Verification and validation (software)

In software project management, software testing, and software engineering, verification and validation (V&V) is the process of checking that a software system meets specifications and that it fulfills its intended purpose. It may also be referred to as software quality control. It is normally the responsibility of software testers as part of the software development lifecycle.

Definitions

Validation checks that the product design satisfies or fits the intended use (high-level checking), i.e., the software meets the user requirements. This is done through dynamic testing and other forms of review.

Verification and validation are not the same thing, although they are often confused. Boehm ^[1] succinctly expressed the difference between them:

• Validation: Are we building the right product?
• Verification: Are we building the product right?

According to the Capability Maturity Model (CMMI-SW v1.1),

• Verification: The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase. [IEEE-STD-610].
• Validation: The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. [IEEE-STD-610]

In other words, validation ensures that the product actually meets the user's needs, and that the specifications were correct in the first place, while verification is ensuring that the product has been built according to the requirements and design specifications. Validation ensures that "you built the right thing". Verification ensures that "you built it right". Validation confirms that the product, as provided, will fulfill its intended use.

From testing perspective:

• Fault – wrong or missing function in the code.
• Failure – the manifestation of a fault during execution.
• Malfunction – according to its specification the system does not meet its specified functionality.

Within the modeling and simulation community, the definitions of validation, verification and accreditation are similar:

• Validation is the process of determining the degree to which a model, simulation, or federation of models and simulations, and their associated data are accurate representations of the real world from the perspective of the intended use(s).^[2]
• Accreditation is the formal certification that a model or simulation is acceptable to be used for a specific purpose.^[2]
• Verification is the process of determining that a computer model, simulation, or federation of models and simulations implementations and their associated data accurately represents the developer's conceptual description and specifications.^[2]

Related concepts

Both verification and validation are related to the concepts of quality and of software quality assurance. By themselves, verification and validation do not guarantee software quality; planning, traceability, configuration management and other aspects of software engineering are required.

Classification of methods

In mission-critical systems where flawless performance is absolutely necessary, formal methods can be used to ensure the correct operation of a system. However, often for non-mission-critical systems, formal methods prove to be very costly^{[citation needed]} and an alternative method of V&V must be sought out. In this case, syntactic methods are often used.^{[citation needed]}

Test cases

Main article: Test case

A test case is a tool used in the process.

Test cases are prepared for verification: to determine if the process that was followed to develop the final product is right.

Test cases are executed for validation: if the product is built according to the requirements of the user. Other methods, such as reviews, may be used early in the life cycle to provide for validation.

Independent Verification and Validation

Verification and validation often is carried out by a separate group from the development team; in this case, the process is called "independent verification and validation", or IV&V.

Regulatory environment

Verification and validation must meet the compliance requirements of law regulated industries, which is often guided by government agencies^[3][4] or industrial administrative authorities. For instance, the FDA requires software versions and patches to be validated.^[5]

See also

Software Testing portal

• Compiler correctness
• Cross-validation
• Formal verification
• Functional specification
• Medical software
• Independent Verification and Validation Facility
• International Software Testing Qualifications Board
• Software verification
• Software requirements specification
• Validation (drug manufacture)
• Verification and validation – General

Notes and references

1. Boehm, B.W. (1989). Software Risk Management. IEEE Computer Society Press. 
2. Department of Defense Documentation of Verification, Validation & Accreditation (VV&A) for Models and Simulations. Missile Defense Agency. 2008 
3. "General Principles of Software validation; Final Guidance for Industry and FDA Staff" (PDF). Food and Drug Administration. 11 January 2002. Retrieved 12 July 2009. 
4. "Guidance for Industry: Part 11, Electronic Records; Electronic Signatures — Scope and Application" (PDF). Food and Drug Administration. August 2003. Retrieved 12 July 2009. 
5. "Guidance for Industry: Cybersecurity for Networked Medical Devices Containing Off-the Shelf (OTS) Software". Food and Drug Administration. 14 January 2005. Retrieved 12 July 2009. 

• Tran, E. (1999). "Verification/Validation/Certification". In Koopman, P. Topics in Dependable Embedded Systems. Carnegie Mellon University. Retrieved 2007-05-18. 
• Menzies, T.; Y. Hu (2003). "Data mining for very busy people". IEEE Computer 36 (1): 22–29. doi:10.1109/MC.2003.1244531. 

External links

• Chapter on Software quality (including VnV) in SWEBOK