Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Augmented Agile: Agile Behavior Meets Digital Engineering

101 views

Published on

Agile2019 presentation
David Norton, Executive Director, CISQ

The human aspect that has been at the heart of agile success since its inception may well be its Achilles heel when it comes to scaling, and dealing with complex mission-critical environments; indeed, this sentiment has been used by many agile detractors. However, this does not have to be the case and could be the catalyst for an enhanced form of agile that combines the best of agile values and behaviour with modern systems engineering practices.
Next-generation agile will have to leverage unprecedented levels of automation from inception to implementation, and beyond. Techniques such as Model-Based Systems Engineering (MBSE), and Continuous Quality will enable digital twins augmented with AI and IoT sensor feedback, allowing developers to work with increasing levels of complexity in a safe and secure way - without sacrificing agile principles.
This interactive session will focus on a number of interrelated topics to help delegates formulate a strategy for next-generation agile engineering practices, including the following:
Tackling the problem of quality at speed, agile at scale with the correct application of relevant guidelines and standards to form a solid foundation to build on.
Re-evaluating MBSE in the context of agile and digital twins to support complex business ecosystems from strategy to implementation.
Dealing with human factors in the engineering process as we increase automation - when do we augment and when do we remove human actor.

Learning Outcomes:
How to maximise automation within agile and the DevOps toolchain with a strategy that takes advantage of emerging standards and best practices.
How to combine human-centric approaches such as design thinking and hypothesis- driven development with AI and IoT to improve the customer experience and innovation.
How to increase velocity and reduce lead time without sacrificing quality or generating high levels of technical debt.
How engineering methods such as Model-Based Systems Engineering and Systems of Systems Engineering combined with agile can tackle complex business ecosystems.

Published in: Technology
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Augmented Agile: Agile Behavior Meets Digital Engineering

  1. 1. Augmented Agile Delivery - Agile Behaviour Meets Digital Engineering Dave Norton Consortium for Information & Software Quality
  2. 2. It’s a Complex World – And Not Getting Any Simpler
  3. 3. We Need Continuous Delivery Of Features To Stay Ahead http://giphy.com/gifs/KW3nydTAyPaU0
  4. 4. Learning to Play on a VUCA Pitch Volatility Uncertainty Complexity Ambiguity
  5. 5. Understand How The Modes Relate and Interact Stacey Model The Theory Bit - Models Of Complexity The Cynefin framework
  6. 6. Adjust Your Decisions Making Process To Fit The Situation “Decisions without actions are pointless. Actions without decisions are reckless.” ― John Boyd
  7. 7. ©2019 CISQ 7 So We Are Turning To Digital Engineering
  8. 8. ©2019 CISQ 8 Building Information Modelling With BIM (Building Information Modeling) technology, one or more accurate virtual models of a building are constructed digitally. They support design through its phases, allowing better analysis and control than manual processes. When completed, these computer-generated models contain precise geometry and data needed to support the construction, fabrication, and procurement activities through which the building is realized.”
  9. 9. ©2019 CISQ 9 USS Gerald R. Ford (CVN-78) First ship to be fully designed using 3D-Models. Has saved the Navy $4 Billion in ownership costs
  10. 10. ©2019 CISQ 10 Digital Dentistry “Direct digital impression technique was statistically more accurate, they showed significantly better inter-proximal contact”
  11. 11. Digital Twins
  12. 12. So Augmented Agile Is Agile Plus ….. ©2019 CISQ 12 MBSE AI/ML Enterprise Agile Digital Twins Cyber Physical Systems SoSE DevOps Trustworth iness Ethics Bots Standards Big Data Social Theory Self- Determinati on Theory
  13. 13. So Augmented Agile Is Agile Plus ….. ©2019 CISQ 13 MBSE AI/ML Enterprise Agile Digital Twins Cyber Physical Systems SoSE DevOps Trustworth iness Ethics Bots Standards Big Data Social Theory Self- Determinati on Theory
