Vindication

Vindication

Verification

According to the CMM from the SEI, Verification is:

The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase.[i]

There are many differing methods of Verification for software; formal verification refers to the proof of underlying concepts and algorithms within the software using the formal methods of Mathematics[ii]. These include model verification and checking; logical inference with the use of formal proving software. These include Prefect Developers, ArC, ACL2 or Coq therom providers, Boyer-Moore, Esterel, ttOL, Nuprl, 2OBJ, and the OCCAM transformation system and KIV[iii]. Bowen et al., highlight the foundations of formal verification within “Hall’s Original Seven Myths”[iv] and how various industries often lend prejudice  to Verification methods; in addition to these they are often ignored by the development industry at large as they may be seen as too complex, or require too much excess work for a given development project.

Essentially, Software verification at its core is to answer the question; does this thing we have made do what we need it to do?[v]

The idea behind software verification as a task and project item is to increase the correctness of the software itself. The Goal of software verification is to ensure that all modes of operation for a given bit of software are mapped and understood both logically and mathematically, within the context of their operation and the framework of the system in which the desired software is to function.

Validation

According to the CMM from the SEI, the Validation is:

“The process of evaluating software during or at the end of development process to d3teermine weather it satisfied specified requirements.”[vi]

Validation is designed to ensure that once development on a given iteration or release of a given piece of software is completed that it meets the formally defined specifications as per those gathered and designed during the design and planning phases of said development.

Essentially, Software validation at its core is to answer the question; does this thing we have made meet our clients desired functionality requirements?

Validation and Verification are the backbone of software quality assurance, validation and verification tasks are usually preformed during staging, unit and acceptance testing of a given suite of software or it’s platform, prior to deployment. The goal of validation and verification is to improve the software quality but also to define and understand how the software will behave within its desired environment.

Validation and verification are essential to map out faults, failures and malfunctions within the platform, these in-turn become the bug tracking database and issues register used to verify that the next iteration of development will aim to fix or which functions need be addressed with a given patch release.

How Validation and verification differ is that validation is the process of stating that a given software requirement is met with a given software component. Verification will map out every possible mode of said software component.

Both Validation and Verification rely on good formal requirements gathering and definition methods; ie; without planning Verification and validation may not occur. If there are no stated requirements to verify or offer validity to then no test cases may be constructed.

The CMMI requires that an organization that produces software conduct formal verification and validation testing prior to offering certification.

An interesting aside is that the PCI-DSS[vii], and Evaluation Assurance Levels[viii] from the Common Criteria methods of accreditation require that auditable trails of Verification and Validation testing may be conducted by external 3^rd parties prior to offering certification to any product or software.

If an agency or organization wishes to sell software or hardware to the financial payment processing industry or to any federal government in the G8, they must be accredited to the PCI-DSS and EAL certified; each of these certifications requires that considerations and formal methods are in place for software development quality assurance including standardized and documented procedures for validation and verification testing; one of the fastest methods to achieve these is CMMI certification.

References

---

[i] CMMI Product Team, (CMU, SEI, 2002) CMMISM for Software Engineering, CMMI-SQ, V1.1 [Online] PDF Document, Avaialble from: http://www.sei.cmu.edu/reports/02tr029.pdf (Accessed on February 25th 2011)

[ii] Gossett, Eric (John Wiley and Sons, 2009) Definition 3.1 page 86 {Mathmatical Proof} ISBN: 0470457937

[iii] Reif, Wolfgang (Karlsruhe University, Institute for Complex Logic, 1995) The KIV-approach to software Verification: Methods Lanaguages and Tools for the Construction of Correct Software: Lecture Notes in Computer Science, 1995, Volume 1009/1995, 229-368, DOI: 10.1007/BFb0015471 [Online] PDF Document, Available from: http://www.springerlink.com/content/m0255741574317l0/ (Accessed on February 25^th 2011)

[iv] Bowen, Jonathan P.; Hinchey, Michael G; (Oxford University Computing Laboratory, University of Cambridge Computing Laboratory, 1994) Seven More Myths of Formal Methods: Dispelling Industrial Prejudices: FME’94 Lecture Notes in Computer Science, 1994, Volume 873/19894, 105-117, DOI: 10.1007/3-540-58555-9_91 [Online] PDF Document, Available from: http://www.springerlink.com/content/73n6h6u78350306x/ (Accessed February 25^th 2011)

[v] NA (IEEE, ) IEEE STD-610: Computer Dictionary  [Online] PDF Documents, Available from:  http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?reload=true&punumber=2267 (Accessed on February 25^th 2011)

[vi] CMMI Product Team, (CMU, SEI, 2002) CMMISM for Software Engineering, CMMI-SQ, V1.1 [Online] PDF Document, Avaialble from: http://www.sei.cmu.edu/reports/02tr029.pdf (Accessed on February 25th 2011)

[vii] N.A. (PCI-DSS, 2010) PCI DSS V2.0 [Online] PDF Document, Available from:  https://www.pcisecuritystandards.org/security_standards/documents.php (Accessed on February 25th 2011)

[viii] William Lacy, (U.S. Gov, GAO, 2006) Information Assurance, National jPartnership Offers Benefits, But Faces Considerable Challenges [PDF Document] Available from: http://www.gao.gov/new.items/d06392.pdf (Accessed on February 25th 2011)