Cleanroom Software Engineering

What it is

Cleanroom software engineering (CSE) is a collection of techniques for the economical development of high-quality software. CSE was developed by Harlan Mills while at IBM, and has been applied to the development of large industrial systems with very good results. These systems include large distributed systems, embedded control systems, and web applications.

The essential characteristics of CSE are the following:

• Prevent defects. Instead of developing incorrect software and then trying to find and correct all errors, concentrate on preventing errors, or at least catching them before moving on to the next development phase (phase containment of defects). To this end, CSE promotes the use of peer review, inspections, and/or rigorous verification.
• Incremental (or iterative) development. Grow, don't build software. System requirements evolve over time, and delivery of new capabilities changes expectations.
• Statistical quality control. As with other product development processes, sources of variation among iterations of the process should be identified and controlled. This allows for effective and accurate planning, and for continuous improvement.

The specific techniques which make up an implementation of the CSE process vary, but typically include the following.

• Box structured development / sequence-based specification. Formal specification and stepwise refinement with verification are part of all CSE implementations.
• Statistical testing based on a model of intended use. Other testing and evaluation techniques are not precluded by this approach, but statistical quality control requires a repeatable evaluation of both the product and process.

Publications

• S. Prowell, C. Trammell, R. Linger, and J. Poore, Cleanroom Software Engineering: Technology and Process, Addison-Wesley, 1999.
• R. Linger and S. Prowell, ``Developing Secure Software with Cleanroom Software Engineering,'' in Improving Security Across the Software Development Lifecycle, S. Redwine and N. Davis, eds., Task Force Report, Volume II, National Cyber Security Summit, March 2004.

Tools

Software to support many of the techniques is under development at the SQRL. Expertise, training, and support is available from Software Silver Bullets.

I am solely responsible for the content of my pages. The mention of an organization or individual on these pages should not be construed as an endorsement of any page content. Please send me any corrections.