  14. 14. Re-evaluating MBSE in the context of agile and digital twins to support complex business ecosystems from strategy to implementation. Tackling the problem of quality at speed, agile at scale with the correct application of relevant guidelines and standards to form a solid foundation to build on. ©2019 CISQ 14
  15. 15. ©2019 CISQ 15 Myth - Agile and MBSE Don’t Mix
  16. 16. ©2019 CISQ 16 Traffic Flow Automotive (Various) Mobile Device (s) Payment Systems Ground Water Sensor Automatic Beer Stocking Enforcement Dementia Care TrackingParking Sensors
  17. 17. ©2019 CISQ 17 Traffic Flow Control Automotive (Various) Mobile Device (s) Payment Systems Ground Water Sensor Automatic Beer Stocking Enforcement Dementia Care Tracking
  18. 18. ©2019 CISQ 19 Real World Digital Cyber-Physical Instrument Collect
  19. 19. ©2019 CISQ 20 Real World Digital
  20. 20. Ontology
  21. 21. ©2019 CISQ 22 <<service>> Order <<service>> Customer getTodaysStockLevel confirmCustomer getEstShipDate validatePayment <<service>> Payment StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>StockUpDate Order Management Customer Order Line Items Address BillingShipping Account Payment Method Domain Model Preparing Cancelled Fulfilled Model of Real World, But Not The Real World Ontology as a philosophical discipline aims at developing a system of general categories, the relationships between them and the rules that govern them which together form a theory of reality. OMG • Instances or objects • Classes • Attributes • Relations • Function • Restrictions • Rules • Axioms
  22. 22. ©2019 CISQ 23 Traffic Flow Automotive (Various) Mobile Device (s) Payment Systems Ground Water Sensor Automatic Beer Stocking Enforcement Dementia Care TrackingParking Sensors
  23. 23. ©2019 CISQ 24 Local Council Automotive Manufactures Mobile Operators Banking Systems Environmental Agency Brewery Police Health TrustPrivate car park operator Apps Owners
  24. 24. ©2019 CISQ 25 < < s e r v i c e > > O r d e r <<s ervi ce> > Cust ome rgetTodaysStockLevel confirmCustomer getEstShipDate validatePay ment <<s ervi ce> > Pa ym ent Sto ckC hec k Inventory <<servi ce>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>Stoc kUp Date Order Management Customer Order Line Items Address BillingShipping Accou nt Pay me nt Met hod Domain Model Preparing Cancelled Fulfilled Digital Ecosystem < < s e r v i c e > > O r d e r < < s er vi c e > > C u st o m er getTodaysStockLevel confirmCustomer getEstShipDate validate Paymen t < < s e r v i c e > > P a y m e n t S t o c k C h e c k Inventory <<se rvice >> Stoc k <<Component>> Warehouse <<Service>> StockMan <<Component>>St oc kU pD at e Order Management Customer Order Line Items Address BillingShipping Acc ount P a y m e nt M et h o d Domain Model Preparing Cancelled Fulfilled < < s e r v i c e > > O r d e r < < s e r v i c e > > C u s t o m e r getTodaysStockLevel confirmCustomer getEstShipDate valid ateP aym ent < < s e r v i c e > > P a y m e n t S t o c k C h e c k Inventory < < s e r vi c e > > S t o c k <<Component>> Warehouse <<Service>> StockMan <<Component>>S t o c k U p D a t e Order Management Customer Order Line Items Address BillingShipping A c c o u n t P a y m e n t M e t h o d Domain Model Preparing Cancelled Fulfilled < < s e r v i c e > > O r d e r < < s e r v i c e > > C u s t o m e r getTodaysStockLevel confirmCustomer getEstShipDate va lid at eP ay m en t < < s e r v i c e > > P a y m e n t S t o c k C h e c k Inventory < < s e r v i c e > > S t o c k <<Component>> Warehouse <<Service>> StockMan <<Component>>S t o c k U p D a t e Order Management Customer Order Line Items Address BillingShipping A c c o u n t P a y m e n t M e t h o d Domain Model Preparing Cancelled Fulfilled A Digital Ecosystem Is A System of Systems Finance Health Retail Government
  25. 25. System of Systems – Net Centric Warfare – Where it all started 1 2 3 4 5 6
  26. 26. System of Systems – TeleHealthcare & TeleFitness Out Patient Mobile Device Telecommunication Network Healthcare ProviderCardiovascular Monitor Application Local Doctor Patient System Emergency Services
  27. 27. System of Systems – A Very Practical Example – Haiti Disaster Response OpenStreetMap Satellite Images 2000 Users GPS Aid Workers Event 12 H 24 H "Over just a few days, it saved me and my driver from getting lost twice, and the alternative would have been long delays. We are running fast trying to help people and your work makes it easier.“ Kjeld Jensen - Red Cross 1 2 3 4
  28. 28. ©2019 CISQ 29 MBSE Ontology Holt & Perry Devils in the Detail
