Soft audit Checklist・No18: Technology for using purchased software
- 1. The first of the design and implementation checklists is confirmation of purchased software.
- 2. It is the same for development contractors that the ratio of purchased software is increasing due to the decrease in in-house production
- 3. Next to the purchased software is the confirmation of OSS ( open source software) and free software.
The first of the design and implementation checklists is confirmation of purchased software.
In the articles before and after this, we will introduce each item of the audit checklist used for software development audit. The audit checklist is divided into ( 1) development process, (2) requirements management, (3) testing, (4) design and implementation , and this article introduces (4) individual items of purchased software in design and implementation . (The checklist itself can be found in the article on Software Audit Practice / Checklist No. 17: Development Technology / Design and Implementation (Overview) , so please refer to that.)
It is the same for development contractors that the ratio of purchased software is increasing due to the decrease in in-house production
As a result of the increase in the scale of software, in the recent development of software for products, it has become less common to develop all software in-house. Instead from other companies to purchase the software or, open source or incorporate the software, provided by the chip vendor free software it is becoming more and more opportunities to incorporate the.
However, the quality of the software incorporated in the product, including these purchased software, open source software, and free software, must be guaranteed by the company that ships the product . And this situation is the same for the contractor who outsources the development of software, and it is possible that all the software is not produced in-house by the software development outsourced by our company. In such cases, it is a very important confirmation item how to guarantee the quality of purchased software, open source software, and free software .
Even in the software development audit, the design and implementation checklist has items to check the quality of this purchased software, open source software, and free software. Let’s start with the purchased software whose item number starts with PS- .
[Item number: PS-01 :]
How do you decide which software to buy to incorporate into your product ? Even if you choose the software to purchase, there are quite a few items to consider, such as technical support at the development stage and software maintenance after product shipment, in addition to functions, performance, and price. In order to do all of this, it is necessary to be clear enough to have the department in charge of selection and the selection method and judgment criteria in that department . We will carefully check if there are any rules when selecting such purchased software.
[Item number: PS-02]
Since it is incorporated into the product, it is a problem if it contains bugs. In PS-01, we checked the outline of the selection procedure and criteria, but the most important point is how to check the quality of the software to be purchased . It’s just a word of purchase soft, but it can be roughly divided into the purchase of source code and the purchase of object code . For source code, you can also use static analysis tools or code reviews. When purchasing object code, there are means such as confirmation with a dynamic analysis tool and test suit, and confirmation with a system test. Regardless of whether you purchase the source code or the object code, we will pay attention to whether there is a rule to check the quality of the purchased software .
[Item number: PS-03]
In order to incorporate the purchased software into the software developed in-house, technical support from the software vendor is essential. Of course, it is possible to incorporate the purchased software into the software of the company without technical support, but the black box If you are dealing with the software of, the work efficiency will be very poor. Therefore, in general, technical support by the seller is indispensable, although the degree of technical support varies. There are various methods such as providing technical materials, providing technical education, answering questions, supporting countermeasures when problems occur, etc., but what kind of technical support can be obtained at what stage throughout the development period. I will check carefully whether it is possible to obtain it .
[Item number: PS-04]
Even after the first version of the software is released, the upgraded version is usually released to add functions and fix bugs . If there are purchased software in the product version software, these purchased software will also be upgraded to add functions and fix problems. Also, if there is any problem with the product version software, it is also necessary to investigate whether it is a problem caused by the purchased software .
In order to receive maintenance services for such software from the distributor of the purchased software, it is of course necessary to have a maintenance contract that deals with the maintenance contents. We will carefully check whether such a maintenance contract has been concluded with the distributor of the purchased software.
[Item number: PS-05]
One of the ways to check the quality of purchased software is to check the operation performance in the market . The first edition software of freshly made squirrels often has many potential bugs lurking. Software that has been used for many years in the market is often in a state where many potential bugs have been removed after many version upgrades. In general, it is sometimes said that software will die . It will be difficult to obtain very detailed information, but at least pay attention to the fact that the purchased software you are going to use has a track record of operation in the market, and check it. increase.
[Item number: PS-06]
Unfortunately, latent bugs are inherent in the software, and even after the release of the first edition software, the release of the bug-fixed version of the software that fixes the bug continues. The same applies to the purchased software, and the version upgrade is not stopped by the version incorporated in the company’s product, and the release of the bug-fixed version usually continues after that.
The fact that a bug-fixed version of the purchased software incorporated in the company’s product has been released means that unless the purchased software is upgraded , the purchased software of the company’s product remains as a potential bug . It is necessary to discuss how to deal with this latent bug, but first of all, it is necessary to know what kind of latent bug there is. We will check whether there is a mechanism to check the potential bugs of the purchased software, paying attention to the point.
Next to the purchased software is the confirmation of OSS ( open source software) and free software.
After confirming the purchased software, we will introduce the items to be confirmed about OSS and free software in the next article.