Understanding the Software Development Life Cycle (SDLC) requires engagement with a wide range of foundational and domain-specific materials. To support this, we have compiled a curated set of background readings—spanning standards, academic research, industry handbooks, and practical guides—that collectively provide a broad overview of modern SDLC practices. These resources are intended to serve as a starting point for deeper exploration, offering context, terminology, and perspectives that help clarify how different lifecycle activities fit together.
While we have made every effort to ensure these links are accurate, relevant, and up to date, the internet is inherently unstable. Academic repositories move, corporate documentation is reorganized, and some resources may become outdated or otherwise misleading over time. If you encounter a broken link, incorrect reference, or material that no longer reflects its intended topic, please report it so we can maintain the accuracy and usefulness of this collection.
SDLC Competency | Description |
| Link |
Software Requirements | This is the definitive guide developed by the IEEE Computer Society. Chapter 1 is entirely dedicated to Software Requirements. It covers the fundamentals (definition, functional vs. non-functional), the requirements process (elicitation, analysis, specification, validation), and practical considerations. It serves as a high-level roadmap to the entire discipline. |
| Guide to the Software Engineering Body of Knowledge (SWEBOK v4) |
| This is the current international standard that replaced the older IEEE 830 standard. It provides a unified treatment of the processes and products involved in engineering requirements. It includes detailed outlines for a System Requirements Specification (SyRS), Software Requirements Specification (SRS), and Stakeholder Requirements Specification (StRS). |
| |
| This is a highly cited academic paper that provides a comprehensive overview of the field. It explains the core activities of requirements engineering: eliciting, modeling, analyzing, communicating, agreeing, and evolving requirements. It bridges the gap between software engineering and systems engineering. |
| Requirements Engineering: A Roadmap (Nuseibeh & Easterbrook) |
| This handbook provides the detailed software engineering practices used by NASA. It translates high-level requirements standards into practical guidance for software practitioners. It covers the entire software lifecycle, including detailed sections on requirements definition and management in the context of mission-critical systems.
|
| |
| These lecture notes from CMU’s “Foundations of Software Engineering” course provide a clear, academic introduction to the topic. They define key concepts like the distinction between “world” and “machine,” the difference between functional and quality requirements, and the importance of avoiding implementation bias.
|
| Lecture Notes on Requirements Engineering (Carnegie Mellon University) |
Software Non-Functional Requirements
| This report establishes the foundational taxonomy for “Quality Attributes” (the formal term for Non-Functional Requirements in architecture). It defines and categorizes attributes like performance, dependability, and security, which is essential for understanding NFRs beyond just a list of “-ilities.” |
| |
This is the official syllabus for the “Certified Professional for Requirements Engineering” exam. It is a highly structured, academic-quality guide that explicitly teaches how to distinguish, document, and validate “Quality Requirements” and “Constraints” (the two main types of NFRs).
|
| ||
Safety is a critical Non-Functional Requirement that often cannot be “traded off.” This guidebook provides a deep, practical look at how a specific NFR (Safety) is elicited, specified, and implemented in mission-critical systems. It covers “Generic Software Safety Requirements” and how to analyze safety as a constraint. |
| ||
This academic paper critiques the confusing terminology around NFRs and proposes a clearer classification system. It distinguishes between “Performance Requirements” (how well the system functions) and “Constraints” (restrictions on the solution), a distinction now widely accepted in modern engineering.
|
| ||
A white paper by The Open Group (authors of the TOGAF architecture standard). It focuses on the lifecycle of NFRs in enterprise systems, dealing with how requirements like “Manageability” and “Extensibility” must be defined early to prevent high maintenance costs later.
|
| Non-Functional Requirements (NFR) Framework (The Open Group) | |
Software Architecture | A foundational paper defining software architecture (elements, form, rationale) and its context in the software process. |
| Foundations for the Study of Software Architecture – Dewayne E. Perry & Alexander L. Wolf (1992) |
Course unit that explicitly includes a section “1.2 Architecture in the life cycle”. Good for lifecycle placement.
|
| Introduction to Software Architecture – Open Universiteit learning unit (year unspecified) | |
Examines architecture-centric methods (ATAM, ADD, etc) and how they integrate into the software development life cycle (SDLC).
|
| A Life‑Cycle View of Architecture Analysis and Design Methods – R. Kazman et al. (2003, CMU/SEI) | |
A recent empirical study on how architecture is managed across the lifecycle (requirements, design, testing, evolution).
