Survey on Time-to-Fix Technical Debt

CISQ is working on a standard measure of Technical Debt. Technical debt is a measure of software cost, effort, and risk due to defects remaining in code at release. Like financial debt, technical debt incurs interest over time in the form of extra effort and cost to maintain the software. Technical debt also represents the level of risk exposed to business due to the increased cost of ownership.

 

Completing the measure requires estimates of the time required to fix software weaknesses included in the definition of Technical Debt.

 

Please take our Technical Debt Survey

 

The survey is a PDF form that is posted to the CISQ website. To take the survey:

  • Download the PDF form
  • Fill in your responses
  • Press the “send survey” button on the last page of the survey
  • Alternatively, you can save the PDF file to your desktop and email it directly to: coordinator@it-cisq.org

 

As a “thank you” for your time, we are giving away $20 Amazon Gift cards to the first 50 respondents.

 

To download the survey (PDF): http://it-cisq.org/technical-debt-remediation-survey/

 

Thank you for contributing to this initiative.

 

For any questions:

 

Tracie Berardi
Program Manager
Consortium for IT Software Quality (CISQ)
tracie.berardi@it-cisq.org
781-444-1132 x149

CISQ-em

 

CISQ Interviewed by SD Times – Dr. Bill Curtis (CISQ) and Dr. Richard Soley (OMG) Cited

Read About CISQ’s Mission, Standards Work, and Future Direction

 

Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ)

 

Rob Marvin published an article in the January issue of SD Times that details the work of the Consortium for IT Software Quality (CISQ). Rob interviewed Dr. Richard Soley, CEO of the Object Management Group (OMG) and Dr. Bill Curtis, Executive Director of CISQ.  The article sheds light on the state of software quality standards in the IT marketplace.

 

I can supplement what’s covered in the article for CISQ members.

 

CISQ was co-founded by the Object Management Group (OMG) and the Software Engineering Institute (SEI) at Carnegie Mellon University in 2009.

 

Says Richard Soley of OMG, “Both Paul Nielsen (CEO, Software Engineering Institute) and I were approached to try to solve the twin problems of software builders and buyers (the need for consistent, standardized quality metrics to compare providers and measure development team quality) and SI’s (the need for consistent, standardized quality metrics to lower the cost of providing quality numbers for delivered software). It was clear that while CMMI is important to understanding the software development process, it doesn’t provide feedback on the artifacts developed. Just as major manufacturers agree on specific processes with their supply chains, but also test parts as they enter the factory, software developers and acquirers should have consistent, standard metrics for software quality. It was natural for Paul and I to pull together the best people in the business to make that happen.”

 

Richard Soley reached out to Dr. Bill Curtis to take the reins at CISQ. Bill Curtis is well-known in software quality circles as he led the creation of the Capability Maturity Model (CMM) and People CMM while at the Software Engineering Institute. Bill has published 5 books, over 150 articles, and was elected a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) for his career contributions to software process improvement and measurement. He is currently SVP and Chief Scientist at CAST Software.

 

“Industry and government badly need automated, standardized metrics of software size and quality that are objective and computed directly from source code,” he says.

 

Bill Curtis organized CISQ working groups to start work on specifications. The Automated Function Point (AFP) specification was led by David Herron of the David Consulting Group and became an officially supported standard of the OMG in 2013. Currently, Software Quality Measures for Security, Reliability, Performance Efficiency, and Maintainability are undergoing standardization by the OMG.

 

The SD Times article in which Dr. Curtis and Dr. Soley are cited – CISQ aims to ensure industry wide software quality standards – is a summary of these specifications and their adoption. Please read.

 

A media reprint of the article has been posted to the members area of the CISQ website.  

 

You can also watch this video with Dr. Bill Curtis.

 

Later this year CISQ will start work on specs for Technical Debt and Quality-Adjusted Productivity.

 

How Do You Measure System Complexity?

By Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ)

 

Chris Kohlhepp proposed the Law of Tangental Complexity in an article he wrote on the complexity of large scale systems. He explains: To successful systems we add functionality, inter-dependencies, and layers of abstraction. Pressures exist to continue adding value. Over time systems become so complex that they eventually reach a “cognitive horizon,” i.e. a psychological limit on the ability of humans to understand the complexity of the system. We may add lateral breadth of functionality to the system (tangent to the cognitive horizon), but in time, control is lost and TECHNICAL DEBT ensues.

 

Cognitive Horizon

 Image credit: Chris Kohlhepp, Law of Tangental Complexity

 

As steps are taken to make the system manageable – refactoring, and perhaps the hiring of new staff – the system will again find itself nearing an even greater cognitive horizon. “Recruiting more exceptionally talented engineers who can cope with the cognitive horizon of the system proves less fruitful upon later iterations of this cycle,” the author writes. The law of diminishing returns kicks in. 

 

Mr. Kohlhepp discusses two traditional mitigation strategies – 1. Limit the complexity of the system, and, 2. Refactor the system into two or more subsystems to manage complexity on a smaller scale. One cannot change what one cannot measure.

 

At CISQ we agree with this concept. A large project is 10x more likely to fail (Standish Group, CHAOS Report 2013). At the September 2014 CISQ seminar in Austin, Texas, CISQ Director Bill Curtis stressed that over half of maintenance activities are spent first understanding the code. Losing control of the entirety of a system takes away from time spent being proactive versus reactive. 

 

How do you measure the complexity of a system over time? How do you identify when it’s time to be proactive and split applications? Have you considered applying IT quality metrics developed by CISQ to measure and automate reports on your applications?

 

We would like to hear your thoughts on this subject. Please comment below.

CISQ Seminar Presentations Now Available: Measuring and Managing Software Risk, Security, and Technical Debt, September 17, 2014, Austin, TX

By Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ)

 

Hello Seminar Attendees and CISQ Members,

 

Last week we met in Austin, Texas for a CISQ Seminar: Measuring and Managing Software Risk, Security, and Technical Debt. 

 

Presentations are posted to the CISQ website under “Event & Seminar Presentations.”
Login with your CISQ username/password, or request a login here

 

The seminar was kicked off by Dr. Bill Curtis, CISQ Director, and Herb Krasner, Principal Researcher, ARiSE University of Texas. Are you looking to prove the ROI of software quality? Mr. Krasner’s presentation is exploding with helpful statistics. Dr. Israel Gat (Cutter) and Dr. Murray Cantor (IBM) went on to discuss the economics of technical liability and self-insuring software. Dr. William Nichols (SEI Carnegie Mellon) revealed results from studying the practices of agile teams. Robert Martin from MITRE, Director of the Common Weakness Enumeration (CWE), and lead on the CISQ security specification, talked about the latest advancements in fighting software security weaknesses. 

 

Thank you for participating in this lively event! If you couldn’t make it to Austin, please feel free to view the presentations. Our next seminar will be in Reston, Virginia in late March 2015. 

 

CISQ aims to turn software quality into a measurable science. CISQ has developed quality measures for Security, Performance Efficiency, Reliability, and Maintainability that are going through the OMG standardization process now. You can view CISQ Quality Standard Version 2.1 on the CISQ site. We expect the measures to become official standards in early 2015.

 

Seminar on Measuring and Managing Software Risk, Security, and Technical Debt to Take Place in Austin, TX

Needham, MA – The Consortium for IT Software Quality (CISQ) is pleased to announce that it will be hosting the seminar, “Measuring and Managing Software Risk, Security, and Technical Debt” at the Sheraton at the Capitol in Austin, TX on Wednesday, September 17th. The event will be co-sponsored by The Center for Advanced Research in Software Engineering (ARiSE), University of Texas (UT).

