[v2.0] Software Engineering



Foundations of computating

Mathematical foundations

Engineering foundations

System foundations



What is software?

Software is the information that users provide to a computer. Some examples are images, music, instructions, and so on.


Software disciplines

Process software

Why does software engineering matter to you?

Today is easy making a web, it doesn’t need all software engineering to do it, but some projects are critical such as


Since you program over time —when you contribute to building a large system, you design, construct software reasonably efficiently and correctly, and whose code can be maintained and reused you must do software engineering otherwise failure increases exponentially.

Warning. Buzzwords and Marketing.

Today we live in Babel Tower, but software engineering is even worse, you should choose carefully who listens. Why? …

Principle. Don’t because it’s trendy is good. https://www.youtube.com/watch?v=75Ju0eM5T2c&ab_channel=WebofStories-LifeStoriesofRemarkablePeople

Since disciplines are process-independent, requirements, design, construction, and others, have to.

What is kind of software going to build? Software applications

By Functionality

By business model.


Some people call the Software factory their job, is it accurate?



Software arquitectechts

Software engineers

By safety integrity level. IEC 61508




Software layers

Key concepts. Vocabulary.

Products vs. tools vs. platforms vs. ecosystems.




Since we’re working in the Engineering field and we have to avoid the Tower of Babel, you have got to use standards for qualified authority.

ISO/IEC/IEEE 24765 Systems and software engineering — Vocabulary







Worked examples

Domain understanding

Zero Footprint Applications

Language problem.



Process centered on the user.

Before anything, we must understand the user domain, and how it really solves their needs.

Four situations.

Known known.

Known unknown.

Unknown known.

Unknown unknown.


Maker dilemma

Software requirements


Worked examples

  1. Mathematics or Code. Automatic Verification such as Testing or Lean Proven?
  1. Languages in Anki.


Further resources

Contracts, scenarios, and prototypes. An integrated approach to high-quality software by Reinhold Plösch.

Software design. System design.

Office, C. D. a. D. (2019). Government Design Principles. GOV. Retrieved from https://www.gov.uk/guidance/government-design-principles?mc_cid=b8b24095f3&mc_eid=541175b307


First software design principle. At least you don’t have a good reason, use the available software. In real life, don’t make another programming language, javascript framework, browser, or whatever if you don’t have to.

Software architecture


Model-driven engineering


Conventions and standards

Follow the community, institutional, and team standards.

Unless you have good reasons, follow them —your taste is not a good reason.

Some standards


Reactive programming



SAML 2.0



Design Patterns: Elements of Reusable Object-Oriented Software. Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides y Grady Booch.




By market





System design


Jeffrey Dean – Google Research. (2022, August 18). Retrieved from https://research.google/people/jeff

Low-Code and No-Code Development

Will Low-Code and No-Code Development Replace Traditional Coding? - Slashdot. (2022, September 18). Retrieved from https://developers.slashdot.org/story/22/09/18/1624258/will-low-code-and-no-code-development-replace-traditional-coding


  1. Budibase
  1. Zapier
  1. IFTTT
  1. Airtable
  1. Typeform
  1. Shopify
  1. Webflow
  1. Carrd
  1. Payhere
  1. Stripe
  1. Memberstack
  1. Voiceflow

The NoCode.Tech Tools Directory. (2022, November 03). Retrieved from https://www.nocode.tech/tools

SVGator: Free SVG Animation Creator Online - No Coding. (2022, November 01). Retrieved from https://www.svgator.com


Libraries for typical software

Package manager

B2B Apps

React Admin




Communicational protocols


Distributed systems

Notion - The all-in-one workspace for your notes, tasks, wikis, and databases.
A new tool that blends your everyday work apps into one. It's the all-in-one workspace for you and your team

Distributed systems: Principles and Paradigms. Andrew S. Tanenbaum




The Design of Design: Essays from a Computer Scientist. Frederick P. Jr. Brooks. 2010. Addison-Wesley Professional.

Software construction

Software implementation? Programming? Coding?