|
| Software Architecture in Practice: Challenges and Opportunities – Zhiyuan Wan et al. (2023) | |
A more focused piece on how architecture fits into the lifecycle phases (planning, building, evolving). |
| The Role of Architecture in the Software Life Cycle – (lecture / course-paper by Unibo) | |
Software Design | A concise academic presentation of fundamental design principles (abstraction, modularity, information hiding, etc.) — good foundational material. |
| |
Focuses on design concepts (decomposition, modularity, etc) and outlines how design fits into the lifecycle (“what” → “how”) in the design phase. |
| Software Design Principles and Guidelines by D. C. Schmidt (Vanderbilt University) | |
A full lecture-note set covering the design process: architectural physical detailed design, characteristics of good design — gives coverage of design as a phase. |
| ||
A teaching unit that discusses problem partitioning, modularity, design complexity — useful for understanding how design deals with complexity in the lifecycle. |
| Software Design Principles (Engineering unit from LK University) | |
Although more focused on object-oriented design and patterns, this is very relevant to modern software design, showing how design choices interplay with architecture and modules. |
| ||
Compiler Warnings | Empirical study of how compiler warnings are used in industry, the attitudes toward them, and evidence of their correlation with defects. |
| The Unexplored Terrain of Compiler Warnings – Gunnar Kudrjavets et al. (2022) |
Academic paper exploring how compiler warnings correspond to defects in compilers and code, including how warnings are generated and their usefulness. |
| Finding and Analyzing Compiler Warning Defects – C. Sun et al. (2016) | |
Latest empirical work showing correlation between use of warning flags in C++ and quality metrics (bugs, critical issues, etc.). |
| The Impact of Compiler Warnings on Code Quality in C++ Projects – Albin Johansson et al. (2024) | |
Study of build logs / CI systems showing which categories of compiler warnings developers actually fix, ignore, or suppress. |
| What Warnings Do Engineers Really Fix? The Compiler That Cried Wolf – G. Kudrjavets (2023) | |
While not purely academic, this guideline explicitly states “Heed compiler warnings. Compile code using the highest warning level … and eliminate warnings by modifying the code.” Relevant for lifecycle/quality context. |
| Secure Coding Practices – Info Sheet 1 – California Office of Information Security (2019) | |
Generated Code | This paper discusses model-driven engineering (MDE), automatic code generation, implications for software lifecycle (acquisition, sustainment) and issues of generated code maintenance etc. |
| Model-Driven Engineering: Automatic Code Generation and … (Software Engineering Institute / CMU) |
A thorough guide focused on automatic code generation (AGC) in model-based SE: addresses what it is, how to V&V, how to maintain generated code, linking to lifecycle. |
| ||
A newer academic thesis about how to evaluate generated code (metrics, quality indicators) — useful for understanding the lifecycle implications of generated code. |
| Evaluation Methods for Generated Code (E. Baumgartner, 2024) | |
A somewhat older but still relevant paper on generative programming (code generated from higher‐level descriptions), component-based development and implications for software engineering. |
| ||
Focuses on the challenge of combining handwritten code and generated code: this is central for how generated code is used in real dev and lifecycle contexts. |
| ||
Static Analysis | Covers adoption of static analysis in the SDLC, use-cases, tool integration. |
| |
Practical guidance for integrating static code analysis into secure development lifecycles. |
| Best Practices for the Use of Static Code Analysis within a Secure Development Lifecycle – NCC | |
Academic text on theory of static analysis: foundations, techniques, models. |
| Static Program Analysis – Anders Møller & Michael I. Schwartzbach | |
Examines how static code analysis is applied in verification/security phases of the software lifecycle. |
| Static Code Analysis for Software Security Verification: Problems and Approaches – Z. Zhioua et al. | |
Focuses on static analysis in the context of secure SDLC: requirements, industrial challenges, feature sets. |
| ||
Code Maintainability | Focuses on dead code (“unused/unreachable code”) and empirically investigates its prevalence, why it arises, how it affects maintenance/understanding. Good for maintainability angle. |
| A Multi-Study Investigation Into Dead Code – S. Romano, C. Vendome, G. Scanniello & D. Poshyvanyk |
Specifically addresses code duplication (clones) and how it impacts readability and maintainability—highly relevant for duplication dimension. |
| The Role of Duplicated Code in Software Readability and Maintainability – X. Liao (2020) | |
A broader review of maintainability: metrics, factors, trade-offs. Good high‐level academic reference. |
| Software Code Maintainability: A Literature Review – (via Software Engineering Institute) | |
