Ensuring Software Quality Across a Global Supply Chain
With the increasing complexity of software products, companies commonly rely on a myriad of software suppliers, from internal teams that share and re-use code to third-party commercial software suppliers and outsourcing development partners. Companies are increasingly being held accountable by their customers for the quality and security of the complete product.
Yet third-party code typically isn't tested with the same level of rigor as internally developed code. That means a defect could be lurking in the third-party code that could cause a significant security breach or quality issue.
Add to this the fact that more than ever before, companies are being asked to get products to market faster to remain competitive and capitalize on market opportunity. That time pressure is being felt across all phases of the software development lifecycle.
Zero Uninspected Defects
Development teams need to deliver more innovation through software, and the time allotted for formal quality control is constantly shrinking. To deal with this pressure, companies are turning to faster development methodologies for rapid iterative development cycles that can take advantage of new suppliers, cheaper code, and new markets made possible by the expansion of their global network.
Nowadays, most of the components companies integrate into their own products are electronic in nature. OEMs often have working agreements with dozens of suppliers spread all over the world that supply minuscule, but necessary, components to build the next generation of mobile phones, for example.
How should companies ensure the quality of the final product and thereby safeguard their brand? By ensuring that all their suppliers are held to high quality standards, OEMs and many other businesses that rely on third-party suppliers for embedded systems can avoid sub-par products that can irrevocably damage a brand's reputation.
This increased risk has resulted in the demand for better visibility into all of the software components that make up a product. Development testing solutions enables managers to establish and enforce consistent measures for quality and security across the organization and across the supply chain.
Organizations could set a policy for zero uninspected defects prior to launch, since any one of those defects could contain a security vulnerability. Policies could also be established for zero security defects such as buffer overflow, integer overflow and format string errors.
Quality Assurance Processes
Here are a few processes that you can implement to ensure the quality of your overall product, as well as the component parts, from a global supply chain:
1. Put it in the contract: Modern static analysis solutions provide vendors with a cost-effective, automated, and repeatable way to ensure the quality of software they create and ship. Because static testing produces results that are measureable, objective and repeatable, OEMs can require it as a contractual agreement with a third-party software provider.As with every aspect of the value chain, successful processes create value for both parties involved. For a company purchasing software components, these methods improve and support the brand by ensuring that externally sourced code is held to a high standard. For a supplier, it's an objective way to represent the quality of the product and strengthen the relationship with the customer.
2. Auditing mode: OEMs that purchase source code can reserve the right to analyze the supplier's code and report the results back. It could be implemented as part of the integration. This helps in multiple ways. First, the OEM has a way to measure the quality of what is received using the same measuring stick that it uses internally; second, providing recommendations and results of the analysis to the supplier gives the supplier an opportunity to fix the defects.
3. Expect a report indicating the quality of every software version received: A high-level report of the testing effort and quality should be necessary with every drop of software received. A report indicating that all bugs and defects are fixed may be an unrealistic expectation. However, if a report indicates untested parts or many defects that have not been reviewed, it serves as a strong signal that quality is not up to par. Additionally, a report can provide an indication of quality compared to industry averages.
Things will continue to get more complicated as new supply chains emerge and businesses take advantage of more choices to bring down costs, increase their profit margins and become leaner. New development testing solutions enable managers to establish and enforce consistent measures for quality and security across the organization and across the supply chain. Organizations could set a policy for zero uninspected defects prior to launch, since any one of those defects could contain a security breach or quality issue.