Code Complete: A Practical Handbook of Software Construction. Steve McConnell.

Code: The Hidden Language of Computer Hardware and Software. Charles Petzold.

Structured programming. Dijkstra.

Literate programming



Build systems

Make, makefiles, webpack, …


Checkpoint/Restart and Application checkpointing




Collaborative work



GitHub flow


GitLab flow

Release flow

Trunk-based development

Master-only flow (One Flow)

Low-level stack tools

Large Programming Projects

Vim, Make, C, GNU, Clang, GNU, C++,


IDE and editors



6.005: Software Construction. (2020, August 06). Retrieved from https://web.mit.edu/6.005/www/sp16

6.031: Software Construction. (2022, May 23). Retrieved from https://web.mit.edu/6.031/www/sp22

Programming-from-A.-to-Z. "A2Z-F16." GitHub, 23 Jan. 2023, github.com/Programming-from-A-to-Z/A2Z-F16/blob/gh-pages/README.md.

Software maintenance

Entropy. Technical debt.


How can you build useful documentation that can be hard to maintain?

Famous or interesting documentation


man(1) - Linux manual page. (2022, September 26). Retrieved from https://man7.org/linux/man-pages/man1/man.1.html






tag cloud

System Reference Manual



Developer Reference Manual

Firebase API Reference. (2022, September 21). Retrieved from https://firebase.google.com/docs/reference

Angular - Introduction to the Angular Docs. (2022, March 09). Retrieved from https://angular.io/docs

End User System Reference Manual

In some countries, you have got to write an end user, but some UX practices recommend avoiding it because nobody read it, you should develop an easy-to-use system instead.


Software configuration management

Build system

Software engineering management

r/ProgrammerHumor - Eliminate Project Managers. (2022, November 06). Retrieved from https://www.reddit.com/r/ProgrammerHumor/comments/ymrdf3/eliminate_project_managers

Predictions and estimating

Culture, peopleware


Capability Maturity Model Integration

Further resources

Software engineering models and methods

Software quality

Plösch, R. (2004). Contracts and Scenarios in the Software Development Process. In: Contracts, Scenarios and Prototypes. Springer, Berlin, Heidelberg. https://libcon.rec.uabc.mx:4440/10.1007/978-3-642-18564-9_6

Applied software measurement. Capers Jones.

The Economics of Software Quality. Capers Jones.

Structured programming

Style guides and rules

Code review



Bugs. Defects in systems.



Quality assurance

The project has got to verify and validate its result in order to give some quality and security where “validation” means “are we building the right product?” and “verification” means “are we building the product right?” or formally according to [1]:

“Verification” is the process of evaluating a system to satisfy requirements.

“Validation” is evaluating a system to satisfy intended use or meet the customer’s expectations.

In the former, you check if your software meets functional and non-functional requirements —technical scope. The last, you check if your software is useful to your stakeholders or fits their purposes —the software’s economic value.

In those checking processes or, in short, the “V&V” process, the level of confidence depends on, first of all, software criticalness, user expectations, and the external environment such as marketing, industry, and law.

You must consider that “V&V” processes are not standard but industry based. Each organization chooses what are their engineering practices, therefore, the checking process. Our goal is to describe them to you.

You could be asking yourself “why I should check my software?”. The answer is that you need feedback since you don’t what are your customers expect or whether the system satisfies their requirements. However, a tradeoff is which techniques you have got to do in order to achieve good feedback from your customers and your system and how much cost it.

Related work

The project lives in a technology ecosystem, a set of technology units (software, services, hardware, …) interacting with each other, that serves as a common technical platform to choose the most convenient tools to verify and validate our project at time and cost-efficient.

Our stakeholders work in an industry that constrains our system and their engineering practices, i.e. our verification and validation tools. We consider the development process or methodology an engineering practice or specifically a software engineering practice.

Quality and security are really concerned about the “V&V” process because it gives some guarantee system is free from defects, satisfies implicit and explicit requirements, and has strong security features.