Discusses metrics (including code complexity, duplication) and benchmarking of maintainability / source-code quality. Useful for complexity + duplication facets. |
| Software Metrics as Benchmarks for Source Code Quality – J. Rentrop (2006) | |
Focuses on complexity metrics and how complexity ties to maintainability issues. Complementary dimension (complexity) for maintainability topic. |
| ||
Code Reviews | One of the seminal empirical studies of modern (tool-based, lightweight) code reviews; covers motivations, outcomes (defects, knowledge transfer) and challenges. |
| |
Explores quantitatively how code review coverage correlates with bug introduction, readability, complexity. Good for lifecycle/quality link. |
| On the Impact of Code Reviews on Software Quality — Gabriele Bavota & Barbara Russo (2015) | |
Focuses on how code reviews affect design quality (and degradation) across reviews and over time — good for deeper issues in code reviews beyond defect detection. |
| ||
Addresses tooling and human productivity aspects of code review; looks at how interactive review tools help detect changes across multiple files etc. |
| Interactive Code Review for Systematic Changes — T. Zhang et al. (2015) | |
A mapping study of the code-review research field: classifies topics, gaps, metrics; useful for understanding how code review research has evolved and where to look further. |
| ||
Unit Testing | Covers fundamentals of unit testing, xUnit frameworks, assertions, regression testing and workflow integration. |
| |
Introduces unit testing, TDD, test structure, and how unit tests fit alongside other kinds of tests. |
| ||
Explains unit testing concepts, the role of components, and provides an overview of TDD and its impact on design. |
| Unit Testing & TDD: What is Software Testing? – P. Zarras (University of Ioannina) | |
Provides a structured overview of testing, with a dedicated section explaining unit tests, their purpose, and lifecycle role. |
| Testing (includes unit testing) – Jonathan Aldrich, CMU (17-654 course) | |
Discusses the role of unit testing in CS/SE education, including its relationship to software development practices and lifecycle. |
| ||
Dynamic Analysis | Classic paper defining dynamic analysis (versus static), profiling, execution-based instrumentation. |
| |
Explains what dynamic analysis is, instrumentation, run-time behaviour, uses for program understanding and testing. |
| Dynamic Program Analysis – Nataliia Stulova (Lecture Slides) | |
Contemporary lecture material detailing dynamic analysis in software engineering, its components, and role in runtime QA. |
| Dynamic Analysis (Lecture: EECS 481, University of Michigan) | |
Contains a section specifically on “Dynamic Analysis” linking it to testing, instrumentation and lifecycle phases. |
| ||
Empirical research on dynamic data-flow testing (a form of dynamic analysis) for OO systems — useful for deep dive into the technique. |
| Dynamic Data Flow Testing of Object Oriented Systems – G. Denaro et al. | |
Continuous integration | Industry guide explaining CI/CD concepts, principles, basic workflows, and how to set up a CI/CD process end-to-end. |
| Continuous Integration and Delivery Introduction Guide – SAP |
Widely cited systematic literature review of CI/CD: classifies tools, approaches, challenges, and best practices across many studies. |
| ||
Focuses on real-world CI/CD pipelines, failures, and optimizations (e.g., flaky builds/tests, performance of CI). |
| ||
Case-study style thesis that designs and documents a CI/CD pipeline for a real multitenant product; good practical detail. |
| ||
Another detailed case study: designing and implementing a CI/CD system for a cloud-based web app in a company setting. |
| ||
Smoke and Sanity Testing | Academic paper comparing smoke and sanity testing, defining each clearly, and explaining their role in the software testing lifecycle. |
| Software Testing: Smoke and Sanity – Varuna Gupta & Vivek Sen Saxena (IJERT, 2013) |
Discusses smoke testing (build verification), scope, timing, and contrasts it with sanity testing; practical orientation. |
| ||
19-page lecture notes, containing a dedicated section on smoke & sanity testing in the context of test levels and special test types. |
| ||
Multi-page paper covering the testing process in detail, including a specific section on smoke testing and sanity testing as “special tests.” |
| Software Test Process, Testing Types and Techniques – P.K. Reddy | |
Broader testing methodology paper with a dedicated discussion of sanity testing—its purpose, position, and examples in real workflows. |
| Significance of Software Testing Methods – Case Driven – IJAERS (2016) | |
Integration Testing | Covers integration testing in the software testing life-cycle, especially for web/distributed applications: challenges, strategies, interface testing. |
| Quality Assurance and Integration Testing – I. A. Khan (2012) |
Slides detail integration testing strategies (big-bang, bottom-up, top-down, sandwich), and show how integration fits after unit testing but before system testing. |
| Software Testing – Lecture Slides: Integration Testing – Bernd Bruegge (TUM WS 2008/09) | |