  29. 29. ©2019 CISQ 30 <<service>> Order <<service>> Customer getTodaysStockLevel confirmCustomer getEstShipDate validatePayment <<service>> Payment StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>StockUpDate Order Management Customer Order Line Items Address BillingShipping Account Payment Method Domain Model Preparing Cancelled Fulfilled Physical World Digital World Ontology Reflects Realty Realty Drives the Ontology
  30. 30. The Manifesto for Agile Software Development 1.Customer satisfaction by early and continuous delivery of valuable software. 2.Welcome changing requirements, even in late development. 3.Deliver working software frequently (weeks rather than months) 4.Close, daily cooperation between business people and developers 5.Projects are built around motivated individuals, who should be trusted 6.Face-to-face conversation is the best form of communication (co-location) 7.Working software is the primary measure of progress 8.Sustainable development, able to maintain a constant pace 9.Continuous attention to technical excellence and good design 10.Simplicity—the art of maximizing the amount of work not done—is essential 11.Best architectures, requirements, and designs emerge from self-organizing teams 12.Regularly, the team reflects on how to become more effective, and adjusts accordingly
  31. 31. When dealing with complex mission critical systems in a system of systems environment (Smart city’s, open banking, healthcare) it not always possible to have daily cooperation and Face-to-face conversation with the key stakeholders. Not good, but reality of life
  32. 32. MBSE
  33. 33. ©2019 CISQ 34 Model Based Systems Engineering Methods PracticesDecisions Implementation Frameworks CPS SoS Social Abstraction Algorithms Risk Support Process Syntax Semantics Viewpoints Ontology Authoritative Collaboration Planning Analysis Maturity Models Engineering Operational
  34. 34. MBSE TOOLS PEOPLE TRAININGEFFORT Modeling is a nice to have We don’t have the time Its vendor hype Its too complex Always ends up in analysis paralyses Its too formal and we need to be agile We don’t have the cash Requires Process/Org Change $ $ $ $
  35. 35. “MBSE is the old way, agile is much faster”
  36. 36. ©2019 CISQ 37 Model It Tom Cut It Joe
  37. 37. ©2019 CISQ 38 VS Tom Joe
  38. 38. ©2019 CISQ 39 Model It Tom What will the performance be ? Cut It Joe We can run simulation against the model based on real data We can make an estimate from the design and architecture, then look at the MVP
  39. 39. ©2019 CISQ 40 Model It Tom What will happen if we change a component? Cut It Joe The model will show how the behavior and structure of the system will be impacted We can run a spike to look at the impact or even develop another MVP
  40. 40. ©2019 CISQ 41 Model It Tom How will we do threat analysis ? Cut It Joe We can red team and run threat model, and even use AI to look for new attack vectors. We can red team and review against the design and architecture, then verify the code.
  41. 41. ©2019 CISQ 42 Model It Tom What will be the total cost of ownership ? Cut It Joe We can assign operating effort and costs to the model then analyze the results. We can make assumption about the design and architecture, but will have to wait to the implementation to be sure.
  42. 42. ©2019 CISQ 43 It is not black and white. It depends on complexity and mission criticality
  43. 43. “MBSE Models are to generic, you still need to write a lot of code
  44. 44. ©2019 CISQ 45 General Development Concepts General Syntax and Semantics Standard Meta-Model General Graphical Notation LevelofAbstraction Business SolutionSpace HW&SW ProblemDomain Conceptual Gap MBSE Using General Purpose Languages All these models and we still get the requirements wrong, and I still have to write the hard code and tests. Automated Implementation Non-Automated
  45. 45. ©2019 CISQ 46 General Development Concepts General Syntax and Semantics Standard Meta-Model General Graphical Notation LevelofAbstraction Business SolutionSpace HW&SW ProblemDomain Conceptual Gap MBSE Using General Purpose Languages Automated Implementation Non-Automated “What if we add domain information, and add quality and testing needs”
  46. 46. ©2019 CISQ 47 1. Structure 2. Behavior 3. Requirements 4. Parametrics Analysis Models Requirements V&V Models Hardware Models Software Models System Model OMG SysML Narrowing the Conceptual Gap