 

The issue of software risk and security affects everyone. With talks such as “The State of Software Process and Quality in the State of Texas” from Herb Krasner, Principal Researcher, UT ARiSE; “The Global State of Software Structural Quality: Do Method and Source Matter?” by CISQ Director, Dr. Bill Curtis; “New Findings on Measuring the Effectiveness and Quality of Agile Projects,” by Dr. William Nichols, Software Engineering Institute (SEI) at Carnegie Mellon University, and an update on the latest developments in the national cyber-security community by Robert Martin, Director, Common Weakness Enumeration Repository, Mitre Corp, this master seminar will focus on the importance of good quality software in all domains.

 

The day will conclude with an explanation of the standardization work CISQ has been a part of for automating the measurement of functional size and source code structural quality. Future work on standards for measuring technical debt and quality-adjusted productivity will also be described.

 

“If you’re concerned about software security, technical debt, and other aspects of software quality, you need to come to this event,” said Bill Curtis, Director, CISQ. “We’re going to have thought leaders from The University of Texas, the Software Engineering Institute at Carnegie Mellon University, Cutter Consortium, IBM, and Mitre explain how your organization can avoid the pitfalls of software security weakness and the devastating cost and liability of technical debt.”

 

The registration fee for this event is $50. All interested parties are invited to attend. To view the full agenda and register, visit www.it-cisq.org/it-products-and-software-quality. To influence standards work for software quality, learn more about becoming a member of CISQ at www.it-cisq.org.

 

About CISQ

 

The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce a computable metrics standard for measuring software quality and size. Founded by the Object Management Group (OMG) and the Software Engineering Institute (SEI) at Carnegie Mellon, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by CAST, Huawei, and WIPRO. For more information, visit www.it-cisq.org.

 

###

CISQ Seminar: Measuring and Managing Software Risk, Security, and Technical Debt

Hosted By: Consortium for IT Software Quality (CISQ) in cooperation with the Center for Advanced Research in Software Engineering (ARiSE) at The University of Texas, IT Metrics & Productivity Institute (ITMPI), Object Management Group (OMG), and the Software Engineering Institute (SEI) at Carnegie Mellon University.

 

Join us for the next CISQ Seminar at the OMG Technical Meeting on Wednesday, September 17, 2014 at the Sheraton Austin Hotel at the Capitol (701 East 11th Street) in Austin, TX USA.

 

The rising number of multi-million dollar computer outages and security breaches has made software quality a boardroom topic because of the risk and cost of these embarrassing failures. The Measuring and Managing Software Risk, Security, and Technical Debt 1-day master seminar will feature Dr. Bill Curtis and other national experts to address the measurement and management of software risk, security, technical debt, and related areas of software quality. 

 

This seminar is intended for IT Executives, application managers, software measurement and improvement specialists, quality assurance professionals, and others interested in using automated software measures.

 

Registration is US $50. Registration is now closed.

 

CISQ members can access presentations under “Event & Seminar Presentations.”

 

“If you’re concerned about technical debt, software quality, and software security, you need to come to this event!” – Dr. Bill Curtis, Director, CISQ

 

 

 

 

PROGRAM AGENDA

 

  8:00 – 9:00 am

 

  Registration

 

 

  9:00 – 9:15 am

 

  Welcome and Introductions to CISQ and ARiSE

Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ)

Herb Krasner, Principal Researcher, ARiSE, University of Texas

 

  9:15 – 10:15 am

 

  The State of Software Process and Quality in the State of Texas

Herb Krasner, Principal Researcher, ARiSE, University of Texas
Mr. Krasner will describe his work with Texas state government to assess the maturity of their development practices and establish improvement programs. He will report on the quality and cost of ownership of the portfolio of applications in several state agencies and what is being done to manage and reduce it.

