columns
Editor’s Note: Since June 1998, Watts Humphrey has taken readers of news@sei and its predecessor SEI Interactive on a process-improvement journey, step by step, in his column Watts New. The column has explored the problem of setting impossible dates for project completion (“Your Date or Mine?”), planning as a team using TSP (“Making Team Plans”), the importance of removing software defects (“Bugs or Defects?”), applying discipline to software development (“Doing Disciplined Work”), approaching managers about a process improvement effort (“Getting Management Support for Process Improvement”), and making a persuasive case for implementing it (“Making the Strategic Case for Process Improvement”). And now, after nearly 11 years, Watts is taking a well deserved retirement from writing the quarterly column. But you can still enjoy vintage Watts New columns, including all of the above topics, in the news@sei archives or in the Watts New Collection.
—Richard Lynch
Editor
news@sei
How Mexico is Doing It
This is the first of a new series of Watts New columns where I invite members of the SEI’s TSP team and others to write about the experiences of TSP users. In general, the audience for these columns is anyone who is interesting in improving the predictability, quality, and productivity of their software and systems work. Occasionally, the articles will be more narrowly focused, but I plan to alert the reader whenever this is the case.
While many of these articles may be co-written with users, this and some others will be written by the SEI staff members alone. In this article, Anita Carleton describes the very impressive efforts being made in Mexico to transform their software industry. Anita is a senior member of the SEI staff where she has worked for over 20 years on software process improvement, process measurement, and the TSP. She is the author of Measuring the Software Process: Statistical Process Control for Software Process Improvement, has a degree in applied mathematics from Carnegie Mellon University, and is a member of IEEE Computer Society and National Defense Industrial Association (NDIA).
The Value of High Maturity to the Customer
High maturity processes and their effects on performance have long been seen as valuable to organizations’ process improvement. This column moves beyond that notion to describe how process improvement in an organization can benefit the organization’s customers.
Building More Secure Software
Generally we think of security as an operational IT issue focused on defending our computers and networks from attackers and from security breaches; or we think of security as information security, concerned with protecting information in digital form. But what is software security, and how is it different from IT or information security?
In a nutshell, the objective of software security is to build better, defect-free software. Typically software has many defects, which tend to be the source of security vulnerabilities in our operational systems and networks. So another way to think about software security is developing software that is more able to resist attack. And in the face of an attack—a successful attack—it’s better able to tolerate the attack and recover from the attack as quickly as possible.
This column is based on a podcast recorded with Julia Allen and posted to CERT’s Podcast Series: Security for Business Leaders.
The Place of Architecture in a Crowdsourced Word
Yochai Benkler, in his book The Wealth of Networks, puts forth a provocative argument: that we are in the midst of a radical transformation in how we create our information environment. This change is at the heart of the open-source software (OSS) movement but OSS is only one example of how society is restructuring around new models of production and consumption of services. The aspect that is most startling, Benkler writes, “is the rise of effective, large-scale cooperative efforts—peer production of information, knowledge, and culture ... . We are beginning to see the expansion of this model not only to our core software platforms, but beyond them into every domain of information and cultural production.” The networked information environment has dramatically transformed the marketplace, creating new modes and opportunities for how we make and exchange information. “Crowdsourcing” is now used for creation in the arts, in basic research, and in retail business. So what is the place of architecture in a crowdsourced world? There are a number of characteristics of crowdsourced systems that challenge existing models of system development.
Requisite Agility
The ability of software-intensive systems or organizations to respond rapidly to changing demand is a key determining factor in their achieving business or mission objectives. Because of the primacy of achieving objectives to all organizations—in the U.S. Department of Defense (DoD), civilian government, and industry—understanding of the agility needed to respond to changing demand is a key challenge on the research agenda of the SEI Integration of Software Intensive Systems (ISIS) initiative. The ISIS team is developing the SoS Navigator, a growing set of modeling techniques that offer insights into the relationship between systems or organizational structure and agility.
Making SIMPLE Decisions about Software Product Lines
Some of the most frequently asked questions about software product lines involve whether there will be a cost benefit to using the product-line approach. So researchers from the SEI, Siemens, the Fraunhofer Institute for Experimental Software Engineering, and Clemson University collaborated on a model that can be used to predict software product line costs and benefits under a variety of real-world situations and that can be used easily by product line decision-makers who may not be skilled in intricate economic theories.
SIMPLE is the Structured Intuitive Model of Product Line Economics, a general-purpose business model that supports the estimation of the costs and benefits in a product line development organization. SIMPLE helps in decisions such as whether to use a product line strategy in a specific situation, the specific strategy to apply, and the appropriateness of acquiring or building specific assets.