Examples are bootstrapping startups web-based that validate over the market, it verifies little and nothing. Another hand, a military system to manage submarine nuclear weapons by the Department of Defense has got to be verified and validated really stronger, and of course, with other tools and engineering practices [5].

How do you verify and validate systems?

It depends on your engineering practices, specifically your development process. The waterfall process checks at the end of the project so you might have a plan and do it [7] while the agile process checks software units after they are ready and big product companies check based on marketing decisions —roughly speaking, years of development with verification and after the first release daily validation—.

Because we want to be free of the development process and other circumstances, first off we present the techniques, strategies, and processes to check your system. After we use them to make up politics, guidelines, and plans by industry, development process, and software ecosystem.

Checking dimensions

When you check your software, you are defining what is subject under test (SUT) and what it checking approach is.

You must not reinvent the wheel, authors and industry define different dimensions for every checking process.


Since we're looking to isolate errors or check what works, you constrain the checking process by deterministic and speed. When size grows, restrictions are relaxed, but of course, the probability of something going wrong increases too.

Small. The checking process must run in a single process (single thread), they can’t run a third-party program, sleep, perform I/O operations, or make any other blocking calls. When SUT relies on them, you must replace them with doubles.

Medium. It can span multiple processes, and threads, and can make blocking calls, including network calls locally but isn’t allowed external network calls.

Large. It removes the external network call restriction.


Unit. It verifies a narrow-scoped unit such as an individual class or method being developed.

Integration. It verifies the interaction between a small of components such as server and database.

System (e2e or functional tests). It verifies that the system meets requirements end to end.

Acceptance. It validates the system where users, customers, or other stakeholders determine whether to accept the system.

Manual Checking and Automatic Checking

Some checking processes can be automated written a code that checks if your SUT works. Is automatic testing worthy? Yes, but it has got to be higher than the tradeoff: the cost of writing this code.

Manual checking is sometimes inevitable even though we can minimize it. For example acceptance tests or debugging.


Static, dynamic, and passive checking

If you check your software when it is not running, then you are doing static checking involving a verification process [10]. In another hand, you are doing dynamic checking when the program is running involving a validation process too [10].

Passive checking means verifying without the system interaction, but with related artifacts such as logging.

The “box” approach

Boxes are really useful to understand systems. In the “V&V” process, if you know the SUT’s internal structure it is a white-box approach, if don’t know it, it is a black-box approach.

Normally, a black-box approach is a more realistic scenario than a white-box approach.


Since we must learn if we are doing good progress, checking strategies have objective artifacts.


Some “V&V” strategies need a specific schedule and resource allocation in order to deploy successfully or get good feedback from customers.


A simplified engineering team has developers, users, and decision-makers. Those people contribute in some way to the validation and verification process.

Typically, users and decision-makers don’t program but give feedback in issue form, gives approval for decision, or cancel the project. They check your project in a black box, manual, large, and acceptance dimensions.

Developers are checking their SUT with previously read dimensions, but depends on the project and how much effort is made to assure quality.

Some teams have software quality assurance people, DevOps process, or outsourcing testing people since they have special constraints or follow special engineering practices.

Logging and issue tracking

Since we need a source from bugs, features, and other tasks, we have got to operate issue tracking and logging.

Issue-tracking software prioritizes bugs and their conditions, features, customer issues, and processes while logging is the act of recording events in order to analyze potential pitfalls, and understand defects or security issues [9].

Generally speaking, issue-tracking software and logging are lowly dependent ecosystem tools.

By the way, the defect is a more accurate name than a bug, it is the most spread term in engineering fields.

Jira Tracking

Launch approval

The maximum checking process is the launch approval and release politics: who? when? why? how?

Managers or decision makers (usually outside of the code engineering team) choose what is releasing politics and who notify.

They review significant changes in order to comply with legal requirements, security, reliability, business, privacy requirements, and so forth.

Minor changes don’t need a consultant.


A successful deployment only would happen if the production environment is equal to other environments such as development or preproduction. “V&V” verifies the environment since teams and organizations don’t would like a lot someone saying “But It Works On My Machine”.

