Istituto di Scienza e Tecnologie dell'Informazione     
Fabbrini F. Software fiscale: un'esperienza di certificazione. In: STF 2014 - Italian Software Testing Forum (Milano, 23-26 giugno 2013).
The System and Software Evaluation Center (SSEC) - an organizational unit for technology transfer operating at ISTI CNR - performs third-party evaluation and certification of processes and products in the area of Information Technology, according to given requirements and standards to meet the needs of users, suppliers and Public Administration. Since 1984 the Center has operated on behalf on the Italian Government (Ministry of Economy and Finances) evaluating the software on board of the so-called "Fiscal Meters" (that is fiscal devices, such as Electronic Cash Registers and Automated Ticketing Systems), in order to certify the conformance of their behavior to the requirements specified by the fiscal regulation. The initial request from the Italian Ministry of Finances in 1984 was for validating the reliability and integrity of the fiscal software functions and issuing a certificate for them. The evaluation process developed by the Center and refined through the years currently includes the static analysis of project work products and the execution of functional tests on the final product: . Analysis and inspection of the system documentation required by the law (product description, system manual, user manual, maintenance, ...) . Analysis and inspection of project documentation (project plan, system requirements, software requirements, system architecture, software design, source code, test plans, test reports, ...) . Performance of functional tests on the system, following specific test plans developed according to the different classes of fiscal products. Issues have arisen and lessons have been learnt from this almost three decades long experience: some are related to the general problem of software validation, some are specifically due to the need of certifying properties against requirements defined by the law: . Certification is often mistaken for a sort of guarantee . Manufacturers offer some resistance, since they worry about: o confidentiality aspects o the extra costs of an independent validation o possible increase in bureaucracy, due to the additional formal documentation requested by the IV&V lab . Documentation is often inadequate for the intended activity: sometimes it is too poor and does not provide enough information, sometimes it provides too much information and has to be reviewed, filtered and searched. A possible approach is to use checklists and questionnaires to check the completeness of the documentation and to trace and extract the needed information. . Difficulty with using automated test tools: the use of automated test tools seems the practical solution to effectively test software products, but the independent organization should be prepared to receive products implemented in a variety of different languages (for a number of different hosts and operating systems): this would result in a new different test environment for each equipment to be tested, with a strong increase in validation costs. . Difficulty with proposing a formal approach to the validation activity, which would charge manufacturers with a task and should be strongly supported by the fiscal regulations. . Difficulty with evaluating products according to law requirements (due to the intrinsic ambiguity of requirements expressed in natural language). . Benefits of integrating indicators of the capability level of the development process (deriving them a posteriori from the project work products) to improve the confidence on the product evaluation.
Subject Software Certification
D.2.4 Software/Program Verification

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional