TITLE:
A Six Sigma Security Software Quality Management
AUTHORS:
Vojo Bubevski
KEYWORDS:
Security Software, Quality Management, Six Sigma, DMAIC, Monte Carlo Simulation
JOURNAL NAME:
Journal of Computer and Communications,
Vol.4 No.13,
October
26,
2016
ABSTRACT: Today, the demand for security software is
Six Sigma quality, i.e. practically zero-defects. A practical and stochastic
method is proposed for a Six Sigma security software quality management. Monte
Carlo Simulation is used in a Six Sigma DMAIC (Define, Measure, Analyze,
Improve, Control) approach to security software testing. This elaboration used
a published real project’s data from the final product testing lasted for 15
weeks, after which the product was delivered. The experiment utilised the first
12 weeks’ data to allow the results verification on the actual data from the
last three weeks. A hypothetical testing project was applied, supposed to be
completed in 15 weeks. The product due-date was Week 16 with zero-defects
quality assurance aim. The testing project was analysed at the end of the 12th
week with three weeks of testing remaining. Running a Monte Carlo Simulation
with data from the first 12 weeks produced results which indicated that the
product would not be able to meet its due-date with the desired zero-defects
quality. To quantify an improvement, another simulation was run to find when
zero-defects would be achieved. Simulation predicted that zero-defects would be
achieved in week 35 with 56% probability, and there would be 82 defects from
Weeks 16 - 35. Therefore, to meet the quality goals, either more resources
should be allocated to the project, or the deadline for the project should be
moved to Week 36. The paper concluded that utilising Monte Carlo Simulations in
a Six Sigma DMAIC structured framework is better than conventional approaches
using static analysis methods. When the simulation results were compared to the
actual data, it was found to be accurate within ﹣3.5% to +1.3%. This approach
helps to improve software quality and achieve the zero-defects quality
assurance goal, while assigning quality confidence levels to scheduled product
releases.