Another benefit the containers and virtual machines allow continuous integration and continuous deployment. Containers, Virtual Machines, and Package Managers.

Virtualization refers to the general concept the isolation as well a particular implementation.




Nix https://nixos.org/

"PlanetLab | PlanetLab." 17 Nov. 2020, planetlab.cs.princeton.edu/node/1.html.


Debugging is a manual verification process that finds bugs confirming system behavior under determined conditions whose size and scope vary.

The most rudimentary debugging process is using temporary standard output (print, cout, printf, …) to watch the values of variables at different sites on your code and remove them. However, it is an unproductive process or they can take you to mistakes in multiprogramming environments.

A specialized debugging tool such as gdb allows you a more convenient way to print out the software’s state and understand actual system behavior. It is a highly dependent ecosystem tool, if you work on the web a debugger is integrated into browsers if you work in low-level stuff gdb is the most common, and so on and so forth.

Web debugger in Firefox


Profiling is a manual verification process that measures empirical memory or time from software. Like a debugger, profiling is a highly dependent ecosystem tool too.

Though we know algorithm analysis, we can observe empirical software performance using a profiling tool. But remember to follow the principle: optimize only if you have a performance requirement.

Profiling in Firefox.

Software inspections, Peer-review, Pair testing

Software inspections, (Code) Peer-review, and Pair testing are processes of subjecting an author’s work to the scrutiny of others who are experts in the same field.

Changes are classified by size, generally speaking, are better smaller (1-30 lines) changes than bigger ones (≥300).

Code review on GNU/Linux kernel.

Verification and formal methods

We can verify our software with formal methods such as category theory, weakest precondition calculus, and so forth. The community develops languages in order to prove mathematics objects with different approaches, they are proof assistants, so they assist you to prove your SUT. Famous proof assistants are COQ, Lean, and Isabelle.

In theory, you can verify your software in whatever interactive theorem prover you want, but some clever people develop special languages such as C-Frama.

Since writing proofs is hard, proof assistants make sense when safety matters and your project doesn’t change requirements in a short time. A killer dating app doesn’t want to, a nuclear central has to.

  requires \valid(a+(0..n-1));assigns  a[0..n-1];ensures
  \forall integer i;
    0 <= i < n ==> a[i] == 0;
void set_to_0(int* a, size_t n){
  size_t i;
    loop invariant 0 <= i <= n;
    loop invariant
    \forall integer j;
      0 <= j < i ==> a[j] == 0;
    loop assigns i, a[0..n-1];
    loop variant n-i;
  for(i = 0; i < n; ++i)
    a[i] = 0;

Testing tactics

Formal methods are hard, so software engineers developed automated testing where “catching bugs” is easier than debugger, adding new features, and refactoring software with confidence that any changes don't break production software.

The software industry assumes “testing” refers to automated testing, but not manual testing. Even though some techniques are applying both, it’s not a good idea to do manual testing since it doesn't allow reproducibility and doesn’t give you the same confidence levels.

Modern languages have their own testing frameworks and techniques. We’ll show you an example with a calculator in JavaScript and Jest


A trivial problem is making a calculator that divides numbers.

class Calculator  {
   result = 0
   divide(a,b) {
     result = a/b
     return result

Now, we test it with some representative test cases.

First, the happy path, when our software works with great arguments.

test_calculator_division_when_numbers_are_not_zero() {
   // setup
   const calculator = new Calculator();
   // execution
   const result = calculator.divide(5,5);
   // validation

First, the dark path, when our software works with bad arguments.

test_calculator_division_when_numbers_are_zero() {
   // setup
   const calculator = new Calculator();
   // execution
   const result = calculator.divide(5,0);
   // validation
   expect(result).toThrowError('Division by 0');


Previously, first, we were designing and after testing. Another way is reverse, test development driven. It allows you to do more advanced stuff such as acceptance test-driven development (ATTD) or behavior-driven development (BDD).

E2E Testing

E2E checks the whole software following the requirements.

On the web, e2e testing can be done by Selenium, Cucumber, or Cypress.