  47. 47. ©2019 CISQ 48 UML Profile for BPMN Processes BPMNProfile™ UML Profile for Enterprise Distributed Object Computing EDOC™ UML Profile for MARTE MARTE UML Profile for NIEM NIEM-UML™ UML Profile for Modeling QoS and FT QFTP Software Radio Components SDRP™ UML Profile for System on a Chip SoCP™ UML Profile for Schedulability, Performance, & Time SPTP™ UML Profile for Telecommunication Services TelcoML™ SES Management TelcoML Extension TelcoML-SES™ UML Profile for ROSETTA UPR UML Testing Profile 2 UTP2 UML Profile for Voice-based Applications Example UML Profiles
  48. 48. ©2019 CISQ 49 <<service>> Order <<service>> Customer getTodaysStockLevel confirmCustomer getEstShipDate validatePayment <<service>> Payment StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>StockUpDate Order Management Customer Order Line Items Address BillingShipping Account Payment Method Domain Model Preparing Cancelled Fulfilled The Model is Marked up ready for transformation, Architect (Model element mapping ) Physical World System Model
  49. 49. ©2019 CISQ 50 Domain Ontology General & Domain Semantics General & Domain Graphical Notation Extended Meta-Model Conceptual Gap? MBSE Using General Purpose Languages MBSE Using Domain Specific Languages General Development Concepts General Syntax and Semantics Standard Meta-Model General Graphical Notation Automated Implementation LevelofAbstraction Business SolutionSpace HW&SW ProblemDomain Conceptual Gap Non-Automated Automated Implementation Non-Automated
  50. 50. ©2019 CISQ 51 Hi-Fidelity MBSE Models Have Greater Value and Utility
  51. 51. “MBSE Models require centralized modeling and BDUF. It is Waterfull”
  52. 52. ©2019 CISQ 53 Event Window Event: Order Notification Active Order [validOrder] OrderNotification Event: Line Item Picked (1 of 3) Preparing Order Exit: [if hold false] RaiseEvent - OrderPrepared LineItemPicked (1 of 3) LineItemPicked (2 of 3) Event: Line Item Picked (2 of 3) Event: Line Item Picked (3 of 3) Hold LineItemOutofStock Event: Line Item Restock LineItemRestock Event: Line Item Out Of Stock LineItemPicked (3 of 3) Dispatch Event: Order Prepared [BillingSuccessful] Event: Billing Successful Order Fulfilled Event: Order Delivered OrderDelivered Cancelled Invoicing Customer Invoice Paid Entry: RaiseEvent – Billing Successful [non Account] OrderPrepared PaymentReceived Payment Squad Warehousing Squad Event: Payment Received Ready to Ship OrderPreparedDispatch Squad
  53. 53. ©2019 CISQ 54 Warehousing Squad Payment Squad Dispatch Squad Event Bus Event Driven Architecture and Microservices Allow For Smaller Decoupled System Models API API API
  54. 54. ©2019 CISQ 55 System Models Can Be Developed Incrementally, Feature by Feature
  55. 55. “Models can not help when we are dealing with legacy systems”
  56. 56. ©2019 CISQ 57 WSDL Java/C# XML DB <asp:DataGrid id="DataGrid1" </asp:DataGrid> Scripts StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>> StockUpDate Order Management Legacy System Model Customer Order Line Items Address BillingShipping Account Payment Method Domain Model New System Model T T ERP AppsCRM T Legacy Applications Conceptual Model System Use Case System Use Case BuyerSupplier Send Order Take Order Send Order Error Receive Order Error Send Order Responce Recive Order Respone Dispatch Order EA Repository Architecture Viewpoints TechnicalInformation Implementation Logical Conceptual Business Model Repository
  57. 57. ©2019 CISQ 58 It is a myth Agile and MBSE don’t mix. Agile MBSE works, and is being used today.
  58. 58. ©2019 CISQ 59 Questions • Is the goal clear? • Level of urgency • Who is involved? • Complexity • Information source • Potential bias • Frequency • Data presentation • Later justification ISO/IEC 42010 1. Understand You Stakeholders, Their Concerns and Questions
  59. 59. 2. Treat Digital Twins and Agile MBSE as System of Systems (SoS) Governance Challenge. • Directed — The SoS is created and managed to fulfill specific purposes and the other systems are subordinated to the SoS. The component systems maintain an ability to operate independently; however, their design and operationalization are subordinated to the central SoS goal. • Acknowledged — The SoS has recognized and agreed objectives, joint governance mechanism and resources for the SoS implementation; however, the supporting systems retain their independent ownership, objectives, funding, and development and sustainment approaches. • Collaborative — The component systems interact more or less voluntarily to achieve agreed upon central purposes. The central players collectively decide how to provide value and desired outcomes. • Virtual — The SoS has no central governance authority or a centrally agreed upon purpose for the SoS. Large-scale behavior emerges — and may or may not be desirable.