Case study thesis covering integration tests in microservice environments, tools (Testcontainers, REST-Assured), CI pipelines: modern context. |
| Integration Testing for Enterprise Web Applications – Thesis – G. Malnati (2023) | |
Comparative paper focusing on integration vs system testing: approaches, differences, lifecycle placement. |
| Study on Integration Testing and System Testing – IJCRT-published paper | |
A more advanced research paper applying metamorphic testing techniques to integration testing: useful for deepening knowledge in integration testing techniques. |
| Composite Metamorphic Relations for Integration Testing – S. F. Yakusheva & A. S. Khritankov (2023) | |
Qualification Testing | Classic guide describing what software product qualification is, its objectives, criteria, documentation, and how qualification fits into a regulated software lifecycle (written for nuclear, but generally applicable). |
| Guide for the Qualification of Software Products – D.R. Tremaine et al. (COG / CSA Group) |
Explains the tool qualification process per ISO 26262: tool classification, confidence levels, qualification methods, and expected evidence/testing. Great conceptual overview of qualification in functional safety. |
| Qualifying Software Tools According to ISO 26262 – M. Conrad et al. (MathWorks / SAE paper) | |
Supplier quality requirements document for software, including a summarised tool qualification process (flow chart, objectives, required artifacts). Shows how qualification is embedded in an industrial process. |
| QRS-116: Software Development – Quality Requirements for Suppliers – Leonardo (Issue 04) | |
Standard defining structure and content for test documentation, including how to document qualification tests (plans, procedures, reports). Good as a formal reference for qualification testing documentation. |
| IEEE Standard for Software and System Test Documentation (IEEE 829-2008) | |
Practical white paper on test tool qualification under standards like ISO 26262 and DO-330: explains approaches to qualification, required artifacts (TQP, TVP, TVR, etc.), and how qualification fits into safety-critical lifecycles. |
| Test Tool Qualification for Functional Safety – Technical White Paper – LDRA | |
Continuous Deployment | Introductory chapter that defines continuous deployment, explains how it extends continuous delivery by removing manual gates, and describes pipeline stages and feedback loops. |
| |
While focused on CD, it clearly distinguishes continuous deployment and explains when/why to move from CD to fully automated deployment, in a modern cloud context. |
| A Guide to Continuous Delivery for Cloud-Native Applications – AWS | |
Classic paper that introduces the deployment pipeline, showing how continuous integration flows into continuous delivery and ultimately continuous deployment. Great lifecycle framing. |
| ||
Research paper discussing CI/CD with emphasis on deployment automation, benefits, challenges, and how continuous deployment fits into DevOps-based lifecycles. |
| ||
Recent case study on monitoring and verifying a real continuous deployment process. Good for understanding CD in production, and how to ensure it behaves correctly. |
| ||
Integrating 3rd Party Products | Case-study-based report on how third-party components are selected, used, and integrated in a real organisation (Nokia Networks). Covers process, integration challenges, glue code, maintenance, and practical lessons. |
| |
A detailed handbook describing the large-scale introduction of a COTS solution: selection, integration with existing systems, data migration, process changes, and governance. Very useful as an end-to-end “how we integrated a 3rd-party product” story. |
| ||
Classic guide for using COTS in defense systems. Includes sections on integration planning, logistics, configuration management, and test & evaluation/product assurance for COTS components. |
| COTS Guide – Commercial Off-The-Shelf – Air Force Materiel Command (1993) | |
Academic overview of COTS-based development: proposes process models, discusses integration-related issues (architecture, requirements fit/mismatch, customization), and highlights open research and practice problems. |
| COTS-Based Software Development: Processes and Open Issues – M. Morisio et al. (Journal paper) | |
Focuses on what happens after integration: how upgrades/changes in third-party components affect long-lived systems, and how to reason about evolution risks and migration decisions. Great for lifecycle/maintenance aspects of 3rd-party integration. |
| Identify Impacts of Evolving Third-Party Components on Long-Living Systems – A technical paper (PDF) | |
Integrating 3rd Party Code | Focuses specifically on integration of third-party source code/components (not just binary libraries), addresses issues like compatibility, interoperability, testability, documentation. |
| |
Discusses using third-party components (including code) in development, examines the amounts of “glue code”, necessary resources, and integration lifecycle issues. |
| ||
Recent work that looks at integration of third-party components (source code or libraries) including trust, vendor updates, lifecycle risk — good for understanding longer-term impact. |