Alpha, beta testing

Alpha and beta testing are customer validation methodologies, so it means real users check immature software or get feedback from them without threatening your reputation.

They differ in the software version, amount of users, and goals.

A full reference is [12].

Security testing

Manual assessment.

Red Teams.

Vulnerability management.


Politics, guidelines, and plans

An organization or project chooses a methodology or process that usually definites how to check your software, in the way of politics, guidelines, and plans.

Roughly speaking, more effort means more benefits. So, the effort of maintaining the strategies, politics, and plans is proportional to the quality provided for them and the software's economical value.

The checking process

The team should document their engineering practices and tools in order to assure quality. If you can do automation checking, do it. It is better to show than tell.

Some “V&V” processes need user interaction, you must follow their good practices in order to get the best feedback and validate your software efficiently.


Deployment is a related area. How often we are checking the whole project in order to assure the project? What are their environmental conditions?

Concrete politics, guidelines, and plans

Concrete technology ecosystemStrategyComments
One developer web side-projectsHTML, CSS, JavaScript, Jest, Notion, Git, GitHubUnit testing and debugging. Manual releasing.Tests core features. Extra testing is worthless. In fact, success depends on developer skills rather than a quality process.
Consultant CRUD enterprise webHTML, CSS, JavaScript, Jest, Cypress, Notion, Git, GitHubUnit testing, integration testing, debugging. Automation releasing.Integration testing is worthy.
Military system to manage submarine nuclear weapons C, C++, Assembly, microcircuits, GTest, GitLab In-host, Frama-CMore strategies are the best. Each strategy is worthy. Success depends on a matrix of factors, quality is really important.


[1] 610.12-1990 - IEEE Standard Glossary of Software Engineering Terminology, IEEE, 1990, doi:10.1109/IEEESTD.1990.101064, ISBN 978-1-55937-067-7

[2] Henderson, Fergus. "Software engineering at Google." arXiv preprint arXiv:1702.01715 (2017).

[3] Winters, T., Manshreck, T., & Wright, H. (2020). Software engineering at google: Lessons learned from programming over time. O'Reilly Media.

[4] David G. Messerschmitt and Clemens Szyperski (2003). Software Ecosystem: Understanding an Indispensable Technology and Industry. Cambridge, MA, USA: MIT Press. ISBN 978-0-262-13432-3.

[5] Software Acquisition & Practices. (2018, October 02). Retrieved from https://innovation.defense.gov/software

[6] Sommerville, I. (2011). Software Engineering, 9/E. Pearson Education.

[7] Sommerville, I. (2007). Software Engineering, 8/E. Pearson Education.

[8] Art of Debugging with GDB, DDD, and Eclipse by Norman Matloff and Peter Jay Salzman.

[9] Gerhards, Rainer. The Syslog Protocol. doi:10.17487/RFC5424. RFC 5424.

[10] Oberkampf, W.L.; Roy, C.J. (2010). Verification and Validation in Scientific Computing. Cambridge University Press. pp. 154–5. ISBN 978-1-139-49176-1.

[11] Cem Kaner (2008), A Tutorial in Exploratory Testing (PDF)

[12] Vijay. (2022). What is Alpha Testing and Beta Testing: A Complete Guide. Software Testing Help. Retrieved from https://www.softwaretestinghelp.com/what-is-alpha-testing-beta-testing

Software testing





C ecosystem

JavaScript ecosystem


Art of Debugging with GDB, DDD, and Eclipse by Norman Matloff and Peter Jay Salzman.

Debugging with GDB: The GNU Source-Level Debugger by Richard Stallman, Roland Pesch, et ál.

Guide to Faster, Less Frustrating Debugging. (2002, April 04). Retrieved from https://heather.cs.ucdavis.edu/~matloff/UnixAndC/CLanguage/Debug.html

Debugging and Profiling. (2022, October 27). Retrieved from https://missing.csail.mit.edu/2020/debugging-profiling



How Google Tests Software by James Whittaker, Jason Arbon, Jeff Carollo.

