Rodriguez et al. attempt to explore the existing methods and tools that can be employed to check if (1) software is being built in a way that meets quality standards, and (2) the software product satisfies the intended use. Throughout the paper, the authors highlight the need for high-quality software, which is indeed a critical subject in the software engineering field.
First, the paper focuses on the standards related to software quality. In particular, it provides mappings between standards involving system management, development models and life cycles, quality, and requirements. In a corresponding diagram, the complicated relationships between the aforementioned standards are also presented. After discussing the basic quality characteristics included in the ISO 25000 series (including maintainability and security, among others), the authors match the characteristics with groups of tools (for example, static analyzers and pentesting frameworks). In turn, the groups are mapped to the different stages of software design and testing. Finally, the authors discuss some of the basic features of each set of tools, and enumerate the most popular ones in corresponding tables.
In general, the paper is well written. However, there are some typographical errors (for example, “All businesses is software businesses”) and at points the writing is obscure (for example, figure 2 should be mentioned when the V-model is described). Even though the standards-related diagram is very interesting, I would have expected the authors to go one step further and discuss more about the “standards quagmire.” How do the multiple standards and their complicated relationships affect the way we write software? The tables that enumerate tools are thorough and include many useful entries. There are some tools, though, that can fit into more than one group (for example, FindBugs also identifies security bugs). Furthermore, the authors do not indicate how they measure each tool’s degree of use, which is confusing.
In conclusion, the paper is easy to follow and can be an interesting read for developers who want an overview of modern software verification and validation.