| Exploring Confidence Challenges in Integrating Third-Party Components – S. Hashem (2025) | |
Focused on how third-party code (in Java dependencies) can be specialized or reduced for integration; touches on integration complexity and managing external code inclusion. |
| Automatic Specialization of Third-Party Java Dependencies – C. Soto-Valero et al. (2023) | |
Explores how integration errors arise when using third-party libraries; helps understand the risks/defects within code integration rather than mere component reuse. |
| SPIDER: Specification-based Integration Defect Revealer – V. Feofilaktov & V. Itsykson (2022) | |
Integrating Open Source Products | Directly studies the challenges of integrating OSS (and inner source) into organisations: technical, process, and organisational issues, plus mitigation strategies. Very relevant for understanding what goes wrong when you bring OSS into a product. |
| |
Empirical report focusing on integrating third-party components including open source components in real projects (Nokia Networks). Discusses selection, integration effort, “glue code”, maintenance, and lifecycle implications. |
| ||
A 45-page Linux Foundation guide explaining how enterprises adopt and integrate open source: strategy, governance, contribution models, managing OSS in products/services, and aligning OSS with the SDLC. |
| Enterprise Open Source: A Practical Introduction – The Linux Foundation | |
Modern paper with a dedicated section “Strategies for Adopting Open Source in Enterprise Software”, including governance, integration approaches, and risk-handling when embedding OSS into enterprise systems. |
| ||
Guidance on using OSS in software supply chains: evaluating OSS, integrating open-source libraries and components, addressing security, licensing, and lifecycle risk when those components become part of your products. |
| Open Source Software Best Practices and Supply Chain Risk Management – UK Government (2024) | |
Integrating Open Source Code | Empirical study showing what happens when OSS code is integrated into commercial systems: challenges in process, architecture, team culture. |
| |
Focus on integrating open-source code in embedded systems: real-world constraints, adaptations, tool-chain issues. |
| Issues for Embedded Open Source Software Integration – T. Yamakami (2010) | |
Explores how OSS code is used and integrated in projects: benefits (speed, flexibility) and challenges (maintenance, licensing, compatibility). |
| Benefits and Challenges of Integrating Open-Source Software – T. Conger (2023) | |
While broader, includes sections highly relevant to OSS code integration: managing third-party code, dependencies, supply chain and integration risks. |
| ||
Academic review covering choice between in-house vs OSS code, and includes integration issues when OSS is selected and integrated into systems. |
| In-house, OSS, COTS or Outsourcing — A Systematic Review – D. Badampudi et al. (2016) | |
Delivering Code to 3rd parties for Integration | Practical guide for integrating 3rd-party applications with Oracle’s system; covers how external systems consume/publish services and how to package for partners. |
| Third-Party Integration Guide – Oracle Retail Integration Cloud Service |
A buyer’s guide oriented around delivering SDKs/APIs to partners/vendors for integration; relevant to the topic of delivering code for 3rd-party use. |
| Third-Party SDK & API Software Integrations eGuide – Accusoft | |
Covers many integration scenarios including partner/third-party integrations; useful for code delivery/integration context though not strictly “delivering code” handbook. |
| ||
Software Customer Support Process | 90+ page thesis focused exactly on software customer support: current-state process mapping, literature review of support frameworks, interviews with support engineers/customers, and a proposed improved process model. |
| |
Uses simulation to analyse a global customer support process: maps the process, identifies bottlenecks and queues, and evaluates improvements. Strong on concrete process flows, roles, and performance metrics. |
| Customer Support Process Analysis – T. Björch, Mälardalen University (Thesis, 2016) | |
A modern guide that lays out a global support framework: ticket flows, tiered support model, roles & responsibilities, KPIs, escalation paths, and the role of AI—very practical for designing or refining a support process. |
| Building a Global Customer Support Framework for Enterprises – ManageEngine | |
Vendor handbook describing software customer support organization, contact channels, priority levels, escalation, responsibilities, and problem-handling best practices—essentially a real-world support process playbook. |
| ||
Contains a “Customer Support Process Overview” section plus detailed phases, related documentation, service levels, handoffs, and communication expectations. Useful as a concrete example of a documented support process. |
| ||
Software Maintenance Process | Detailed chapter on maintenance process models: how software maintenance differs from development, types of processes, lifecycle integration. |
