Software Risk Management

By David Gelperin, CTO, ClearSpecs Enterprises   40-60% of larger projects fail. Fewer smaller projects fail. Therefore, do smaller projects.   It’s safer to do projects you have done successfully before, e.g., build another ecommerce website. Therefore, repeat successful projects.   If you must do something larger and unfamiliar, identify its hazards and how you plan to mitigate them.   Functions are the goals that customers care about and focus on. Developers are told to focus on customer value. Qualities like security, privacy, reliability, and robustness are goals that customers rarely think about.    Functions are easy. Qualities are hard. When system failures make the news, e.g., security breaches, it is rarely because of a functional failure. Qualities are commonly missing from software estimates and inadequately supported in operational software.    Quality may be free, but qualities need investment. Providing a quality is nothing like providing a function. Qualities are dangerous because they are unfamiliar and out of focus.   Current Agile development ignores qualities or treats them like functions. … Continue reading

The Other Requirements

By David Gelperin, CTO, ClearSpecs Enterprises   Bob, the developer, is excited. This is his first assignment with his new employer and he really wants to show them what he can do. They are asking him to develop a “make a hotel reservation” function and he is listening carefully to understand exactly what they want. He has done something similar, except for rental cars. He asks a few clarifying questions and feels fortunate that they asked him to do something he is familiar with.   He heads back to his office to develop an estimate and then tells Sue, his supervisor, that he is ready to begin work. When he meets with Sue, she asks if he has included the relevant “crosscutting requirements” in his estimates. Bob is not sure, because he doesn’t understand what she is asking.   She explains that understanding the domain function is important, but its associated crosscutting requirements need to be understood as well and factored into estimates. Crosscutting requirements constrain multiple domain functions or … Continue reading

Seeking Beta Sites for Quality-First Agile Development

By David Gelperin, CTO, ClearSpecs Enterprises   Seeking sites to refine and use a hybrid Agile process containing two phases. The second phase is “pure” Agile development and focuses on user functions. The first phase (Quality-First) identifies and manages quality goals such as reliability, understandability, or response time, which matter to your application.   Quality-First contains the following steps:   1. Identify relevant quality goals and their acceptable quality levels early (workshop).   Some quality goals are universal that are relevant to most applications. These include: reliability, response time, modularity, ease of use and learning, and all basic qualities (compliance, sufficiency, understandability, and verifiability).   The remaining (nonuniversal) quality goals are reviewed to identify those which matter to your application.   <A comprehensive quality model will be supplied to speed this step>   2. Refine quality goal information and identify “quality champions” among your team.   3. Create master lists of development restrictions including quality constraints and design, coding, and verification tactics derived from your quality goals.   Each quality … Continue reading

What is Quality?

By Bill Ferrarini, Senior Quality Assurance Analyst at SunGard Public Sector, and CISQ Member   Quality is more than just a word, it’s a passion of mine.   In 1974 I was fortunate enough to experience Quality Circles. It was definitely that moment, when you realize that you can make a difference. I got into the PC software development industry in the early days, at a time when the Industry was in need of a direction, an industry crying for standards and quality. The first decade of this emerging industry was extremely tumultuous, a young industry struggling with its identity, finding the players that would shape it into what it is today, a multi-billion dollar industry.   Somewhere along the journey, quality became important to companies who developed and published software. Providing software that was relatively ‘bug free’ took the industry by storm. In the early 1980s, companies, left and right, were adopting Best Practice guidelines like ISO 9000. An entire industry of management and training in the art of … Continue reading

CISQ Seminar Presentations Now Available: Measuring and Managing Software Risk, Security, and Technical Debt, September 17, 2014, Austin, TX

By Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ)   Hello Seminar Attendees and CISQ Members,   Last week we met in Austin, Texas for a CISQ Seminar: Measuring and Managing Software Risk, Security, and Technical Debt.    Presentations are posted to the CISQ website under “Event & Seminar Presentations.” Login with your CISQ username/password, or request a login here   The seminar was kicked off by Dr. Bill Curtis, CISQ Director, and Herb Krasner, Principal Researcher, ARiSE University of Texas. Are you looking to prove the ROI of software quality? Mr. Krasner’s presentation is exploding with helpful statistics. Dr. Israel Gat (Cutter) and Dr. Murray Cantor (IBM) went on to discuss the economics of technical liability and self-insuring software. Dr. William Nichols (SEI Carnegie Mellon) revealed results from studying the practices of agile teams. Robert Martin from MITRE, Director of the Common Weakness Enumeration (CWE), and lead on the CISQ security specification, talked about the latest advancements in fighting software security weaknesses.    Thank you for participating … Continue reading