 

  10:30 – 11:30 am

 

  Technical Liability and Self-Insuring Software

Dr. Israel Gat, Director, Agile Product and Project Management Practice, Cutter Consortium
Dr. Murray Cantor, IBM Distinguished Engineer

By shipping software, an executive assumes the risk it will not cause a future event that creates significant liability. Thus, the organization is essentially self-insuring against future liabilities. A fair price of this insurance, the technical liability, reduces the economic value of the software. This talk discusses how to price this self-insurance, and use it in deciding to ship or to invest further in improving quality.

 

  11:30 am – 12:00 pm

 

  The Global State of Software Structural Quality: Do Method and Source Matter?

Dr. Bill Curtis, SVP and Chief Scientist, CAST Software

Dr. Curtis will discuss results from the structural analysis of 1316 software systems from 4 continents comprising 700 million lines of code, including the effects of technology, development method, industry sector, and sourcing and shoring choices on the quality factors of robustness, security, performance, and changeability.

 

  12:00 – 1:00 pm

 

  Lunch

 

 

  1:00 – 1:45 pm

 

  Measuring and Managing Technical Debt

Dr. Bill Curtis, SVP and Chief Scientist, CAST Software

The various components of the technical debt metaphor will be defined and examples provided (principal, interest, liability, opportunity cost). An automated measure for estimating technical debt will be described along with empirical results from over 700 commercial applications. A process for managing technical debt will be presented along with several empirical case studies of successful cost reduction from controlling and removing technical debt-principal.

 

  1:45 – 2:30 pm

 

  New Findings on Measuring the Effectiveness and Quality of Agile Projects

 Dr. William Nichols, Software Engineering Institute, Carnegie Mellon University

This session will present new research being released by the Software Engineering Institute (SEI) on the measurement of agile projects. The featured results from the SEI will present conclusions from a study of transactional data collected from an Agile life-cycle management platform. Results will be contracted with data from Team Software Process (TSP) projects. Findings include observations on some difficulties and limitations in measuring agile projects and the consistency of agile practices.

 

  2:30 – 2:45 pm

 

  Break

 

 

  2:45 – 2:45 pm

 

  Advances in Measuring and Preventing Software Security Weaknesses

Robert Martin, Director, Common Weakness Enumeration Repository, Mitre Corp.

Mr. Martin will describe the latest developments in the national cyber-security community to identify and measure security threat vectors and the weaknesses they exploit. He will describe the actions taken by this community to improve the state of software security and spread best security practices to the development community.

 

  3:45 – 4:00 pm

 

  Standards and Automated Software Measurement

Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ)

Dr. Curtis will briefly describe the work of CISQ to supplement ISO standards with standards for automating the measurement of functional size and source code structural quality. Future work on standards for measuring technical debt and quality-adjusted productivity will described.

 

Registration is now closed. 

 

 

Thank you to CISQ Partners

 

Advanced Research in Software Engineering (ARiSE)

The Center for Advanced Research in Software Engineering (ARiSE) was established to create cutting edge basic and domain-specific software engineering research. ARiSE integrates research in the Departments of Electrical & Computer Engineering, Computer Science, Civil Engineering, and the School of Information Sciences at The University of Texas at Austin. ARiSE produces significant advances in software engineering paradigms, methods, techniques and technologies, as well as empirically evaluates new concepts. http://arise.utexas.edu

ARiSE

 

IT Metrics & Productivity Institute (ITMPI)

The IT Metrics and Productivity Institute (ITMPI) has built the largest repository of online, on demand, mobile friendly, educational lectures anywhere in the world – specifically for IT and software professionals with an interest in metrics, quality, and process improvement. With 100s of expert presenters and hundreds of different topics, you will find everything they need – in one place – to meet all their continuing education needs. Your one year membership to the ITMPI is FREE with your CISQ-ARISE conference registration. That’s unlimited access for a period of one year— at no cost! Your coupon code for free membership will be included in your registration bag. Good luck and best wishes for your continued success! http://www.itmpi.org/

ITMPI