  60. 60. Acknowledged, Collaborative & Virtual - BUT NOT Directed Factors beyond your influence Factors you you can influence Factors you control Digital business model exist in a complex environment. • Pace of new technically • More cyber-physical devices • Ambiguity on regulation • Uncertainty of API strategies • Less time to respond • Less control over the value stream. • Lower barriers to entry allow new entrants and fast followers.
  61. 61. ©2019 CISQ 62 3. Mesh the Models for Optimum Decision Making — Mind the Gap Real-Time Transformation Models Models "Meshed" Policy Strategy Capability Programs Services Operations Capability Analysis Behavior Structure Organization Process Information Model Need to Be Linked; a Change In One Triggers Changes In the Others
  62. 62. 4. Adopt Architecture Runway For Major Models — Just in Time, Not Just to Late Core Models Architecture Story's Backlog Components, Frameworks, Libraries, Adaptors) Features Architecture Model Epics and Story's Local Sub System Models Product Backlog
  63. 63. 4. Adopt Architecture Runway For Major Models — Just in Time, Not Just to Late SAFe has the concept of MBSE. You can use MBSE without a enterprise agile framework, but it is harder.
  64. 64. ©2019 CISQ 65 5. Informal and Unofficial Knowledge Is a Factor — Go See 現場 (Genba) Knowledge Type Definition Unofficial Policy Actions that are carried out because they have become part of the group psyche but not documented policy Shadow Process Unofficial processes or sub-processes that are enacted in place of the official process Informal (Shadow) Organization Chain of command or structure used when the formal structure is deficient or where there's a desire to circumvent it Filling In the Gaps Knowledge on areas not addressed formally or addressed at the wrong level of detail Driven by Innovation Knowledge or practices that have emerged and have yet to be formally captured
  65. 65. ©2019 CISQ 66 No Return To The Bad Old Days Waterfall Central Control
  66. 66. So Where Does All This Agile Systems Engineering Get Us ?
  67. 67. ©2019 CISQ 68 Rules Strategy Business Dashboards Fly-By-Wire
  68. 68. ©2019 CISQ 69 Organization Flight Envelope Business Dashboards WARNING UNSAFE MANEUVER
  69. 69. ©2019 CISQ 70 Sadly, Reality Is Often Different!!!
  70. 70. Re-evaluating MBSE in the context of agile and digital twins to support complex business ecosystems from strategy to implementation. Tackling the problem of quality at speed, agile at scale with the correct application of relevant guidelines and standards to form a solid foundation to build on. ©2019 CISQ 71
  71. 71. Drive for Velocity Everyone wants faster time to market, but few want to hear about the risks
  72. 72. Complex Toolchains •Production metrics, objects and feedback •Requirements •Business metrics •Update release metrics •Release plan, timing and business case •Security policy and requirement •Design of the software and configuration •Coding including code quality and performance •Software build and build performance •Release candidate •Acceptance testing •Regression testing •Security and vulnerability analysis •Performance •Configuration testing •Approval/preapprovals •Package configuration •Triggered releases •Release staging and holding •Infrastructure storage, database and network provisioning and configuring •Application provision and configuration. •Performance of IT infrastructure •End-user response and experience •Production metrics and statistics •Application monitoring
  73. 73. Increasing Technical Debt Software Quality Iceberg (Code Complete, Steve McConnell) Code complexity Maintainability Internal Coupling Functional Size Redundant code Testability External Coupling Operating Cost Maintenance Cost Reliability Performance Business Value
  74. 74. Greater Reliance on Suppliers Hope is not a strategy Quality Productivity Security Cost
  75. 75. The Nine-Digit Glitch Board of Directors CEO, COO, CFO Business VPs Corporate Auditors CIO Now affect Accountable for Governance Risk management Business Continuity Brand protection Customer experience Nine Digit Defects Cyber incidents see a 1087% increase year on year (RSM research).
  76. 76. Lets Learn From The Past As industry's mature they automate, from robots to fly-by-wire
  77. 77. Standards
  78. 78. Question – What's your favourite standard ?