Interesting Interview – The Internet of Things and the Honda Recall: An Interview with Anders Wallgren

By Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ)   In case you didn’t catch this interview with Anders Wallgren, CTO of Electric Cloud, I’m circulating it here. On August 8, 2014 Anders was interviewed by StickyMinds editor, Cameron Philipp-Edmonds about the recent Honda recall and lessons learned (and to be learned) as we develop the “internet of things.”   You can read or watch the interview here: http://www.stickyminds.com/interview/internet-things-and-honda-recall-interview-anders-wallgren   Software is pervasive. As Anders notes in the interview, even cars can contain two- to three- hundred million lines of code. (Wow!) “Today you’ve got lots of systems interacting in cars with each other, every car these days is basically a distributed network of computers that need to operate together,” he says. It won’t be long before cars are driving themselves.   Honda is recalling thousands of vehicles because of a pesky software bug that impacts acceleration. High profile quality issues like this are popping up more and more, and consumers are taking notice. Consumers have more avenues … Continue reading

So you want to implement Quality Assurance… or should it be Quality Control?

By Bill Ferrarini, Senior Quality Assurance Analyst at SunGard Public Sector, and CISQ Member   Most companies will use these terms interchangeably, but the truth is Quality Assurance is a preventative method while Quality Control is an Identifier.   Don’t go shooting the messenger on this one, I know that each and every one of us has a different point of view when it comes to quality. The truth of the matter is we all have the same goal, but defining how we get there is the difficult part.   Let’s take a look at the different definitions taken from ASQ.org.   Quality Assurance Quality Control The planned and systematic activities implemented in a quality system so that quality requirements for a product or service will be fulfilled. The observation techniques and activities used to fulfill requirements for quality. Quality Assurance is a failure prevention system that predicts almost everything about product safety, quality standards and legality that could possibly go wrong, and then takes steps to control and prevent flawed products or … Continue reading

Wall St. Journal Cyber Attack Highlights Need for Security

Last week a hacker known as “w0rm” attacked the Wall St. Journal website. W0rm is a hacker (or group of hackers) known to infiltrate news websites, post screenshots on Twitter as evidence, and solicit the sale of database information and credentials. Information stolen from the site would let someone “modify articles, add new content, insert malicious content in any page, add new users, delete users and so on,” said Andrew Komarov, chief executive of IntelCrawler, who brought the hack to the attention of the Journal.   See “WSJ Takes Some Computer Systems Offline After Cyber Intrusion.”   Security is a major issue that’s highlighted by the rising number of multi-million dollar computer outages and security breaches in the news today. The breach of the Wall St. Journal website was the result of a SQL injection into a vulnerable web graphics system. Since the 1990’s the IT community has been talking about SQL injections (which are relatively simple to prevent) yet input validation issues still represent the significant majority of web … Continue reading

The Aging IT Procurement Processes of the Pentagon

About 2 months ago a blog article was written for the NDIA, exposing the difficulties of buying new IT systems by the Defense Department. Pentagon acquisitions chief Frank Kendall was on the hot seat during an April 30th hearing. Senate Armed Services Committee Chairman Carl Levin, D-Mich., said that the track record for procurement has been “abysmal.” Sen. Claire McCaskill, D-Mo., angrily said “You’re terrible at it, just terrible at it.”   Yet the Pentagon requested $30.3 billion for unclassified IT programs in fiscal year 2015 (a drop of $1 billion, or 3.3 percent, from fiscal 2014). So what are the issues? Well, one of them points to the complex approval process. “I think we’re imposing too much burden on people and we’re micromanaging,” said Kendall. “We have a tendency in the department, I think, to try to force the business systems that we acquire to do things the way we’ve historically done business.” And there is little incentive to change.   David Ahearn, a partner at BluestoneLogic, wrote in … Continue reading

What Software Developers Can Learn From the Latest Car Recalls

By Sam Malek, CTO / Co-Founder of Transvive Inc., and CISQ Member   If you have been following the news these days, you probably heard about the recall of some General Motors cars because of an ignition switch issue. It is estimated to be 2.6 million cars (1) and will cost around $400 million (2), which is roughly $166 per vehicle. This price is significantly expensive for a 57 cent part that could have been easily replaced on the assembly line.   As we enter the third wave of the industrial revolution (Toffler), where information technology is starting to dominate major parts of everyday life, software is becoming a critical component of day-to-day activities: from the coffee machine that might be running a small piece of code to the control unit that governs vehicles, and everything else in between.    However, these days with the overflow of news about applications that have made millions – even billions – of dollars for their developers, the stories we hear about the development … Continue reading