The Aging IT Procurement Processes of the Pentagon

About 2 months ago a blog article was written for the NDIA, exposing the difficulties of buying new IT systems by the Defense Department. Pentagon acquisitions chief Frank Kendall was on the hot seat during an April 30th hearing. Senate Armed Services Committee Chairman Carl Levin, D-Mich., said that the track record for procurement has been “abysmal.” Sen. Claire McCaskill, D-Mo., angrily said “You’re terrible at it, just terrible at it.”   Yet the Pentagon requested $30.3 billion for unclassified IT programs in fiscal year 2015 (a drop of $1 billion, or 3.3 percent, from fiscal 2014). So what are the issues? Well, one of them points to the complex approval process. “I think we’re imposing too much burden on people and we’re micromanaging,” said Kendall. “We have a tendency in the department, I think, to try to force the business systems that we acquire to do things the way we’ve historically done business.” And there is little incentive to change.   David Ahearn, a partner at BluestoneLogic, wrote in … Continue reading

What Software Developers Can Learn From the Latest Car Recalls

By Sam Malek, CTO / Co-Founder of Transvive Inc., and CISQ Member   If you have been following the news these days, you probably heard about the recall of some General Motors cars because of an ignition switch issue. It is estimated to be 2.6 million cars (1) and will cost around $400 million (2), which is roughly $166 per vehicle. This price is significantly expensive for a 57 cent part that could have been easily replaced on the assembly line.   As we enter the third wave of the industrial revolution (Toffler), where information technology is starting to dominate major parts of everyday life, software is becoming a critical component of day-to-day activities: from the coffee machine that might be running a small piece of code to the control unit that governs vehicles, and everything else in between.    However, these days with the overflow of news about applications that have made millions – even billions – of dollars for their developers, the stories we hear about the development … Continue reading

A Compounded Comedy of Software Errors Underpin the Latest Healthcare Signup Glitch

Last week, an article from IEEE SPECTRUM outlined the latest set of issues related to the Obamacare Affordable Care Act (ACA): hundreds of thousands of California Medi-Cal health insurance applications can’t seem to get past the approval finish line and significantly delay the start of healthcare coverage for over 900,000 Californians.   Several issues are to blame for this, and continue a string of problems for this site since its go-live date back in October 2013:   The health insurance exchange website and infrastructure did not expect over 3.2 million residents to enroll for Medi-Cal health insurance coverage – more than 2.5 times the original estimate. The state-run Covered California exchange computer system was supposed to integrate with the 58 individual county social services computer systems by October 1, 2013, so that an applicant’s eligibility could be corroborated and the county managed care plan the applicant selected could be confirmed. However, this functionality wasn’t fully operational until January 21, 2014. Since the state is expected to take no longer than … Continue reading

Productivity Challenges in Outsourcing Contacts

By Sridevi Devathi, HCL Estimation Center of Excellence, and CISQ Member   In an ever competitive market, year-on-year productivity gains and output-based pricing models are standard ‘asks’ in most outsourcing engagements. Mature and accurate SIZING is the KEY in order to address the same!   It is essential that the below stated challenges are clearly understood and addressed in outsourcing contracts for successful implementation.   Challenge 1 – NATURE OF WORK All IT Services provided by IT vendors are NOT measurable using the ISO certified Functional Sizing Measures like IFPUG FP, NESMA FP or COSMIC FP (referred as Function Points hereafter). While pure Application development and Large Application enhancement projects are taken care of by Function Points, there are no industry standard SIZING methods for projects/work units that are purely technology driven, like the following: Pure technical projects like data migration, technical upgrades (e.g. VB version x.1 to VB version x.2) Performance fine tuning and other non-functional projects Small fixes in business logic, configuration to enable a business functionality Pure … Continue reading

CISQ Seminar – Software Quality in Federal Acquisitions

CISQ hosted its latest Seminar at the HYATT Reston Town Center in Reston, VA, USA. The topic for this installment was “Software Quality in Federal Acquisitions”, and included the following speakers:   David Herron, David Consulting Group Robert Martin, Project Lead, Common Weakness Enumeration, MITRE Corp. John Keane, Military Health Systems Dr. Bill Curtis, Director, CISQ John Weiler, CIO Interop. Clearinghouse Joe Jarzombek, Director for Software & Supply Chain Assurance, DHS Dr. William Nichols, Software Engineering Institute   Over 75 senior leaders from public and private sector organizations such as BSAF, MITRE, US Department of Defense, Northrop Grumman, NSA, Fannie Mae, US Army, and NIST were in attendance listening to presentations, engaging in discussions, and networking with peers.   Dr. Curtis began the day by discussing the recent changes in the regulatory environment at the Federal level, especially as they relate to software risk prevention. Kevin Jackson (IT-AAC) stressed how innovation cannot be adopted if it cannot be measured.   Mr. Herron introduced the uses of productivity analysis and Function … Continue reading

Open Source is Not Immune to Software Quality Problems

The Heartbleed Bug reinforces the need to monitor the quality of open source software   OpenSSL came under fire this past week through the now infamous Heartbleed bug.   This open source encryption software is used by over 500,000 websites, including Google, Facebook, and Yahoo to protect their customers’ valuable information. While generally a solid program, OpenSSL harbors a security vulnerability that allows hackers to access the memory of data servers and potentially steal a server’s digital keys that are used to encrypt communications, thus gaining access to an organization’s internal documents.   Technically-known as CVE-2014-0160, the Heartbleed bug allows hackers to access up to 64 kilobytes of memory during any one attack and provides the ability for repeat attacks. Faulty code within OpenSSL is responsible for the vulnerability and – as an open source project – it’s hard to pinpoint who is responsible much less scrutinize all the complex code created for the SSL project to find such a minute vulnerability.   While I’m definitely not knocking open-source projects … Continue reading

Software Quality beyond Application Boundaries

  The retail security crisis continues…   A recent Wall Street Journal article exposed potential issues with Bitcoin’s transaction network. This left Tokyo-based Mt. Gox exchange and Gavin Andresen, Chief Scientist at the Bitcoin Foundation, pointing fingers at each other.   So far the retail industry has felt the pain of sophisticated hackers stealing sensitive information:   Target Corp. – The latest news suggests that the breach started with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer Nieman Marcus – 1.1 million debit and credit cards used at its stores may have been compromised Michaels – investigating a possible security breach on its payment card network   According to a Business Insider article, smaller breaches on at least three other well-known U.S. retailers also took place during the U.S. holiday shopping season last year and were conducted using similar techniques as the one on Target. Those breaches have yet to come to light in the mainstream media.   Memory-scraping … Continue reading

Startups Need Software Quality Too

Last week Phil Libin, the CEO of Evernote, wrote an honest blog article titled “On Software Quality and Building a Better Evernote in 2014.” It was in response to an initial blog article by Jason Kinkaid which criticized Evernote for a decline in quality over the last few months. In the response, Lubin accepted the criticism well and publically vowed changes to their software in 2014. Lubin explained how, as a startup, the focus on growing fast had the unfortunate side effect of introducing more bugs and ultimately affecting quality and user experience. He discussed how constant improvement is key, trading the rush of releasing new product versions for more thorough testing, how software quality must be engrained in culture, and that quality improvements need to be shown rather than just discussed.   This story brings to light the importance of software quality, not just with updated tools for testing and measurement but to also empower the culture of an organization to always focus on software quality and customer experience. … Continue reading

Software Robustness and Resiliency in Capital Markets

CISQ hosted its latest Technology Executive Roundtable at the Marriott at Grand Central (NYC). The topic for this installment was “Software Robustness and Resiliency in Capital Markets”, and featured the following speakers: Corey Booth, Partner and Managing Director, Boston Consulting Group; Dr. Bill Curtis, Director, CISQ; JP Chauvet, Chief Architect of Equities, Credit Suisse. Over 25 senior leaders from organizations such as Bridgewater Associates, BNY Mellon, NYSE Euronext, Deutsche Bank, The Depository Trust & Clearing Corporation, and J.P.Morgan were in attendance listening to presentations, engaging in discussions, and networking with peers.   Dr. Curtis started off by discussing the recent changes in the regulatory environment at the Federal level, especially as they relate to software risk prevention. He covered some of the highlights of Regulation SCI, and the feedback provided to the SEC by CISQ. A link to the presentation can be found here.   Mr. Booth then talked about the tradeoffs between risk and development speed, and their implications on software quality frameworks and processes. He discussed the two … Continue reading

Software Startup Quality – High Quality Software Must Be Usable, Reliable, Secure and Available

  Building, maintaining, and enhancing high quality software is not a trivial exercise, yet it is critical to software-based startups. Entering the marketplace with a feature-laden but unstable, insecure, difficult to enhance, and poorly performing product ensures a fast track to startup failure.   Producing high quality software demands the convergence of engaged, quality-focused stakeholders, results-based incentive programs, and a developer culture of quality. It also includes finding the right technology partners, making best use of productivity enhancers like appropriate software development platforms and cloud-based services, and leveraging open standards, and open source assets. Miss any one of these and your software startup may turn out a software turn-off.   Avoid Startup Software Development Risks from Day One   It remains challenging for all organizations to consistently produce high quality software that meets potential customer’s needs, on time, and in budget. For the startup the challenges are greater, and so are the stakes.   Software quality starts with governance, or establishing sound development principles, policies, and decision rights. However, governance … Continue reading