The traditional approach is to first address NFRs at the architectural layer in the design. Once architecture has been chosen, verification of said architecture against the NFRs must wait until a (nearly) complete system can be tested. Depending on the nature of the NFR this may too late to change the overall architecture and design if the system as-is sufficiently underperforming; and thus is impetus for the afore-mentioned discussion of moving upstream NFR verification.
Others have termed this traditional approach product-centric since it centers on testing the product itself. As alluded to, an alternative approach is to move much of the verification stage upstream in to the design and construction stage of the software lifecycle else quantifying non-functional requirements as functional requirements (e.g. Glib et al. PLanguage). One example of this process-centric approach is the emergent field of model-driven design (MDD). Alternatively, the development of STRIDE/DREAD (attacks, threat, and weaknesses modeling) and other threat models (Trike, AS/NZS 4360:2004, CVSS, OCTAVE) all present process-centric approaches to better meeting security non-functional requirements.
This team proposes to examine the current state of the industry by cataloging what approaches (tools, processes, et cetera) are presently being employed to satisfy various NFRs (usability, performance, security, portability, reliability, and availability). In particular, we will examine which of these approaches are perceived to be effective. For each approach there are two (2) possible initial states:
2. Not Effective �� research solutions exist
After further elucidation, item 2 may be further resolved to:
3. Not Effective � research solutions do not exist
If respondents perceive an approach to effective then our team will summarize this finding as an industry best-practice.
However, if an approach is perceived to not be effective then our team will examine the current corpus of (academic) research for possible solutions. In particular, we will be examining research based on its merits of moving from lab to field rapidly. Namely, do we believe the research is mature enough to be widely disseminated within the professional community?
Finally, if after our examination of research we do not find any apparent solutions then we will summarize this finding in hopes that its spurs further research and exploration by the academic and professional communities.
|Seattle University Non-Functional Requirements Sur||14|