Balancing System and Software Qualities

advertisement
Balancing System and Software Qualities
Barry Boehm, USC
STC 2015 Tutorial
October 12, 2015
Fall 2015
1
Outline
• Critical nature of system qualities (SQs)
–
–
–
–
–
Or non-functional requirements (NFRs); ilities
Major source of project overruns, failures
Significant source of stakeholder value conflicts
Poorly defined, understood
Underemphasized in project management
• Foundations: An initial SQs ontology
– Nature of an ontology; choice of IDEF5 structure
– Stakeholder value-based, means-ends hierarchy
– Synergies and Conflicts matrix and expansions
• SQ Opportunity Trees
• Conclusions
Fall 2015
2
Importance of SQ Tradeoffs
Major source of DoD, other system overruns
• SQs have systemwide impact
– System elements generally just have local impact
• SQs often exhibit asymptotic behavior
– Watch out for the knee of the curve
• Best architecture is a discontinuous function of SQ level
– “Build it quickly, tune or fix it later” highly risky
– Large system example below
$100M
$50M
Required
Architecture:
Custom; many
cache processors
Original Cost
Original Spec
1
Fall 2015
Original
Architecture:
Modified
Client-Server
3
2
Response Time (sec)
After
Prototyping
4
5
3
Types of Decision Reviews
• Schedule-based commitment reviews (plan-driven)
– We’ll release the RFP on April 1 based on the schedule in the plan
– $70M overrun to produce overperforming system
• Event-based commitment reviews (artifact-driven)
– The design will be done in 15 months, so we’ll have the review then
– Responsive design found to be unaffordable 15 months later
• Evidence-based commitment reviews (risk-driven)
– Evidence: affordable COTS-based system can’t satisfy 1-second
requirement
• Custom solution roughly 3x more expensive
– Need to reconsider 1-second requirement
Fall 2015
4
Evidence-Based Decision Result
•
Attempt to validate 1-second response time
• Commercial system benchmarking and architecture
analysis: needs expensive custom solution
• Prototype: 4-second response time OK 90% of the time
• Negotiate response time ranges
• 2 seconds desirable
• 4 seconds acceptable with some 2-second special cases
• Benchmark commercial system add-ons to validate
their feasibility
• Present solution and feasibility evidence at evidencebased decision review
• Result: Acceptable solution with minimal delay
Fall 2015
5
Outline
• Critical nature of system qualities (SQs)
–
–
–
–
–
Or non-functional requirements (NFRs); ilities
Major source of project overruns, failures
Significant source of stakeholder value conflicts
Poorly defined, understood
Underemphasized in project management
• Foundations: An initial SQs ontology
– Nature of an ontology; choice of IDEF5 structure
– Stakeholder value-based, means-ends hierarchy
– Synergies and Conflicts matrix and expansions
• SQ Opportunity Trees
• Conclusions
Fall 2015
6
Example of SQ Value Conflicts: Security IPT
• Single-agent key distribution; single data copy
– Reliability: single points of failure
• Elaborate multilayer defense
– Performance: 50% overhead; real-time deadline problems
• Elaborate authentication
– Usability: delays, delegation problems; GUI complexity
• Everything at highest level
– Modifiability: overly complex changes, recertification
Fall 2015
7
Proliferation of Definitions: Resilience
• Wikipedia Resilience variants: Climate, Ecology, Energy Development,
Engineering and Construction, Network, Organizational, Psychological, Soil
• Ecology and Society Organization Resilience variants: Original-ecological,
Extended-ecological, Walker et al. list, Folke et al. list; Systemic-heuristic,
Operational, Sociological, Ecological-economic, Social-ecological system,
Metaphoric, Sustainabilty-related
• Variants in resilience outcomes
– Returning to original state; Restoring or improving original state;
Maintaining same relationships among state variables; Maintaining
desired services; Maintaining an acceptable level of service; Retaining
essentially the same function, structure, and feedbacks; Absorbing
disturbances; Coping with disturbances; Self-organizing; Learning and
adaptation; Creating lasting value
– Source of serious cross-discipline collaboration problems
Fall 2015
8
Example of Current Practice
• “The system shall have a Mean Time Between Failures of
10,000 hours”
• What is a “failure?”
– 10,000 hours on liveness
– But several dropped or garbled messages per hour?
• What is the operational context?
– Base operations? Field operations? Conflict operations?
• Most management practices focused on functions
– Requirements, design reviews; traceability matrices; work
breakdown structures; data item descriptions; earned value
management
• What are the effects of or on other SQs?
– Cost, schedule, performance, maintainability?
Fall 2015
9
Outline
• Critical nature of system qualities (SQs)
–
–
–
–
–
Or non-functional requirements (NFRs); ilities
Major source of project overruns, failures
Significant source of stakeholder value conflicts
Poorly defined, understood
Underemphasized in project management
• Foundations: An initial SQs ontology
– Nature of an ontology; choice of IDEF5 structure
– Stakeholder value-based, means-ends hierarchy
– Synergies and Conflicts matrix and expansions
• SQ Opportunity Trees
• Conclusions
Fall 2015
10
Need for SQs Ontology
• Oversimplified one-size-fits all definitions
– ISO/IEC 25010, Reliability: the degree to which a system ,
product, or component performs specified functions under
specified conditions for a specified period of time
– OK if specifications are precise, but increasingly “specified
conditions” are informal, sunny-day user stories.
• Satisfying just these will pass “ISO/IEC Reliability,” even if system
fails on rainy-day user stories
– Need to reflect that different stakeholders rely on different
capabilities (functions, performance, flexibility, etc.) at
different times and in different environments
• Proliferation of definitions, as with Resilience
• Weak understanding of inter-SQ relationships
– Security Synergies and Conflicts with other qualities
Fall 2015
11
Nature of an ontology; choice of IDEF5 structure
• An ontology for a collection of elements is a definition of
what it means to be a member of the collection
• For “system qualities,” this means that an SQ identifies an
aspect of “how well” the system performs
– The ontology also identifies the sources of variability in the
value of “how well” the system performs
• Functional requirements specify “what;” NFRs specify “how well”
• After investigating several ontology frameworks, the IDEF5
framework appeared to best address the nature and sources
of variability of system SQs
– Good fit so far
Fall 2015
12
Initial SERC SQs Ontology
• Modified version of IDEF5 ontology framework
– Classes, Subclasses, and Individuals
– Referents, States, Processes, and Relations
• Top classes cover stakeholder value propositions
– Mission Effectiveness, Resource Utilization, Dependability, Changeabiity
• Subclasses identify means for achieving higher-class ends
– Means-ends one-to-many for top classes
– Ideally mutually exclusive and exhaustive, but some exceptions
– Many-to-many for lower-level subclasses
• Referents, States, Processes, Relations cover SQ variation
•
•
•
•
Referents: Sources of variation by stakeholder value context:
States: Internal (beta-test); External (rural, temperate, sunny)
Processes: Operational scenarios (normal vs. crisis; experts vs. novices)
Relations: Impact of other SQs (security as above, synergies & conflicts)
Fall 2015
13
Example: Reliability Revisited
• Reliability is the probability that the system will deliver
stakeholder-satisfactory results for a given time period
(generally an hour), given specified ranges of:
– Stakeholder value propositions: desired and acceptable
ranges of liveness, accuracy, response time, speed,
capabilities, etc.
– System internal and external states: integration test,
acceptance test, field test, etc.; weather, terrain, DEFCON,
takeoff/flight/landing, etc.
– System internal and external processes: status checking
frequency; types of missions supported; workload volume,
interoperability with independently evolving external systems
– Effects via relations with other SQs: synergies improving other
SQs; conflicts degrading other SQs
Fall 2015
14
Set-Based SQs Definition Convergence
RPV Surveillance Example
Phase 1
Desired
Phase 2
Effective
ness
(pixels/
frame)
Phase 3
Acceptable
Accept
able
Desired
Efficiency (E.g., frames/second)
Phase 1. Rough ConOps, Rqts, Solution Understanding
Phase 2. Improved ConOps, Rqts, Solution Understanding
Phase 3. Good ConOps, Rqts, Solution Understanding
Fall 2015
15
Stakeholder value-based, means-ends hierarchy
• Mission operators and managers want improved Mission Effectiveness
– Involves Physical Capability, Cyber Capability, Human Usability, Speed, Accuracy,
Impact, Maneuverability, Scalability, Versatility, Interoperability
• Mission investors and system owners want Mission Cost-Effectiveness
– Involves Cost, Duration, Personnel, Scarce Quantities (capacity, weight, energy, …);
Manufacturability, Sustainability
• All want system Dependability: cost-effective defect-freedom, availability, and
safety and security for the communities that they serve
– Involves Reliability, Availability, Maintainability, Survivability, Safety, Security,
Robustness
• In an increasingly dynamic world, all want system Changeability: to be rapidly
and cost-effectively evolvable
– Involves Maintainability, Adaptability
Fall 2015
16
U. Virginia: Coq Formal Reasoning Structure
• Inductive Dependable (s: System): Prop :=
•
mk_dependability: Security s -> Safety s -> Reliability s ->
•
Maintainability s -> Availability s -> Survivability s ->
•
Robustness s -> Dependable s.
•
•
•
•
•
•
•
•
•
•
Example aSystemisDependable: Dependable aSystem.
apply mk_dependability.
exact (is_secure aSystem).
exact (is_safe aSystem).
exact (is_reliable aSystem).
exact (is_maintainable aSystem).
exact (is_avaliable aSystem).
exact (is_survivable aSystem).
exact (is_robust aSystem).
Qed.
Fall 2015
17
Maintainability Challenges and Responses
•
Maintainability supports both Dependability and Changeability
– Distinguish between Repairability and Modifiability
– Elaborate each via means-ends relationships
•
Multiple definitions of Changeability
– Distinguish between Product Quality and Quality in Use (ISO/IEC 25010)
– Provide mapping between Product Quality and Quality in Use viewpoints
•
Changeability can be both external and internal
– Distinguish between Maintainability and Adaptability
•
Many definitions of Resilience
– Define Resilience as a combination of Dependability and Changeability
•
Variability of Dependability and Changeability values
– Ontology addresses sources of variation
– Referents (stakeholder values), States, Processes, Relations with other SQs
•
Need to help stakeholders choose options, avoid pitfalls
– Qualipedia, Synergies and Conflicts, Opportunity Trees
Fall 2015
18
Product Quality View of Changeability
MIT Quality in Use View also valuable
• Changeability (PQ): Ability to become different product
– Swiss Army Knife, Brick Useful but not Changeable
• Changeability (Q in Use): Ability to accommodate changes in use
– Swiss Army Knife does not change as a product but is Changeable
– Brick is Changeable in Use (Can help build a wall or break a window?)
Changeability
Adaptability
Internal
• Self-Diagnosability
• Self-Modifiability
• Self-Testability
Subclass of
Means to End
Fall 2015
External
Maintainability
Modifiability
•
•
•
•
Understandability
Modularity
Scalability
Portability
Changes
Defects
Repairability
Testability
•
•
•
Diagnosability
Accessibility
Restorability
19
Dependability, Changeability, and Resilience
Resilience
Changeability
Dependability,
Availability
Reliability
Maintainability
Defect Freedom
Survivability
Fault Tolerance
Complete
Repairability
Modifiability
Testability
Test Plans, Coverage
Test Scenarios, Data
Test Drivers, Oracles
Test Software Qualitities
Partial
A
Robustness
Self-Repairability
Graceful
Degradation
Testability, Diagnosability, etc.
Fall 2015
Choices of
Security,
Safety
…
B
Means to End
A
B
C,D
Subclass of
20
Outline
• Critical nature of system qualities (SQs)
–
–
–
–
–
Or non-functional requirements; ilities
Major source of project overruns, failures
Significant source of stakeholder value conflicts
Poorly defined, understood
Underemphasized in project management
• Need for and nature of SQs ontology
– Nature of an ontology; choice of IDEF5 structure
– Stakeholder value-based, means-ends hierarchy
– Synergies and Conflicts matrix and expansions
• SQ Opportunity Trees
• Conclusions
Fall 2015
21
7x7 Synergies and Conflicts Matrix
• Mission Effectiveness expanded to 4 elements
– Physical Capability, Cyber Capability, Interoperability, Other
Mission Effectiveness (including Usability as Human Capability)
• Synergies and Conflicts among the 7 resulting elements
identified in 7x7 matrix
– Synergies above main diagonal, Conflicts below
• Work-in-progress tool will enable clicking on an entry and
obtaining details about the synergy or conflict
– Ideally quantitative; some examples next
• Still need synergies and conflicts within elements
– Example 3x3 Dependability subset provided
Fall 2015
22
Fall 2015
23
Software Development Cost vs. Reliability
1.4
1.3
Relative
Cost to
Develop
1.26
1.2
1.1
1.10
1.0
1.0
0.9
0.8
0.92
0.82
Very
Low
Low
Nominal
High
COCOMO II RELY Rating
MTBF (hours)
Fall 2015
1
10
300
10,000
Very
High
300,000
24
Software Ownership Cost vs. Reliability
1.4
VL = 2.55
L = 1.52
1.3
Relative
Cost to
Develop,
Maintain,
Own and
Operate
Operational-defect cost at Nominal dependability
= Software life cycle cost
1.26
1.2
1.23
1.20
1.1
1.0
1.10
1.10
1.05
1.07
1.11
Operational defect cost = 0
1.07
0.99
0.9
0.8
0.92
0.76
0.82
Very
Low
0.69
Low
Nominal
High
COCOMO II RELY Rating
MTBF (hours)
Fall 2015
70%
Maint.
1
10
300
10,000
Very
High
300,000
25
Affordability and Tradespace Framework
Staffing, Incentivizing, Teambuilding
Facilities, Support Services
Kaizen (continuous improvement)
Get the Best from People
Tools and Automation
Work and Oversight Streamlining
Collaboration Technology
Make Tasks More Efficient
Cost
Improvements
and Tradeoffs
Lean and Agile Methods
Eliminate Tasks
Task Automation
Model-Based Product Generation
Early Risk and Defect Elimination
Evidence-Based Decision Gates
Modularity Around Sources of Change
Incremental, Evolutionary Development
Value-Based, Agile Process Maturity
Eliminate Scrap, Rework
Risk-Based Prototyping
Simplify Products (KISS)
Value-Based Capability Prioritization
Satisficing vs. Optimizing Performance
Reuse Components
Domain Engineering and Architecture
Composable Components,Services, COTS
Legacy System Repurposing
Reduce Operations, Support Costs
Value- and Architecture-Based
Tradeoffs and Balancing
Fall 2015
Automate Operations Elements
Design for Maintainability, Evolvability
Streamline Supply Chain
Anticipate, Prepare for Change
26
Costing Insights: COCOMO II Productivity Ranges
Scale Factor Ranges: 10, 100, 1000 KSLOC
Development Flexibility (FLEX)
Staffing
Team Cohesion (TEAM)
Develop for Reuse (RUSE)
Teambuilding
Precedentedness (PREC)
Continuous
Improvement
Architecture and Risk Resolution (RESL)
Platform Experience (PEXP)
Data Base Size (DATA)
Required Development Schedule (SCED)
Language and Tools Experience (LTEX)
Process Maturity (PMAT)
Storage Constraint (STOR)
Use of Software Tools (TOOL)
Platform Volatility (PVOL)
Applications Experience (AEXP)
Multi-Site Development (SITE)
Documentation Match to Life Cycle Needs (DOCU)
Required Software Reliability (RELY)
Personnel Continuity (PCON)
Time Constraint (TIME)
Programmer Capability (PCAP)
Analyst Capability (ACAP)
Product Complexity (CPLX)
1
1.2
1.4
1.6
1.8
2
2.2
2.4
Productivity Range
Fall 2015
27
COSYSMO Sys Engr Cost Drivers
Teambuilding
Continuous
Improvement
Staffing
Fall 2015
28
Tradespace and Affordability Framework
Staffing, Incentivizing, Teambuilding
Facilities, Support Services
Kaizen (continuous improvement)
Get the Best from People
Tools and Automation
Work and Oversight Streamlining
Make Tasks More Efficient
Collaboration Technology
Affordability
Improvements
and Tradeoffs
Lean and Agile Methods
Eliminate Tasks
Task Automation
Model-Based Product Generation
Early Risk and Defect Elimination
Evidence-Based Decision Gates
Modularity Around Sources of Change
Incremental, Evolutionary Development
Value-Based, Agile Process Maturity
Eliminate Scrap, Rework
Risk-Based Prototyping
Simplify Products (KISS)
Value-Based Capability Prioritization
Satisficing vs. Optimizing Performance
Reuse Components
Domain Engineering and Architecture
Composable Components,Services, COTS
Legacy System Repurposing
Reduce Operations, Support Costs
Automate Operations Elements
Design for Maintainability, Evolvability
Streamline Supply Chain
Anticipate, Prepare for Change
Value- and Architecture-Based
Tradeoffs and Balancing
Fall 2015
29
COCOMO II-Based Tradeoff Analysis
Better, Cheaper, Faster: Pick Any Two?
9
(RELY, MTBF (hours))
8
(VL, 1)
Cost ($M)
7
(L, 10)
6
5
(N, 300)
4
(H, 10K)
3
•For 100-KSLOC set of features
•Can “pick all three” with 77-KSLOC set of features
2
(VH, 300K)
1
-- Cost/Schedule/RELY:
“pick any two” points
0
0
10
20
30
40
50
Development Time (Months)
Fall 2015
30
Value-Based Testing: Empirical Data and ROI
— LiGuo Huang, ISESE 2005
100
(a)
% of
Value
for
Correct
Customer
Billing
Bullock data
– Pareto distribution
80
60
Automated test
generation (ATG) tool
- all tests have equal value
40
20
5
10
15
Customer Type
(b)
Return On Investment (ROI)
2
1.5
1
0.5
0
0
10
20
30
40
50
60
70
80
90
100
-0.5
-1
-1.5
% Tests Run
Value-Neutral ATG Testing
Fall 2015
Value-Based Pareto Testing
31
Value-Neutral Defect Fixing Is Even Worse
Pareto 80-20 Business Value
100
Automated test
generation tool
- all tests have equal value
80
% of
Value
for
Correct
Customer
Billing
60
40
Value-neutral defect fixing:
Quickly reduce # of defects
20
5
10
15
Customer Type
Fall 2015
32
Outline
• Foundations: An initial SQs ontology
– Nature of an ontology; choice of IDEF5 structure
– Stakeholder value-based, means-ends hierarchy
• Critical nature of system qualities (SQs)
–
–
–
–
–
Or non-functional requirements (NFRs); ilities
Major source of project overruns, failures
Significant source of stakeholder value conflicts
Poorly defined, understood
Underemphasized in project management
• SQ Opportunity Trees
• Conclusions
Fall 2015
33
Context: SERC SQ Initiative Elements
• SQ Tradespace and Affordability Project foundations
–
–
–
–
More precise SQ definitions and relationships
Stakeholder value-based, means-ends relationships
SQ strategy effects, synergies, conflicts, Opportunity Trees
USC, MIT, U. Virginia
• Next-generation system cost-schedule estimation models
– Software: COCOMO III
– Systems Engineering: COSYSMO 3.0
– USC, AFIT, GaTech, NPS
• Applied SQ methods, processes, and tools (MPTs)
– For concurrent cyber-physical-human systems
– Experimental MPT piloting, evolution, improvement
– Wayne State, AFIT, GaTech, MIT, NPS, Penn State, USC
Fall 2015
34
SQ Opportunity Trees
• Means-Ends relationships for major SQs
– Previously developed for cost and schedule reduction
– Revising an early version for Dependability
– Starting on Maintainability
• Accommodates SQ Synergies and Conflicts matrix
– Conflicts via “Address Potential Conflicts” entry
– Means to Ends constitute Synergies
• More promising organizational structure than matrix
Fall 2015
35
Schedule Reduction Opportunity Tree
Business process reengineering
Reusing assets
Applications generation
Schedule as independent variable
Eliminating Tasks
Work streamlining (80-20)
Tools and automation
Increasing parallelism
Reducing Time Per Task
Reducing Risks of Single-Point
Failures
Reducing failures
Reducing their effects
Early error elimination
Process anchor points
Improving process maturity
Collaboration technology
Reducing Backtracking
Minimizing task dependencies
Avoiding high fan-in, fan-out
Reducing task variance
Removing tasks from critical path
24x7 development
Nightly builds, testing
Weekend warriors
Activity Network Streamlining
Increasing Effective Workweek
Better People and Incentives
Transition to Learning Organization
36
Fall 2015
Reuse at HP’s Queensferry
Telecommunication Division
70
Time
to
Market
60
(months)
40
Non-reuse Project
Reuse project
50
30
20
10
0
86
87
88
89
Year
37
Fall 2015
90
91
92
Software Dependability Opportunity Tree
Decrease
Defect
Prob (Loss)
Decrease
Defect
Risk
Exposure
Defect Prevention
Defect Detection
and Removal
Value/Risk - Based
Defect Reduction
Decrease
Defect
Impact,
Size (Loss)
Graceful Degradation
CI Methods and Metrics
Continuous
Improvement
Process, Product, People
Technology
38
Fall 2015
Software Defect Prevention Opportunity Tree
Defect
Prevention
People
practices
Standards
Languages
Prototyping
Modeling & Simulation
Reuse
Root cause analysis
Fall 2015
IPT, JAD, WinWin,…
PSP, Cleanroom, Pair development,…
Manual execution, scenarios,...
Staffing for dependability
Rqts., Design, Code,…
Interfaces, traceability,…
Checklists
39
Defect Detection Opportunity Tree
Automated
Analysis
Completeness checking
Consistency checking
- Views, interfaces, behavior,
pre/post conditions
Traceability checking
Defect
Detection
and Repair
- Rqts.
- Design
- Development
Compliance checking
- Models, assertions, standards
Peer reviews, inspections
Reviewing
Architecture Review Boards
Pair development
Requirements & design
Structural
Testing
Operational profile
Usage (alpha, beta)
Regression
Value/Risk - based
Test automation
Fall 2015
40
Defect Impact Reduction Opportunity Tree
Business case analysis
Value/Risk Based Defect
Reduction
Decrease
Defect
Impact,
Size (Loss)
Pareto (80-20) analysis
V/R-based reviews
V/R-based testing
Cost/schedule/quality
as independent variable
Fault tolerance
Graceful
Degredation
Self-stabilizing SW
Reduced-capability models
Manual Backup
Rapid recovery
Fall 2015
41
Repairability Opportunity Tree
Anticipate Repairability Needs
Repair facility requirements
Repair-type trend analysis
Repair skills analysis
Repair personnel involvement
Address Potential Conflicts
Design/Develop for Repairability
Repair facility design, development
Replacement parts trend analysis
Replacement parts logistics development
Replacement accessibility deaign
Address Potential Conflicts
Smart system anomaly, trend analysis
Informative error messages
Multimedia diagnosis guides
Fault localization
Switchable spare components
Improve Repair Diagnosis
Address Potential Conflicts
Improve Repair, V&V Processes
Prioritize, Schedule Repairs, V&V
Repair compatibility analysis
Regression test capabilities
Address Potential Conflicts
42
Fall 2015
Modifiability Opportunity Tree
Anticipate Modifiability Needs
Evolution requirements
Trend analysis
Hotspot (change source) analysis
Modifier involvement
Address Potential Conflicts
Design/Develop for Modifiability
Modularize around hotspots
Service-orientation; loose coupling
Spare capacity
Domain-specific architecture in domain
Enable user programmability
Address Potential Conflicts
Prioritize, Schedule Modifications, V&V
Modification compatibility analysis
Regression test capabilities
Improve Modification, V&V
Address Potential Conflicts
43
Fall 2015
Hotspot Analysis: Projects A and B
- Change processing over 1 person-month = 152 person-hours
Category
Project A
Project B
Extra long messages
3404+626+443+328+244= 5045
Network failover
2050+470+360+160= 3040
Hardware-software interface
620+200=
820
Encryption algorithms
1629+513+289+232+166= 2832
1247+368= 1615
Subcontractor interface
1100+760+200= 2060
GUI revision
980+730+420+240+180 =2550
Data compression algorithm
External applications interface
COTS upgrades
910
770+330+200+160= 1460
540+380+190= 1110
Database restructure
741+302+221+197= 1461
690+480+310+210+170= 1860
Routing algorithms
494+198= 692
Diagnostic aids
360
Fall 2015
477+318+184= 979
44
TOTAL:
13620
13531
Product Line Engineering and
Management: NPS
Fall 2015
45
Outline
• Critical nature of system qualities (SQs)
–
–
–
–
–
Or non-functional requirements (NFRs); ilities
Major source of project overruns, failures
Significant source of stakeholder value conflicts
Poorly defined, understood
Underemphasized in project management
• Foundations: An initial SQs ontology
– Nature of an ontology; choice of IDEF5 structure
– Stakeholder value-based, means-ends hierarchy
– Synergies and Conflicts matrix and expansions
• SQ Opportunity Trees
• Conclusions
Fall 2015
46
Conclusions
• System qualities (SQs) are success-critical
– Major source of project overruns, failures
– Significant source of stakeholder value conflicts
– Poorly defined, understood
– Underemphasized in project management
• SQs ontology clarifies nature of system qualities
– Using value-based, means-ends hierarchy
– Identifies variation types: referents, states, processes, relations
– Relations enable SQ synergies and conflicts identification
Fall 2015
47
List of Acronyms
CD
CP
DCR
DoD
ECR
EV
FCR
FED
GAO
Fall 2015
Concept Development
Competitive Prototyping
Development Commitment
Review
Department of Defense
Exploration Commitment
Review
Expected Value
Foundations Commitment
Review
Feasibility Evidence
Description
Government Accounting
Office
©USC-CSSE
ICM
KPP
MBASE
OCR
RE
RUP
V&V
VB
VCR
Incremental Commitment
Model
Key Performance Parameter
Model-Based Architecting
and Software Engineering
Operations Commitment
Review
Risk Exposure
Rational Unified Process
Verification and Validation
Value of Bold approach
Valuation Commitment
Review
48
References
B. Boehm, J. Lane, S. Koolmanojwong, R. Turner, The Incremental Commitment
Spiral Model, Addison Wesley, 2014.
B. Boehm, “Anchoring the Software Process,” IEEE Software, July 1996.
B. Boehm, A.W. Brown, V. Basili, and R. Turner, “Spiral Acquisition of SoftwareIntensive Systems of Systems,” Cross Talk, May 2004, pp. 4-9.
B. Boehm and J. Lane, “Using the ICM to Integrate System Acquisition,
Systems Engineering, and Software Engineering,” CrossTalk, October 2007, pp.
4-9.
J. Maranzano et. al., “Architecture Reviews: Practice and Experience,” IEEE
Software, March/April 2005.
R. Pew and A. Mavor, Human-System Integration in the System Development
Process: A New Look, National Academy Press, 2007.
W. Royce, Software Project Management, Addison Wesley, 1998.
R. Valerdi, “The Constructive Systems Engineering Cost Model,” Ph.D.
dissertation, USC, August 2005.
CrossTalk articles: www.stsc.hill.af.mil/crosstalk
Fall 2015
49
Backup charts
Fall 2015
50
Fall 2015
51
Metrics Evaluation Criteria
•
•
•
•
•
•
Correlation with quality: How much does the metric relate with our notion of
software quality? It implies that nearly all programs with a similar value of the
metric will possess a similar level of quality. This is a subjective correlational
measure, based on our experience.I
Importance: How important is the metric and are low or high values preferable
when measuring them? The scales, in descending order of priority are: Extremely
Important, Important and Good to have
Feasibility of automated evaluation: Are things fully or partially automable and
what kinds of metrics are obtainable?
Ease of automated evaluation: In case of automation how easy is it to compute
the metric? Does it involve mammoth effort to set up or can it be plug-and-play or
does it need to be developed from scratch? Any OTS tools readily available?
Completeness of automated evaluation: Does the automation completely capture
the metric value or is it inconclusive, requiring manual intervention? Do we need
to verify things manually or can we directly rely on the metric reported by the
tool?
Units: What units/measures are we using to quantify the metric?
Fall 2015
53
Download