An aircraft manufacturer is suffering a harsh situation that two aircraft crashed, causing hundreds of deaths, because of the defect of the flight control software system outsourced to the offshore software vendor. As a security professional, which of the following is the best to improve the software quality to avoid this tragedy?
A. Code review
B. Regression testing
C. Formal inspection
D. Agile testing
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Formal inspection.
The distinction between review and inspection is that a review can be conducted in all kinds of different ways, whereas an inspection is a structured and regulated process for determining if an entity contains defects or not. There is a very rigid process in conducting a formal inspection.
Code review can be formal, but it’s often informal (pair programming or peer review), while a formal inspection is always formal and rigid (Fagan inspection).
References
- Regression Testing
- What is Formal review?
- Fagan Inspection
- Fagan Defect Free Process
- An Instrumented Approach to Improving Software Quality
through Formal Technical Review - Fagan inspection (Wikipedia)