| |
A formal guideline describing the software maintenance process step-by-step (change request, approval, design review, test, deployment), and how to control & improve the maintenance process. |
| ||
Recent academic overview of models and processes for software maintenance, useful for understanding current practices and lifecycle implications. |
| Software Maintenance Models and Processes: An Overview – A. Masrat et al. (2021) | |
Master’s thesis exploring how the maintenance process can be improved via process frameworks (CMMI), hence covering maintenance process maturity and lifecycle fit. |
| Software Maintenance and Process Improvement by CMMI – A.-S. Jansson (2007) | |
Teaching material covering maintenance process types (corrective/adaptive/perfective/preventive), workflows of maintenance tasks and their integration into the overall software lifecycle. |
| ||
Software End of Life Process | Academic white-paper exploring how software end-of-life is defined, managed, and the gaps in current practice. |
| End-of-Life of Software: How is it Defined and Managed? – Z. Assaad & M. Henein (2022) |
Paper describing the sunsetting method for software product end-of-life, with case studies and process description. |
| The Sun Also Sets: Ending the Life of a Software Product – S. Jansen et al. (2009) | |
Government fact sheet on managing software/hardware assets when they reach EoL: inventory, risk, process steps. |
| End-of-Life (EOL) Management – Fact Sheet – DLR / SD-Banking (2024) | |
A corporate policy document describing the end-of-life process for software services: announcement, support termination, customer communication. |
| End-of-Life Policy for Digital Solution Services – Signify (2022) | |
Whitepaper discussing end-of-life and end-of-support for software assets: business & technical risks, process for phasing out, lifecycle integration. |
| Strategic End-of-Life & End-of-Support Management – L. Dempsey (Whitepaper) | |
Software Documentation Process | A comprehensive guide to planning, producing, controlling, reviewing software documentation; covers the documentation process from a management standpoint. |
| Management Guide for Software Documentation – U.S. Government Printing Office |
Academic systematic review that captures many issues, practices, models and tools related to software documentation; good for understanding process improvements. |
| Software Systems Documentation: A Systematic Review – Uddin et al. (2024) | |
Teaching material that breaks documentation into process documentation and product documentation, and describes how the documentation process maps to development and maintenance phases. |
| ||
Though oriented to research software, this document provides solid guidance on documentation processes: planning, ownership, maintenance, versioning—largely applicable to software documentation in general. |
| Good Practices for Research Software Documentation – Sorrel & Druskat | |
Developer-focused documentation guidelines in the context of security/evaluation — includes process rules for producing developer documentation, useful as part of the overall documentation process. |
| Guidelines for Developer Documentation (Common Criteria v3.1) – BSI (Germany) | |
Software Configuration Management Process | Thorough guide covering SCM disciplines: identification, control of changes, status accounting, audits & reviews, release processing — directly covers SCM process. |
| Software Configuration Management: A Practical Guide – U.S. Dept. of Energy (DOE), 2000 |
Slide/guide format with definition of SCM, components (identification, control, status accounting), and how it maps into the software lifecycle. |
| Software Configuration Management – People at KU (lecture/guide) | |
Detailed guide for SCM in a high-assurance/aerospace context: process models, CI hierarchies, tailoring of SCM to project size/complexity. |
| Guide to Software Configuration Management (ESA) – European Space Agency | |
Lecture material covering configuration items, baselines, versions, revisions, SCM activities and processes — good for understanding the process structure. |
| Lecture Notes on Software Configuration Management – G. Teubner, TUM (1999) | |
Research paper about SCM process implementation: how to integrate source code management, bug tracking, build management in a process; touches on process workflow. |
| Implementation of Software Configuration Management Process – (Academic paper) | |
Software Quality Assurance Process | Defines SQA as an umbrella process across project & software lifecycles, describes an SQA process framework integrated with SDLC phases — aligns with your requirement. |
| Software Quality Assurance (SQA), Process Integrated with PMLC and SDLC – Owens & Khazanchi (2009) |
Covers documentation of SQA systems, pre‐project process components, project lifecycle assurance, infrastructure components; shows how SQA spans beyond testing. |
| Software Quality Assurance: From Theory to Implementation – Daniel Galin | |
Discussion of QA as process of monitoring and improving the processes in addition to the products; includes QA activities across lifecycle, not just at test stage. |
