Hello. This is Hermes Solution. Today, we would like to talk about Defect Management within the ASPICE (Automotive Software Process Improvement and Capability determination) framework, which is essential for ensuring the quality and safety of automotive software.
The amount of software in a single vehicle is growing exponentially, and its importance is increasing daily. Beyond simple convenience features, software is now responsible for core functions directly related to driver and passenger safety, such as engine control, braking, and autonomous driving. Amidst these changes, securing the quality and safety of automotive software has become a paramount concern.
This is where the ASPICE framework comes in. ASPICE is an international standard for evaluating and improving the capability of automotive software development processes. It acts like a systematic guideline for precisely diagnosing and improving the performance of automotive software development. It evolved from the existing software process assessment standard, ISO/IEC 15504 (SPICE), adapted specifically for the automotive industry.
The ASPICE framework defines various activities spanning the entire software development lifecycle, and among these, ‘Defect Management’ is an indispensable core element. ASPICE views defect management not just as an activity to fix found bugs but as a crucial means to enhance the quality of the software development process itself.
How is Defect Management Handled in ASPICE? SUP.9 and SUP.10
Within the ASPICE framework, defect management is performed integrally across various process areas, but key activities are primarily defined in two core processes: SUP.9 (Problem Resolution Management) and SUP.10 (Change Request Management).
SUP.9 Problem Resolution Management: This process focuses on the activities of identifying, analyzing, managing, and resolving all types of ‘problems’ (including software defects) discovered during development. The goal is to systematically track problems from the moment they are first identified until they are finally resolved, ensuring product quality. The main activities (Base Practices – BPs) of SUP.9 are as follows:
SUP.9.BP1: Develop problem resolution strategy
SUP.9.BP2: Identify and record problems
SUP.9.BP3: Track problem status
SUP.9.BP4: Analyze and evaluate problems
SUP.9.BP5: Propose problem resolutions
SUP.9.BP6: Implement problem resolutions
SUP.9.BP7: Close problems
SUP.9.BP8: Analyze problem trends
SUP.10 Change Request Management: This is the process for systematically managing ‘change requests’ related to development artifacts such as requirements, design, and code. Activities like modifying code to fix a defect are managed through the SUP.10 process. The main activities (Base Practices) of SUP.10 are as follows:
SUP.10.BP1: Develop change request management strategy
SUP.10.BP2: Identify and record change requests
SUP.10.BP3: Record and track change request status
SUP.10.BP4: Analyze and evaluate change requests
SUP.10.BP5: Approve change requests
SUP.10.BP6: Implement and close change requests
SUP.10.BP7: Maintain bi-directional traceability for change requests
Generally, once a defect is identified and analyzed in SUP.9, the actual work to fix it, often involving code modifications, proceeds according to the change request management process in SUP.10. These two processes form the core pillars of defect management in ASPICE.
Why is Defect Management So Crucial in ASPICE?
Defect management is critical in ASPICE for the following reasons:
A Mirror of Process Quality: Defect data, such as defect occurrence rate, discovery phase, and inflow/outflow rates, are key objective indicators showing how efficient and defect-free the current development process is.
Evidence for Safety and Compliance: Proving compliance with standards like automotive functional safety (ISO 26262) requires demonstrating that safety-related defects are thoroughly managed and resolved. Systematic defect management provides the foundation for this evidence.
Engine for Continuous Improvement: Analyzing the root causes and patterns of defects helps identify weaknesses in the development process, leading to activities that improve development methods, coding standards, or testing strategies to prevent similar defects in the future.
Project Risk Management Tool: Defect discovery and resolution trends provide important information for assessing project progress, evaluating product readiness for release based on the number of unresolved critical defects, and managing resource allocation and potential schedule risks.
From these perspectives, defect management is not merely a maintenance activity but a fundamental basis for achieving the ASPICE framework’s goals of process improvement and quality enhancement.
Key Elements Required for Defect Management in ASPICE
To establish effective defect management in ASPICE, the following key elements must be in place:
Defect Lifecycle Management: The entire journey of a defect, from its identification and reporting, through analysis and planning, resolution, and finally verification and closure, must be systematically managed. Necessary activities and outputs for each phase must be clearly defined, and status tracking must be possible. Post-activities including defect analysis and improvement are also included.
Defect Classification System: A consistent classification system is needed for effective defect analysis. Defects should be classified using various criteria such as Severity (Critical, High, Medium, Low), Priority (Urgent, High, Medium, Low), Defect Type (e.g., Functional Error, Interface Issue), Origin Phase (e.g., Requirements, Design, Implementation), and Root Cause (e.g., Specification Error, Coding Error).
Traceability: Defects must be linked and tracked in relation to requirements, design elements, code, test cases, and change requests. This helps in understanding the impact scope of a defect and managing the effects of defect resolution on related artifacts.
Documentation: All information related to defect management, including the defect management plan, detailed records for each defect (including occurrence info, analysis, resolution steps), and defect metrics reports, must be thoroughly documented and managed. This serves as crucial evidence for ASPICE assessments.
Analysis and Prevention: Going beyond simply fixing defects, it is essential to identify the root cause of defects (e.g., 5-Why analysis, Fishbone diagram) and undertake process or technical improvements (e.g., strengthening coding standards, enhancing reviews) to prevent similar defects from occurring again. This is vital for advancing ASPICE maturity levels.
Practical Advice for Implementing ASPICE Defect Management Process
Here are some practical tips for effectively meeting the ASPICE defect management requirements:
Utilize Integrated Tools: Use an ALM (Application Lifecycle Management) tool that integrates requirements, test, defect, and change management to improve traceability and process efficiency.
Clear Process Definition and Training: Clearly define and document defect management procedures, responsibilities, and classification criteria, ensuring all team members are thoroughly trained on how to follow them.
Defined Roles and Responsibilities: Clearly define roles like Defect Manager and classification 담당자, assigning specific responsibilities for each step to ensure accountability.
Culture of Continuous Improvement: Foster a culture of continuous improvement by holding regular defect review meetings to discuss key defects and trends, and consistently implementing process improvements based on defect analysis results.
Conclusion
Systematic defect management within the ASPICE framework is a critical activity for enhancing automotive software quality, meeting functional safety requirements, and continuously improving development processes. By managing the entire defect lifecycle focusing on the SUP.9 and SUP.10 processes, and effectively analyzing defect data to drive preventive actions, we can create safer and more reliable automotive software.
If you require expert support in establishing and operating a systematic ASPICE-based defect management process, Hermes Solution can help. Hermes Solution provides the expertise and solutions necessary for meeting ASPICE requirements and achieving effective quality management.
