Episteme

Mike's random thoughts and ramblings

SSSE Domain 6 - Quality Assurance

Fundamentally, network security is a QA act. While we don't always believe that it is, a simple thought experiment shows that it is:

If code was completely bug free, network and application architecture were flawless and users were perfectly trained and never made mistakes, would we have security issues?

I think that we would find ourselves hard-pressed to answer yes to that question. Luckily for all of us, none of those things are possible. But the point is that we need to understand the mechanisms by which quality assurance happens.

Note that I'm not talking here just about "software QA", which is what most of us think about when contemplating "QA". Here, I also mean the principles that enable the creation of quality throughout product design, development and deployment - the work of Deming, Six Sigma and Lean.

Required Texts

Testing Computer Software - This one is Cem Kaner's seminal manual on all things software QA. This one is up there with the work of Richard Stevens when it comes to talking about amazing technical references.

Out of the Crisis - This one is Deming's master work, and the absolute bible of product quality.

Supplemental Texts

The Six Sigma Way - Peter Pande's excellent reference on all things Six Sigma contains all of the key points about Six Sigma and is actually interesting to read at the same time.

Toyota Production System - Written by Taichi Ohno, the architect of Toyota's production system which was the model for what eventually became known as Lean. This one's the original source material, and an important basis for understanding how to build products (and software and networks) in the most effective way possible.

Share this post

About the author

Michael Murray

Michael Murray