Research in TSP & PSP
TSP and the Integrated Software Acquisition Metrics (ISAM) Project
When it comes to meeting cost, schedule and performance objectives, program managers need
- accurate cost and schedule information
- proven practices for delivering quality software
- timely knowledge of possible risks
The ISAM project was initiated with the assumption the TSP can be the foundation that program managers need to answer questions like: Where are you in your program? How do you know for sure? ISAM is developing pilot studies to create an effective, common measurement framework for acquirers and developers based on TSP and PSP practices. Managers will be able to use data from TSP teams so that they can answer these questions with confidence.
Why TSP?
PSP and TSP provide the framework for ISAM because with TSP and PSP precise measures are normal engineering practice. TSP also provides the management and engineering training needed for rapid and effective use of these measures.
TSP for Secure Systems
The security of a software-intensive system is directly related to the quality of its software.
- Over 90% of software security incidents are caused by attackers exploiting known software defects.
- Analysis of 45 e-business applications showed that 70% of security defects were design defects.
- Experienced and capable software engineers inject, on average, one defect every nine lines of code.
- A one million line of code systems typically contains 1,000-5,000 defects when shipped.
TSP fosters good practices based on engineering principles. With TSP, software teams
- build detailed, accurate plans
- manage and track their commitments
- produce nearly defect-free software (<0.1 defects/KSLOC)
TSP for Secure Systems is an applied research effort to enhance TSP by incorporating processes for
- secure design
- secure implementation
- secure review and inspection
- secure testing
TSP for Secure Systems is a collaborative effort between the TSP program and the Networked Systems Survivability program at the SEI.