  79. 79. We built this city, we built this city on rock an' roll We Need Standards We Can Implement
  80. 80. We Need Standards We Can Implement We built this city, we built this city on rock an' roll
  81. 81. ISO 25010 Software Quality Model • Functionality - "A set of attributes that bear on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs." • Reliability - "A set of attributes that bear on the capability of software to maintain its level of performance under stated conditions for a stated period of time.” • Usability - "A set of attributes that bear on the effort needed for use, and on the individual assessment of such use, by a stated or implied set of users." • Efficiency - "A set of attributes that bear on the relationship between the level of performance of the software and the amount of resources used, under stated conditions.” • Maintainability - "A set of attributes that bear on the effort needed to make specified modifications." • Portability - "A set of attributes that bear on the ability of software to be transferred from one environment to another."
  82. 82. ISO 25010 In Structural Code Analysis • OWASP Top 10 Vulnerabilities—most critical web application security risks – CWEs & CVEs • OWASP Application Security Verification Std v4.0 – 14 categories guide automated unit & integration tests – most all verification checks have corresponding CWEs • SANS/CWE Top 25 — most commonly encountered cyber weakness enumerators (CWEs), • CISQ Object Management Group (OMG) Automated Source Code Measures for technical debt & structural quality (Security, Reliability, Performance Efficiency & Maintainability) – all based on CWEs
  83. 83. CISQ Structural Quality Measures Example architectural and coding weaknesses included in the CISQ measures • SQL injection • Cross-site scripting • Buffer overflow • Empty exception block • Unreleased resources • Circular dependency • Expensive loop operation • Un-indexed data access • Unreleased memory • Excessive coupling • Dead code • Hard-coded literals CISQ Structural Quality Measures Security 22 weaknesses (Top 25 CWEs) Reliability 29 weaknesses Performance Efficiency 15 weaknesses Maintainability 20 weaknesses An international team of experts selected the weaknesses to include in CISQ measures based on the severity of their impact on operational problems or cost of ownership. Only weaknesses considered severe enough that they must be remediated were included in the CISQ measures. CISQ Structural Quality measures are currently being extended to embedded systems software.
  84. 84. CISQ/OMG Standards Process CISQ Executive Forums Automated Function Points Reliability Performance Efficiency Security Maintainability OMG Approved Standards ISO Fasttrack Deployment Workshops OMG
  85. 85. Sample RFP CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services… “PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for IT Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.” Working With Suppliers
  86. 86. Standards Are Only Effective If Implemented We have to deal with the risk link - people.
  87. 87. Focus on Culture and Behavior • Don’t expect everyone to like automation, some people just like doing it the hard way • Incentivize the behavior you want for the individual and team. • Have agreed metrics and KPI linked to automation. • Show results
  88. 88. Develop The Correct Skills Process Design Scripting Toolchain Integration Standards Definition
  89. 89. Obtain Commitment From The Team Product Backlog Risk Backlog [Requirements, Policy's, Definition of Done] Compliance Officer Team Product Owner Product Manager GRC Stores/Themes Compliance Strategy [Working software, documentation] Risk Log / Board Escalations GRC Questions Information “Radiator” Standards, Good Practice, Regulations
  90. 90. Certify The Environment, Don’t Assume Product Backlog Risk Backlog [Requirements, Policy's, Definition of Done] Complianc e Officer Team Product Owner Product Manager GRC Stores/Themes Compliance Strategy [Working software, documentation] Risk Log / Board Escalations GRC Questions Information “Radiator” Standards, Good Practice, Regulations Automated Environment Certified Tool Team Align
  91. 91. Have a virtual quality and security assistant ? ! ? Chatbot integrated into the toolchain
  92. 92. Gamify - Link Automation to Autonomy Autonomy Time of Deployments Intra-day allowed After hours and on weekends Frequency of Deployments No limits on changes per today Few changes per week Change Advisory Board CAB for information purposes only CAB for all changes Freeze Periods Only exceptional change freeze periods apply All freeze periods apply Continuous Integration Environments Quality Assurance Incident Management Release Management Coding Practices Team A Level of Automation Team B
  93. 93. Stay in Control of Quality With Agile Governance • Communities of Practice • Toolchain Consistency • Tools Register • Automation Best Practice
  94. 94. Link Automation to KPI, and Set Targets • Feature throughput • Lead-time/Cycle-time • IT Downtime • Business Downtime • Percentage of task automated • Refactoring rate and cost
  95. 95. Focus on Outcomes Business Outcomes Higher Productivity Grater Agility Improves Quality Reduces Risk
  96. 96. ©2019 CISQ 97 Thank You Any Questions ?

×