iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 23643:2020

(Main)

Software and systems engineering — Capabilities of software safety and security verification tools

Software and systems engineering — Capabilities of software safety and security verification tools

This document specifies requirements for the vendors and gives guidelines for both the users and the developers of software safety and security verification tools. The users of such tools include, but are not limited to, bodies performing verification and software developers who need to be aware and pay attention to safety and/or security of software. This document guides the verification tool vendors to provide as high-quality products as possible and helps the users to understand the capabilities and characteristics of verification tools. This document introduces use cases for software safety and security verification tools and entity relationship model related to them. This document also introduces tool categories for software safety and security verification tools and gives category specific guidance and requirements for the tool vendors and developers.

Ingénierie du logiciel et des systèmes — Capacités des outils de vérification de la sûreté et de la sécurité des logiciels

General Information

Status
Published
Publication Date
11-Jun-2020
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 4 - Tools and environment
Current Stage
9020 - International Standard under periodical review
Start Date
15-Apr-2025
Completion Date
15-Apr-2025
Ref Project

Buy Standard

ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification toolsISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
PreviousNext
Standard
ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 23643:2020 - Software and systems engineering — Capabilities of software safety and security verification tools Released:6/12/2020ISO/IEC 23643:2020 - Software and systems engineering — Capabilities of software safety and security verification tools Released:6/12/2020
PreviousNext
Standard
ISO/IEC 23643:2020 - Software and systems engineering — Capabilities of software safety and security verification tools Released:6/12/2020
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification toolsISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
PreviousNext
Standard
ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
ISO/IEC JTC 1/SC 7
Software and systems engineering —
Secretariat: BIS
Capabilities of software safety and
Voting begins on:
2020­03­11 security verification tools
Voting terminates on:
2020­05­06
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 23643:2020(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. ISO/IEC 2020

ISO/IEC FDIS 23643:2020(E)
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH­1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

ISO/IEC FDIS 23643:2020(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative References . 1
3 Terms and Definitions . 1
4 Abbreviated terms . 6
5 Models for software safety and security verification tools . 6
6 Use cases of software safety and security verification tools . 8
6.1 General . 8
6.2 Verification for low criticality software . 9
6.3 Verification for medium criticality software .10
6.4 Verification for high criticality software .10
7 Entity relationship chart of software safety and security verification .11
8 Categories, capabilities of and requirements for software safety and security
verification tools .12
8.1 General .12
8.2 Categories of software safety verification tools .13
8.2.1 General.13
8.2.2 Specification and refinement tools .13
8.2.3 Model­checking tools .13
8.2.4 Program analysis tools . .13
8.2.5 Proof tools.14
8.2.6 Monitoring tools .14
8.2.7 Programming rules checkers .14
8.3 Categories of software security verification tools .14
8.3.1 General.14
8.3.2 Vulnerability analysis tools .15
8.3.3 Security modeling tools .15
8.3.4 Threat modeling tools .15
8.4 Capabilities of software safety and security verification tools .15
8.5 Common requirements for safety and security verification tools .19
8.6 Requirements for specification and refinement tools .20
8.7 Requirements for model checking tools .20
8.8 Requirements for program analysis tools .21
8.9 Requirements for proof tools .21
8.10 Requirements for monitoring tools.22
8.11 Requirements for programming rules checking tools .22
8.12 Requirements for vulnerability analysis tools .22
8.13 Requirements for security modeling tools .23
8.14 Requirements for threat modeling tools .23
Annex A (informative) Evaluation assurance levels of ISO/IEC 15408 common criteria .24
Annex B (informative) How to use this document with ISO/IEC 20741 .28
Bibliography .29
© ISO/IEC 2020 – All rights reserved iii

ISO/IEC FDIS 23643:2020(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non­governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved

ISO/IEC FDIS 23643:2020(E)
Introduction
Since a few decades, the importance of software safety and security verification tools has increased
for several reasons: 1) rapidly increasing complexity of software applications and systems, 2) growing
integration between software applications and systems (e.g. in critical infrastructures), 3) the rapid
increase of the number of cyber threats, and 4) the urgent needs of safety in high and medium critical
software-driven systems (e.g. transportation, energy production, Internet of Things (IoT), and general
purpose Operating Systems and middleware). Additionally, the number of products and system
development cases, where the origin of all software components to be used is not exactly known,
even for open-source applications, is increasing and thus making safety and security verification and
validation (V&V) essential.
This document restricts its point of view to software and excludes computing and any other hardware
from the context. In these other domains, other V&V methods and tools are used.
It is important to realize that verification of safety and security of software does not necessarily verify
the system safety and system security of a system using the software as a component. However, if a
system consists of software components which are not verified, the safety and security of the system
cannot be guaranteed at any level.
“Continuous everything”, including continuous software development and thus versioning delivery,
requires continuous software safety and security verification. At every new version, V&V needs to be
redone. The popular “agile development processes” permit shorter development iterations and more
frequent product delivery, and consequently this requires more frequent verification than traditional
development approaches. Verification is needed during software development as well as during
software maintenance, whenever safety or security of software can be endangered.
Validation answers the question “are we building the right product?”
Verification answers the question “are we building the product right?”
Software validation checks if the software product satisfies the intended use, such as defined in
requirements and specifications. In other words (ISO/IEC 17029): “purpose of validation is to find out,
whether a declared information (claim) is plausible”. Software verification checks if the specifications
and requirements are met either by running the software (testing) or by reviewing its artefacts
(specification, model, or pseudo code). The latter can consist of animating or analyzing statically one of
its artefacts. ISO/IEC 17029 defines that the “purpose of verification is to find out, whether a declared
information (claim) is truthful”. This document does not concern testing but animating and analyzing
the artefacts, because “testing tools” is already well covered by and is the subject of ISO/IEC 30130.
This document is prepared as one of the series of single tool capabilities which are used with
ISO/IEC 20741.
This document defines capabilities of and requirements for software safety and security verification tools.
This document is independent of the target application domains, as the languages, methods and
associated tools are of general purpose, and can fit
...


INTERNATIONAL ISO/IEC
STANDARD 23643
First edition
2020-06
Software and systems engineering —
Capabilities of software safety and
security verification tools
Ingénierie du logiciel et des systèmes — Capacités des outils de
vérification de la sûreté et de la sécurité des logiciels
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 6
5 Models for software safety and security verification tools . 7
6 Use cases of software safety and security verification tools . 9
6.1 General . 9
6.2 Verification for low criticality software .10
6.3 Verification for medium criticality software .10
6.4 Verification for high criticality software .11
7 Entity relationship chart of software safety and security verification .12
8 Categories, capabilities of and requirements for software safety and security
verification tools .13
8.1 General .13
8.2 Categories of software safety verification tools .13
8.2.1 General.13
8.2.2 Specification and refinement tools .13
8.2.3 Model checking tools .13
8.2.4 Program analysis tools . .14
8.2.5 Proof tools.14
8.2.6 Monitoring tools .14
8.2.7 Programming rules checkers .14
8.3 Categories of software security verification tools .15
8.3.1 General.15
8.3.2 Vulnerability analysis tools .15
8.3.3 Security modeling tools .15
8.3.4 Threat modeling tools .15
8.4 Capabilities of software safety and security verification tools .15
8.5 Common requirements for safety and security verification tools .19
8.6 Requirements for specification and refinement tools .20
8.7 Requirements for model checking tools .20
8.8 Requirements for program analysis tools .21
8.9 Requirements for proof tools .21
8.10 Requirements for monitoring tools.22
8.11 Requirements for programming rules checking tools .22
8.12 Requirements for vulnerability analysis tools .22
8.13 Requirements for security modeling tools .23
8.14 Requirements for threat modeling tools .23
Annex A (informative) Evaluation assurance levels of ISO/IEC 15408 common criteria .24
Annex B (informative) How to use this document with ISO/IEC 20741 .28
Bibliography .29
© ISO/IEC 2020 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved

Introduction
Since a few decades, the importance of software safety and security verification tools has increased for
several reasons: 1) rapidly increasing complexity of software applications and systems, 2) increasing
number of safety-critical systems through growing integration between software applications and
systems (e.g. in critical infrastructures), 3) the rapid increase of the number of cyber threats, and 4)
the urgent needs of safety in high and medium critical software-driven systems (e.g. transportation,
energy production, Internet of Things (IoT), and general purpose Operating Systems and middleware).
Additionally, the number of products and system development cases, where the origin of all software
components to be used is not exactly known, even for open-source applications, is increasing and thus
making safety and security verification and validation (V&V) essential.
This document restricts its point of view to software and excludes computing and any other hardware
from the context. In these other domains, other V&V methods and tools are used.
It is important to realize that verification of safety and security of software does not necessarily verify
the system safety and system security of a system using the software as a component. However, if a
system consists of software components which are not verified, the safety and security of the system
cannot be guaranteed at any level.
“Continuous everything”, including continuous software development and thus versioning delivery,
requires continuous software safety and security verification. At every new version, V&V needs to be
redone. The popular “agile development processes” permit shorter development iterations and more
frequent product delivery, and consequently this requires more frequent verification than traditional
development approaches. Verification is needed during software development as well as during
software maintenance, whenever safety or security of software can be endangered.
Validation answers the question “are we building the right product?”
Verification answers the question “are we building the product right?”
Software validation checks if the software product satisfies the intended use, such as defined in
requirements and specifications. In other words (ISO/IEC 17029): “purpose of validation is to find out,
whether a declared information (claim) is plausible”. Software verification checks if the specifications
and requirements are met either by running the software (testing) or by reviewing its artefacts
(specification, model, or pseudo code). The latter can consist of animating or analyzing statically one of
its artefacts. ISO/IEC 17029 defines that the “purpose of verification is to find out, whether a declared
information (claim) is truthful”. This document does not concern testing but animating and analyzing
the artefacts, because “testing tools” is already well covered by and is the subject of ISO/IEC 30130.
This document is prepared as one of the series of single tool capabilities which are used with
ISO/IEC 20741.
This document defines capabilities of and requirements for software safety and security verification tools.
This document is independent of the target application domains, as the languages, methods and
associated tools are of general purpose, and can fit into different kinds of problems (e.g. functional
specification languages can be used for any functional program).
© ISO/IEC 2020 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 23643:2020(E)
Software and systems engineering — Capabilities of
software safety and security verification tools
1 Scope
This document specifies requirements for the vendors and gives guidelines for b
...


INTERNATIONAL ISO/IEC
STANDARD 23643
First edition
2020-06
Software and systems engineering —
Capabilities of software safety and
security verification tools
Ingénierie du logiciel et des systèmes — Capacités des outils de
vérification de la sûreté et de la sécurité des logiciels
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 6
5 Models for software safety and security verification tools . 7
6 Use cases of software safety and security verification tools . 9
6.1 General . 9
6.2 Verification for low criticality software .10
6.3 Verification for medium criticality software .10
6.4 Verification for high criticality software .11
7 Entity relationship chart of software safety and security verification .12
8 Categories, capabilities of and requirements for software safety and security
verification tools .13
8.1 General .13
8.2 Categories of software safety verification tools .13
8.2.1 General.13
8.2.2 Specification and refinement tools .13
8.2.3 Model checking tools .13
8.2.4 Program analysis tools . .14
8.2.5 Proof tools.14
8.2.6 Monitoring tools .14
8.2.7 Programming rules checkers .14
8.3 Categories of software security verification tools .15
8.3.1 General.15
8.3.2 Vulnerability analysis tools .15
8.3.3 Security modeling tools .15
8.3.4 Threat modeling tools .15
8.4 Capabilities of software safety and security verification tools .15
8.5 Common requirements for safety and security verification tools .19
8.6 Requirements for specification and refinement tools .20
8.7 Requirements for model checking tools .20
8.8 Requirements for program analysis tools .21
8.9 Requirements for proof tools .21
8.10 Requirements for monitoring tools.22
8.11 Requirements for programming rules checking tools .22
8.12 Requirements for vulnerability analysis tools .22
8.13 Requirements for security modeling tools .23
8.14 Requirements for threat modeling tools .23
Annex A (informative) Evaluation assurance levels of ISO/IEC 15408 common criteria .24
Annex B (informative) How to use this document with ISO/IEC 20741 .28
Bibliography .29
© ISO/IEC 2020 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved

Introduction
Since a few decades, the importance of software safety and security verification tools has increased for
several reasons: 1) rapidly increasing complexity of software applications and systems, 2) increasing
number of safety-critical systems through growing integration between software applications and
systems (e.g. in critical infrastructures), 3) the rapid increase of the number of cyber threats, and 4)
the urgent needs of safety in high and medium critical software-driven systems (e.g. transportation,
energy production, Internet of Things (IoT), and general purpose Operating Systems and middleware).
Additionally, the number of products and system development cases, where the origin of all software
components to be used is not exactly known, even for open-source applications, is increasing and thus
making safety and security verification and validation (V&V) essential.
This document restricts its point of view to software and excludes computing and any other hardware
from the context. In these other domains, other V&V methods and tools are used.
It is important to realize that verification of safety and security of software does not necessarily verify
the system safety and system security of a system using the software as a component. However, if a
system consists of software components which are not verified, the safety and security of the system
cannot be guaranteed at any level.
“Continuous everything”, including continuous software development and thus versioning delivery,
requires continuous software safety and security verification. At every new version, V&V needs to be
redone. The popular “agile development processes” permit shorter development iterations and more
frequent product delivery, and consequently this requires more frequent verification than traditional
development approaches. Verification is needed during software development as well as during
software maintenance, whenever safety or security of software can be endangered.
Validation answers the question “are we building the right product?”
Verification answers the question “are we building the product right?”
Software validation checks if the software product satisfies the intended use, such as defined in
requirements and specifications. In other words (ISO/IEC 17029): “purpose of validation is to find out,
whether a declared information (claim) is plausible”. Software verification checks if the specifications
and requirements are met either by running the software (testing) or by reviewing its artefacts
(specification, model, or pseudo code). The latter can consist of animating or analyzing statically one of
its artefacts. ISO/IEC 17029 defines that the “purpose of verification is to find out, whether a declared
information (claim) is truthful”. This document does not concern testing but animating and analyzing
the artefacts, because “testing tools” is already well covered by and is the subject of ISO/IEC 30130.
This document is prepared as one of the series of single tool capabilities which are used with
ISO/IEC 20741.
This document defines capabilities of and requirements for software safety and security verification tools.
This document is independent of the target application domains, as the languages, methods and
associated tools are of general purpose, and can fit into different kinds of problems (e.g. functional
specification languages can be used for any functional program).
© ISO/IEC 2020 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 23643:2020(E)
Software and systems engineering — Capabilities of
software safety and security verification tools
1 Scope
This document specifies requirements for the vendors and gives guidelines for b
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 33060:2025(Main)
Information technology — Process assessment — Process assessment model for system life cycle processes

This document defines a process assessment model for system life cycle processes, conformant with the requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    65 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 33062:2025(Main)
Information technology — Process assessment — Process assessment model for quantitative processes to support higher levels of process capability in ISO/IEC 33020

This document defines a process assessment model for quantitative processes, conforming to the requirements of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-6-4:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-6-4: Systems engineering guidelines for the generic Advanced profile

This document describes processes targeted at VSEs that want to sustain and grow as an independent competitive system development organization. This document provides management and engineering guidelines for the systems engineering Advanced profile of the generic profile group. This document is applicable to VSEs that do not develop critical systems and have little or no experience with systems engineering (SE) process planning and implementation using the ISO/IEC/IEEE 15288. This document is also applicable to VSEs which are familiar with the management and engineering guidelines of the systems engineering Intermediate profile (ISO/IEC TR 29110 5-6-3) for their system development projects and are involved in the development of more than one project in parallel with more than one work team.

  • Standard
    83 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-2:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-2: Software engineering guidelines for the generic Basic profile

This document provides management and engineering guidelines to the software Basic profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document is applicable to VSEs developing a single product by a single work team.

  • Standard
    93 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-1:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-1: Software engineering guidelines for the generic Entry profile

This document provides the management and engineering guidelines to the software Entry profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document applies to start-up VSEs (e.g. VSEs that started their operation less than three years ago) and/or VSEs working on small projects (e.g. projects with a size of less than six person-months).

