Measuring and Managing Software Risk,
Security, and Technical Debt Wednesday, September 17, 2014
AGENDA | 8:00 – 9:00am | Registration | | | | | 9:00 - 9:15am | Welcome and Introductions to CISQ and ARiSE | | | Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ)
Herb Krasner, Principal Researcher, ARiSE, University of Texas View Presentation | | 9:15 - 10:15am | The State of Software Process and Quality in the State of Texas | | | Herb Krasner, Principal Researcher, ARiSE, University of Texas Mr. Krasner will describe his work with Texas state government to assess the maturity of their development practices and establish improvement programs. He will report on the quality and cost of ownership of the portfolio of applications in several state agencies and what is being done to manage and reduce it. View Presentation | | 10:30 - 11:30am | Technical Liability and Self-Insuring Software | | | Dr. Israel Gat, Director, Agile Product and Project Management Practice, Cutter Consortium
Dr. Murray Cantor, IBM Distinguished Engineer By shipping sofrware, an executive assumes the risk it will not cause a future event that creates significant liability. Thus, the organization is essentially self-insuring against future liabilities. A fair price of this insurance, the technical liability, reduces the economic value of the software. This talk discusses how to price this self-insurance, and use it in deciding to ship or to invest further in improving quality. View Presentation | | 11:30 - 12:00pm | The Global State of Software Structural Quality: Do Method and Source Matter? | | | Dr. Bill Curtis, SVP and Chief Scientist, CAST Software Dr. Curtis will discuss results from the structural analysis of 1316 software systems from 4 continents comprising 700 million lines of code, including the effects of technology, development method, industry sector, and sourcing and shoring choices on the quality factors of robustness, security, performance, and changeability. View Presentation | | 12:00 - 1:00pm | Lunch | | | | | 1:00 - 1:45pm | Measuring and Managing Technical Debt | | | Dr. Bill Curtis, SVP and Chief Scientist, CAST Software The various components of the technical debt metaphor will be defined and examples provided (principal, interest, liability, opportunity cost). An automated measure for estimating technical debt will be described along with empirical results from over 700 commercial applications. A process for managing technical debt will be presented along with several empirical case studies of successful cost reduction from controlling and removing technical debt-principal. View Presentation | | 1:45 - 2:30pm | New Findings on Measuring the Effectiveness and Quality of Agile Projects | | | Dr. William Nichols, Software Engineering Institute, Carnegie Mellon University This session will present new research being released by the Software Engineering Institute (SEI) on the measurement of agile projects. The featured results from the SEI will present conclusions from a study of transactional data collected from an Agile life-cycle management platform. Results will be contracted with data from Team Software Process (TSP) projects. Findings include observations on some difficulties and limitations in measuring agile projects and the consistency of agile practices. View Presentation | | 2:30 - 2:45pm | Break | | | | | 2:45 - 3:45pm | Advances in Measuring and Preventing Software Security Weaknesses | | | Robert Martin, Director, Common Weakness Enumeration Repository, Mitre Corp. Mr. Martin will describe the latest developments in the national cyber-security community to identify and measure security threat vectors and the weaknesses they exploit. He will describe the actions taken by this community to improve the state of software security and spread best security practices to the development community. View Presentation | | 3:45 - 4:00pm | Standards and Automated Software Measurement | | | Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ) Dr. Curtis will briefly describe the work of CISQ to supplement ISO standards with standards for automating the measurement of functional size and source code structural quality. Future work on standards for measuring technical debt and quality-adjusted productivity will be described. | Hosted in cooperation with The Center for Advanced Research in Software Engineering (ARiSE)
in the School of Engineering at the University of Texas (UT)  |