| The Basics of Software Quality Management: QA, QC and Testing – AltexSoft (2023) | |
Focuses on how SQA was implemented in a real organization: the importance of establishing viable SQA processes, aligning process & tool implementation. |
| ||
Recent study comparing QA activities across SDLC models (Waterfall, Agile) — helpful for understanding SQA process structure in different lifecycle contexts. |
| An Analysis of Quality Assurance Practices Based on Various SDLC Models – JETIR (2022) | |
Software Verification Process | Classic government report explaining software V&V, with explicit sections on verification activities per lifecycle phase, verification planning, and process responsibilities. |
| Software Verification and Validation – D.R. Wallace & R.U. Fujii (NIST / U.S. Govt) |
SEI module that introduces V&V as a systems-engineering process. Covers goals, verification methods, and how verification is organized and integrated in the development process. |
| ||
Modern NIST guideline describing what a developer verification process should look like: planning, techniques, traceability, automation, and continuous verification across the lifecycle. |
| Guidelines on Minimum Standards for Developer Verification – NIST IR 8397 (2021) | |
Domain-specific (marine/offshore) but very explicit about the software verification process: verification planning, HIL testing, documentation, responsibilities, and criteria. Good concrete process reference. |
| Guide for Software Systems Verification – American Bureau of Shipping (ABS) CyberSafety SSV Guide v4 | |
Research thesis that empirically studies how organizations perform V&V, with a strong emphasis on understanding and modelling the verification process and its activities across the SDLC. |
| ||
Software Validation Process | Classic government report explaining software V&V, with explicit sections on verification activities per lifecycle phase, verification planning, and process responsibilities. |
| Software Verification and Validation – D.R. Wallace & R.U. Fujii (NIST / U.S. Govt) |
SEI module that introduces V&V as a systems-engineering process. Covers goals, verification methods, and how verification is organized and integrated in the development process. |
| ||
Modern NIST guideline describing what a developer verification process should look like: planning, techniques, traceability, automation, and continuous verification across the lifecycle. |
| Guidelines on Minimum Standards for Developer Verification – NIST IR 8397 (2021) | |
Domain-specific (marine/offshore) but very explicit about the software verification process: verification planning, HIL testing, documentation, responsibilities, and criteria. Good concrete process reference. |
| Guide for Software Systems Verification – American Bureau of Shipping (ABS) CyberSafety SSV Guide v4 | |
Research thesis that empirically studies how organizations perform V&V, with a strong emphasis on understanding and modelling the verification process and its activities across the SDLC. |
| ||
Software Review Process | Focuses on reviews and audits of software/process documents and software processes in a regulated domain; provides generic review procedures for process and documentation. |
| |
A guideline document that addresses review of artifacts and processes, not just code; covers types of reviews and how review activities feed into process improvement. |
| Software Review Guidelines – Walcélio Melo, Forrest Shull, Guilherme Horta Travassos (COPPE/UFRJ) | |
This covers process modelling, evaluation (which includes review of processes), and improvement. Useful for process-reviews (audit/review of how software is developed). |
| Software Process: Modelling, Evaluation and Improvement – Silvia T. Acuña et al. | |
A detailed guidebook for auditing software processes (and products) in NASA projects — hence strongly process-review oriented (evaluating lifecycle processes and compliance). |
| ||
Focuses on auditing the software development process itself: characterizing a process, analyzing strengths/weaknesses, recommending improvements. |
| SW Development Process Audit Procedure – S.G. Crawford & M. Hosein Fallah (AT&T Bell Labs) | |
Software Audit Process | Extensive guideline covering audit planning, execution, and reporting in IT environments — strongly applicable for software audit processes. |
| Guideline for Audit of IT Environment – European Court of Auditors (ECA) |
Focused on auditing software projects: the audit process, milestone mapping, documentation requirements — useful for software audit workflows. |
| Software Project Audit Process – Information and Communication Technology Agency of Sri Lanka (ICTA) | |
Guidance document on auditing information systems, covering audit planning, risks, controls and process steps — directly relevant for software audit processes. |
| ||
Manual covering the audit process of IT systems in the public sector: describes audit flow, workpapers, audit objective definitions — good process reference. |
| IT Audit Manual (ITAM) – Controller and Auditor‑General of Ghana | |
Focuses on auditing applications (software) from a process/control perspective: administration, change management, general controls — provides a practical audit process. |
