NEWS AT SEI
This article was originally published in News at SEI on: June 1, 2003
The 15th Software Engineering Process Group (SEPG) Conference (SEPG 2003) was held in Boston on February 24-27, 2003. More than 1,550 people attended, from defense and civil agencies, defense and commercial industry, and academic institutions.
Nearly three-fourths of attendees rated the SEPG keynote presentations as good to excellent compared to keynotes they’d heard at similar conferences. In the keynotes:
- Tom Davenport, director of the Accenture Institute for Strategic Change and a well-known author on business process reengineering, knowledge management, and enterprise systems, presented “Six Ways to Make Knowledge Work Better.”
“Process shouldn’t cover everything,” Davenport said. “Leave less routine tasks unstructured to allow for creativity. Avoid over-engineering.”
- Allan Woods, vice chairman and chief information officer of Mellon Financial Corporation, spoke on “Execution.”
“Inertia is part of the natural law,” Woods said. “Execution challenges us to get out of the ruts, to challenge conventional wisdom.”
- Bill Hancock, vice president and chief security officer of Exodus, a cable and wireless service where he is responsible for global security for one of the world’s largest hosting companies and IP networks, presented “Security Issues and Programming Fears.”
“A lot of code out there—including nuclear reactor subsystems—hasn’t got a shred of security in it, because of limited resources,” Hancock said.
The keynote presentations and speaker biographies are available on the SEI Web site.
SEPG 2003 included increased numbers of presentations by users and adopters of Capability Maturity Model Integration (CMMI) models and Team Software Process (TSP) from the United States, Europe, and Asia, evidence of the growing impact of these SEI technologies in the global community of software engineers. On display in the exhibit hall was a new book in the SEI Series in Software Engineering, CMMI: Guidelines for Process Integration and Product Improvement, written by SEI staff members Mary Beth Chrissis, Mike Konrad, and Sandy Shrum. The book, which generated much interest at the conference, is the definitive source for CMMI model information.
First SEPG News Conference
SEPG 2003 also featured a first-ever news conference, which focused on the relationship between security and software quality. The news conference began with a panel discussion led by SEI Director Steve Cross; Rich Pethia, director of the SEI’s Networked Systems Survivability Program; Watts Humphrey, SEI fellow and creator of TSP; and Carol Grojean, a senior program manager with Microsoft. Articles resulting from the news conference have appeared in eWeek, Application Development Trends, and CIO Magazine.
Pethia described the seriousness of the software quality problem: there were 40,000 new reports of software vulnerabilities in 2002, and the same types of vulnerabilities are reported year after year. “It takes a half a man year for a system administrator just to read all the new vulnerability reports,” Pethia stated. “Applying patches for all of them is impossible. We need an order-of-magnitude decrease in security flaws in released software.” Achieving this, Humphrey explained, will require changing the practices of software engineers, a primary goal of TSP. He described how the TSP team is working with staff from the SEI’s Survivable Systems initiative to identify common security problems in software and then add practices to TSP that will help engineers avoid injecting such defects into the software they develop.
Grojean presented compelling data about the positive impact of TSP on cost, schedule, and quality for the project that she leads. For example, based on the projected reduction in the number of defects in the code, Grojean’s team expects a 94% reduction in the cost of post-production fixes. Grojean said her team’s use of TSP “gives management increased confidence in what we deliver, since our emphasis has been on quality from the beginning.”
The 16th SEPG Conference will be held on March 8-11, 2004, at the Marriott World Center in Orlando, Florida.
The CMMI Interpretive Guidance Project
Two of several birds-of-a-feather sessions at the conference gave CMMI practitioners the opportunity to contribute to the CMMI Interpretive Guidance project. This project was formed to collect information about how CMMI is being used by software, information technology, and information systems organizations. Based on the information gathered, guidance for CMMI model best practices will be developed to help these organizations adopt CMMI for their process improvement programs.