Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software

There are three types of mistakes:

  • Ones that have occurred and that resulted in defects

  • Ones that have occurred but that haven't yet resulted in defects

  • Ones that have not yet occurred but may occur if corrective measures are not taken

The payoff increases as we move from prevalence of the first type to the third type, presumably as a result of proactive measures such as complexity reduction. All three need inspection to identify, but the implications are totally different. Shingo places inspections in the following three categories:[19]

  1. Judgment inspections: This is what he calls a postmortem inspection. Whether it is 100% inspection or sample-based, it cannot reduce the defect rate. Furthermore, it is wasteful, because it inspects all goods, whether they are defective or not.

  2. Informative inspections: An informative inspection involves feeding back information on defect occurrences for corrective measures. This is done with the purpose of gradually reducing the defect rate. There are three types of informative inspections:

    • Statistical Quality Control (SQC): We discussed the limitations of SQC earlier in this chapter. It also plays a limited role in software development, because the volume of data for statistical analysis may be limited in many cases. The biggest limitation of SQC is that it is reactive and accepts the notion that if it is not statistical, it is not quality control. SQC was discussed in Chapter 6 and is covered further in Chapter 15.

    • Successive Check System (SuCS): Shingo concluded that feedback and corrective actions are too slow to be effective. His remedy was successive inspections throughout the production process before further value-adding. He also concluded that 100% inspection in SuCS could even be economical compared to SQC if a low-cost inspection could be devised. "That is why a (low-cost) effective poka yoke ought to be used!"[20] SuCS, a 100% inspection, performs immediate feedback and action.

    • Self-Check System (SeCS): Shingo argued that SeCS could be even faster than SuCS for feedback and corrective action. It has two flaws, however. First, workers may compromise when doing the self-check. Second, they might occasionally forget to perform the self-check. SeCS can work if appropriate poka yoke devices can provide immediate feedback if abnormalities occur. This kind of inspection is a higher-order approach than SuCS.[21] To encourage self-check, imaginative incentives should be devised that reward people for reporting their own defects.

  3. Source inspections: This involves discovering errors in conditions that give rise to possible defects. This is based on 100% inspection at the source and immediate feedback and corrective actions using suitable poka yoke devices. The payoff here is the highest, because feedback and corrective actions are taken before defects can occur. Only 100% source inspection with appropriate poka yoke measures can make zero defects possible. Both SuCS and SeCS are only informative inspections; they cannot prevent the occurrence of even one defect. It is therefore desirable to deploy 100% inspection at the source with poka yoke. The use of SuCS and SeCS should be limited to instances constrained by technical or financial limitations.[22]

Michael Fagan's Defect-Free Process includes one of the most effective software inspection methodologies. We strongly recommend Fagan's important work, particularly its powerful inspection methodology.[23], [24]

Категории