| The Application Audit Process – A Guide for Information Security Professionals – SANS Institute | |
Software Problem Resolution Process | A recent survey that discusses the hot-fix process: how time‐critical defects in production are fixed, released rapidly, and managed outside normal release cycles. |
| |
Practical guide with tips on reducing time to resolution (MTTR) for software defects, including customer-reported issues, fix planning, verifying, and deploying corrective releases. |
| 10 Tips to Accelerate Time to Resolution of Software Defects – Haricharan Ramachandra (2020) | |
Research framework modelling the defect resolution process from multiple perspectives (report, triage, fix, verify) — helpful to understand process workflows and variations. |
| Process Cube for Software Defect Resolution – M. Gupta et al. (2014) | |
Empirical study linking code quality to defect resolution performance; covers how the resolution process (fixing, verifying, releasing) is affected by technical quality and process execution. |
| Faster Defect Resolution with Higher Technical Quality of Software – Bart Luijten, J. Visser (2010) | |
Older but still relevant report on the software defect/process of resolution: problem report → scheduling fix → implementing fix → closing the issue; good for process baseline in support/maintenance context. |
| Difficulties in Managing Software Problems and Defects – M. Pasanen (1995) | |
Software Reuse Asset Creation Process | Case study and method for creating and maintaining reusable software assets in an agile company. Discusses what counts as a reuse asset, how to identify/harvest them from projects, how to organise a reuse team, and how to manage assets over time. |
| |
Focuses explicitly on establishing shared core assets in software product lines. Describes systematic processes to analyse existing products, derive commonalities, and turn them into reusable core assets plus a production plan. Very process-oriented. |
| ||
An OMG specification that defines how reusable software assets should be structured, described and packaged. Includes definitions of assets, asset-based development, asset lifecycle, and the roles of producers/consumers in an asset-creation process. |
| Reusable Asset Specification (RAS) v2.2 – Object Management Group (OMG) | |
Classic management guide that explains how to organise a reuse program, including identifying candidate assets, preparing them for reuse (documentation, quality, generalisation), and managing a reuse library across projects. |
| Management Guide to Software Reuse (NBS Special Publication 500-155) – William Wong, NBS/NIST | |
IBM’s best-practice guide to asset-based development. Shows how to define asset types, create and govern reusable assets (requirements, models, code, tests), and manage them via Rational Asset Manager and an “asset lifecycle”. This is effectively a full reuse-asset creation & governance process. |
| Strategic Reuse with Asset-Based Development – IBM Redbook (2008) | |
Software Reuse Asset Management Process | Classic managerial guide covering how to organise reuse programs, including classification, libraries, asset life-cycle, and asset management issues. |
| Management Guide to Software Reuse – William Wong (NBS/NIST SP 500-155) |
Empirical study that explicitly lists “asset management” as one of the processes of software reuse: storing, maintaining, classifying, retrieving assets. Good direct fit. |
| Reusing Software Assets in Agile Development Organizations – W.J.T. Spoelstra, Master’s Thesis | |
A detailed guide describing how to create, manage, and govern reusable assets (code, models, test cases), and manage their life-cycle. Strong asset-management focus. |
| Strategic Reuse with Asset-Based Development – IBM Redbook (2008) | |
Covers the “Reuse Management” process (asset life-cycle, storage, retrieval, modification control) in organisational context, thus directly relevant to asset management. |
| Characterizing the Implementation of Software Reuse Management Processes – M. Schots et al. | |
Survey that discusses processes including asset management (naming, storage, retrieval, classification) within reuse frameworks. Useful for process modelling of asset management. |
| A Survey on Software Reuse Processes – E. Santana de Almeida et al. | |
Software Reuse Program Management Process | Classic guide covering how to set up and manage a reuse program: security, governance, metrics, organisation of reuse library, process for reuse across projects. |
| Management Guide to Software Reuse – W. Wong (NBS/NIST SP 500-155) |
Focuses on strategy and program-management aspects of software reuse in a major programme: how to establish a reuse programme, define capability, integrate with projects, measure success. |
| Software Strategy for Reuse Study – Final Report (NASA/Constellation) | |
Includes process models and emphasises the “Reuse Program Management” process (identifying domains, reuse potential, feedback loops) which is core to managing a reuse programme. |
| A Survey on Software Reuse Processes – E. Santana de Almeida et al. |
