Assurance
Assurance in software engineering refers to the planned and systematic set of activities that provide justified confidence that a software product or service will satisfy given requirements for quality, safety, and security. It encompasses the entire development lifecycle, from requirements to deployment, aiming to prevent defects and vulnerabilities rather than just detecting them.
1970s
2
Definitions
Software Quality Assurance (SQA)
Assurance in the context of software quality, often called Software Quality Assurance (SQA), is a process-oriented discipline. Its primary goal is to ensure that the processes and standards used throughout the software development lifecycle are effective and consistently followed, thereby preventing defects from being introduced.
It is a proactive approach that focuses on the 'how' of software development. Key activities include:
- Process Definition: Establishing and documenting development standards, methodologies, and procedures.
- Audits and Reviews: Regularly checking that projects are adhering to the defined processes.
- Training: Ensuring that team members are knowledgeable about the quality standards and processes.
SQA provides management and stakeholders with the confidence that the final product will meet its quality goals. It is distinct from Quality Control (QC), which is a product-oriented activity focused on identifying defects in the finished product through activities like testing.
Software Security Assurance
In the context of cybersecurity, software assurance is the level of confidence that software is free from vulnerabilities and will function as intended, even when under attack. It focuses on ensuring the confidentiality, integrity, and availability of the software and the data it handles.
This form of assurance involves integrating security activities throughout the entire software development lifecycle to build a guarantee of resilience. Key activities include:
- Threat Modeling: Identifying potential threats and vulnerabilities early in the design phase.
- Secure Coding Practices: Following established guidelines to write code that is resistant to common exploits.
- Security Testing: Employing techniques like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and penetration testing to uncover security flaws.
- Vulnerability Management: A continuous process of identifying, assessing, and mitigating vulnerabilities in the software post-release.
The ultimate goal is to provide certainty that the software can be trusted to operate securely in its intended environment.
Origin & History
Etymology
Derived from the Old French 'assurance', from 'assurer' meaning 'to make sure, to secure'. This ultimately traces back to the Latin 'securus', which means 'safe' or 'secure'. The term conveys the idea of making something certain or safe.
Historical Context
The concept of **Assurance** originated in manufacturing as Quality Assurance (QA), a way to ensure products met specific standards. Its application to software became critical during the 'software crisis' of the 1960s and 1970s, when large-scale software projects were frequently over budget, late, and unreliable. During this period, disciplines like **Software Quality Assurance (SQA)** emerged to bring engineering rigor to software development. The focus was on establishing repeatable processes and standards to prevent defects. Influential models like the Capability Maturity Model (CMM) were developed in the late 1980s to help organizations assess and improve their software processes, further solidifying the role of **assurance**. With the rise of the internet in the 1990s and the corresponding increase in cyber threats, the scope of software **assurance** expanded significantly to include security. It was no longer enough for software to be functionally correct; it also had to be secure. This led to the development of secure software development lifecycles (SSDLC) and a greater emphasis on building **certainty** that software is free from vulnerabilities.
Usage Examples
In the aerospace industry, software assurance is a non-negotiable process to guarantee the safety and reliability of flight control systems.
The project manager established a comprehensive Software Quality Assurance (SQA) plan to provide stakeholders with confidence in the product's stability before launch.
Our cybersecurity team focuses on software assurance to build certainty that our applications are resilient against external threats and vulnerabilities.
Frequently Asked Questions
What is the primary goal of software assurance?
The primary goal of software assurance is to provide justified confidence that a software system will function as intended and is free from vulnerabilities, both intentional and unintentional. It aims to achieve this throughout the entire software lifecycle, from conception to retirement, by implementing a structured set of processes and activities.
How does assurance differ from testing?
Testing is a specific activity focused on finding defects by executing the software. It is a subset of the broader assurance process.
Assurance, on the other hand, is a proactive, lifecycle-wide concept. It includes processes, standards, and activities like code reviews, static analysis, requirements validation, and process audits, in addition to testing. The goal of assurance is to prevent defects from being introduced in the first place and to build confidence in the overall quality and security of the product, not just to find bugs.