27 7.5 Procedures . 27 7.6 Exit criteria 29 7.7 Output 29 7.8 Data collection recommendations 29 7.9 Improvement 30 8. Audits . 30 8.1 Introduction to audits. 30 8.2 Responsibilities

43、 31 8.3 Input. 33 8.4 Entry criteria 33 8.5 Procedures . 34 8.6 Exit criteria 36 8.7 Output 37 Annex A (informative) Comparison of review types . 38 Annex B (informative) Bibliography 40 ix Copyright 2008 IEEE. All rights reserved. IEEE Standard for Software Reviews and Audits IMPORTANT NOTICE: This

44、 standard is not intended to assure safety, security, health, or environmental protection in all circumstances. Implementers of the standard are responsible for determining appropriate safety, security, environmental, and health practices or regulatory requirements. This IEEE document is made availa

45、ble for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this document and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on reque

46、st from IEEE or viewed at http:/standards.ieee.org/IPR/disclaimers.html. 1. 1.1a) b) c) d) e) Overview Scope This standard provides minimum acceptable requirements for systematic software reviews, where “systematic” includes the following attributes: Team participation Documented results of the revi

47、ew Documented procedures for conducting the review Reviews that do not meet the requirements of this standard are considered to be non-systematic reviews. The standard is not intended to discourage or prohibit the use of non-systematic reviews. The definitions, requirements, and procedures for the f

48、ollowing five types of reviews are included within this standard: Management reviews Technical reviews Inspections Walk-throughs Audits 1 Copyright 2008 IEEE. All rights reserved. IEEE Std 1028-2008 IEEE Standard for Software Reviews and Audits 2 Copyright 2008 IEEE. All rights reserved. This standa

49、rd does not establish the need to conduct specific reviews; that need is defined by other software engineering standards or by local procedures. This standard provides definitions, requirements, and procedures that are applicable to the reviews of software development products throughout the software life cycle. Users of this standard shall specify where and when this standard applies and any intended deviations from this standard. This standard may be used with other software engineering standards that determine the products to be reviewed, the timing of revi