Date[ June 17, 1998]  Recordnr[        ]  Stored[ magazine, file-
cabinet, composition
Who[ J. M.. Voas
Title[ Certifying Off-the-Shelf Software Components
Published[ IEEE Computer, June 1998, Vol31 No6, an interview

Keywords[ COTS

Comment[ 


Summary[ 
Three questions must be answered positively before using/certifying a 
COTS-component for a specific environment:
1 Does component C fill the Developer's needs?
2 Is the quality of component C high enough?
3 What impact will component C have on system S?

Ways to answer that is by:
a Black-box testing (answers question 1)
b System-level fault injection
c Operational system testing
a and b together answer 2 and 3.

Black-box testing: 
- best to build own oracle that tests comonents against needs of user 
and not against vendors specification
- can fail to exercise important/faulty portions of the code

System-level fault injection:
Instead of the component a fault injector is put into the system (just 
the minimum amount of surrounding components is used) that works nearly 
like the component but randomly makes wrong results. Can the system 
stand that?

Operational system testing:
Problem: enormous amount needed for components that rarely fail.
Advantage voer system-level fault injection: tests the real wrong 
behaviour.

Remedy if component is not save enough: wrappers.
Problem: Wrapper may not catch all the behaviour of a component.