Quality Requirements for Software-dependent Safety-critical Systems History, current status, and future needs

Whereas current engineering practice focuses on functional requirements, considerations other than the function (e.g., safety; security; maintainability) are relegated into a category (unfortunately) called “non-functional requirements.” Although ISO/IEC/ IEEE 24765 §3.1900 defines this term as “a software requirement that describes not what the software will do but how the software will do it,” the authoritative family of ISO/IEC software engineering standards for software product quality requirements and evaluation (ISO/IEC 25000 series) uses the term, “quality requirements” instead of “non-functional requirements.” ISO/IEC/ IEEE 24765 §3.1900 notes: “Nonfunctional requirements are sometimes difficult to test, so they are usually evaluated subjectively.” In contrast, the ISO/IEC 25000 family of standards suggests an objective evaluation with the help of a quality model, through which an abstract quality attribute is decomposed into measurable characteristics. The authors trace the historic evolution of these ideas, present the current state of the standards, and identify needs for future research and development of a quality model, focused on the domain of digital safety systems for nuclear power plants.