  • Standard
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 32430:2025(Main)
Software engineering — Software non-functional size measurement

This document defines a method for measuring the non-functional size of the software. It complements ISO/IEC 20926:2009, which defines a method for measuring the functional size of the software. This document also describes the complementarity of functional and non-functional sizes, so that deriving the sizes from the functional and the non-functional requirements does not result in duplication in the distinct functional and non-functional sizes. In general, there are many types of non-functional requirements. Moreover, non-functional requirements and their classification evolve over time as the technology advances. This document does not intend to define the type of NFR for a given context. Users can choose ISO 25010 or any other standard for the definition of NFR. It is assumed that users size the NFR based on the definitions they use. This document covers a subset of non-functional requirements. It is expected that, with time, the state of the art can improve and that potential future versions of this document can define an extended coverage. The ultimate goal is a version that, together with ISO/IEC 20926:2009, covers every aspect that can be required of any prospective piece of software, including aspects such as process and project directives that are hard or impossible to trace to the software's algorithm or data. The combination of functional and non-functional sizes would then correspond to the total size necessary to bring the software into existence. Estimating the cost, effort and duration of the implementation of the NFR is outside the scope of this document.

  • Standard
    71 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 29119-5:2024(Main)
Software and systems engineering — Software testing — Part 5: Keyword-driven testing

This document defines an efficient and consistent solution for keyword-driven testing by: — giving an introduction to keyword-driven testing; — providing a reference approach to implement keyword-driven testing; — defining requirements on frameworks for keyword-driven testing to enable testers to share their work items, such as test cases, test data, keywords, or complete test specifications; — defining requirements for tools that support keyword-driven testing; these requirements are applicable to any tool that supports the keyword-driven approach (e.g. test automation, test design and test management tools); — defining interfaces and a common data exchange format to ensure that tools from different vendors can exchange their data (e.g. test cases, test data and test results); — defining levels of hierarchical keywords, and advising use of hierarchical keywords; this includes describing specific types of keywords (e.g. keywords for navigation or for checking a value) and when to use "flat" structured keywords; — providing an initial list of example generic technical (low-level) keywords, such as "inputData" or "checkValue"; these keywords can be used to specify test cases on a technical level and can be combined to create business-level keywords as required. This document is applicable to all those who want to create keyword-driven test specifications, create corresponding frameworks, or build test automation based on keywords.

  • Standard
    55 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 25052-2:2024(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE): cloud services — Part 2: Quality measurement

This document defines quality measures for quantitatively evaluating cloud services quality in terms of characteristics and sub-characteristics defined in ISO/IEC TS 25052-1 and is intended to be used together with ISO/IEC TS 25052-1. This document contains the following: — a basic set of quality measures for each characteristic and sub-characteristics; — an explanation of how to apply quality measures to cloud services. Since the quality model defined in ISO/IEC TS 25052-1 is the extension to the existing quality models defined in ISO/IEC 25010 to ISO/IEC 25019, it can be used with the product quality model, IT service quality model, data quality model, and quality-in-use model according to evaluation purposes. For the same reason, the quality measures defined in this document can also be used with the quality measures for software ICT products, IT services, data, and quality-in-use. As there are several cloud service categories, this document focuses on the quality model of SaaS (software as a service). This document does not address PaaS (platform as a service) and IaaS (infrastructure as a service).

  • Technical specification
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 41062:2024(Main)
Software engineering — Life cycle processes — Software acquisition

This document describes a set of useful activities, tasks, methods, and practices that acquirers of software and related services from unrelated (external) suppliers can apply to help ensure an efficient and effective acquisition of software or software services. These practices can be applied in competitive and in sole source procurements, regardless of the type, size, complexity, and cost of the acquisition. The document can be applied to software that runs on any computer system regardless of its size, complexity, or criticality. The software supply chain can include integration of off-the-shelf (OTS), custom, software as a service (SaaS), or open-source software. Software services can include software development and sustainment (maintenance), integration, verification (testing) and operation. Security and safety are included as attributes to be considered during the acquisition. However, specific requirements for acquisition of information assurance (security), safety, and cloud services are not included.

  • Standard
    81 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 33022:2024(Main)
Information technology — Process assessment — Application of ISO/IEC/IEEE 12207 processes to the ISO/IEC 33020 process capability measurement scale

This document provides a specification for associating the life cycle processes of ISO/IEC/IEEE 12207 with the process attribute outcomes of ISO/IEC 33020 with the intent of demonstrating support for levels 1 to 3 of the process capability measurement scale defined in ISO/IEC 33020.

  • Technical report
    107 pages
    English language
    sale 15% off