How We Test Software at Microsoft by Alan Page, Ken Johnston, and Bj Rollison

Unit testing

Test doubles

Larger testing

Floyd–Hoare logic and loop invariance

Software analyzer.


Should I use stdin as a testing device, debugger device, or software verification?

stdin depends on your language but some are console.log, printf

Software deployment



Continous integration

Continous deployment

Github actions

Github pages

Software Support



On Call Principles and Protocols 6th Edición de Shane A. Marshall MD FRCPC (Author), John Ruedy MDCM FRCPC LLD (hon) DMED (hon) (Author)

Rights and Duties of Software

Software is an asset



Further readings

Gift of Fire, A: Social, Legal, and Ethical Issues for Computing Technology by Sara Baase, Timothy Henry.

Blueprint for an AI Bill of Rights - The White House. (2022, October 04). Retrieved from https://www.whitehouse.gov/ostp/ai-bill-of-rights

Legal aspects of computing


The business model, license model, and process development determine how you write contracts.

Lavesson, N., Boldt, M., Davidsson, P. et al. Learning to detect spyware using end user license agreements. Knowl Inf Syst 26, 285–307 (2011). https://libcon.rec.uabc.mx:4440/10.1007/s10115-009-0278-z

Wideman, Max. (2003). Progressive Acquisition and the RUP

Boehm, B.W. and Ross, R. 1989. Theory-W software project management principles and examples, IEEE Transactions on Software Engineering 15(7): 902-916.

Molina-Jimenez, C., Pruyne, J., van Moorsel, A. (2005). The Role of Agreements in IT Management Software. In: de Lemos, R., Gacek, C., Romanovsky, A. (eds) Architecting Dependable Systems III. Lecture Notes in Computer Science, vol 3549. Springer, Berlin, Heidelberg. https://libcon.rec.uabc.mx:4440/10.1007/11556169_2


Emam, K.E. Benchmarking Kappa: Interrater Agreement in Software Process Assessments. Empirical Software Engineering 4, 113–133 (1999). https://libcon.rec.uabc.mx:4440/10.1023/A:1009820201126

http://www.maxwideman.com/index.htm http://www.maxwideman.com/papers/acquisition/lifecycle.htm




Contract management



Software license agreement



México también apuesta por el software libre. Ley de Austeridad Republicana

Patents (intellectual property, Author Rights, copyright, copyleft)


Essential patent

Reasonable and non-discriminatory licensing —RAND and FRAND—



Open source

IP licensing

Open Data campaign






Industry standards



Software licenses

Free Software

Terms of service

Privacy Policy


Pirate Party


Going IT Alone: The Handbook for Freelance and Contract Software Developers by Leon Brown

The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople by David W. Tollen





Software engineering process. Software development process. Methodologies. Software development life cycle. Software development philosophies.

Software development process in companies.

“Dogfood” projects

Big tech companies as cases study


NASA as a case study

DoD projects as a case study

Linux and Git as a case study



Agile. Scrum+XP.


What software development methodology(ies) does Google use?
Answer (1 of 3): There's one viewpoint here. But I'd like to hear other perspectives. What is Google's software development process? Here's a response from someone at Google (Amanda), in the form of a comment on the blog post that the above link eventually points to. > I've worked on waterfal...










Worked examples


Further resources

Recruiting & HR

The business model makes different Recruiting & HR strategies.



Stock options

Remote work

International employees





Software engineering professional practice?

Doc templates. Examples.


Gestor de taller mecánico AgrimManager. Documentación

Aplicación Web de Gestión de Donaciones

RUP y Arquitecturas Ágiles




Project ideas


Tiny Python Projects: 21 small fun projects for Python beginners designed to build programming skill, teach new algorithms and techniques, and introduce software testing by Ken Youens-Clark

Classic Computer Science Problems in Python by David Kopec



20 Questions Game on Google Assistant, Telegram and Whatsapp



Model Domain


There is Nothing Outside of the Text. “On Grammatology” by Derrida.



Software management


User interaction

Since user interaction is something