Monthly Archives: June 2011

Recap: Delegates Discuss Global Excellence in Software and Security at SEPG Europe 2011

Dublin, Ireland, hosted the Carnegie Mellon Software Engineering Institute (SEI) and more than 150 delegates for SEPG Europe 2011 on June 7-9. Delegates from 27 countries around the world participated in three days of rich discussions regarding the present and future of Global Excellence in Software and Security.

The official conference activities began on Tuesday with tutorials that explored concepts like Test Maturity Model Integration, CMMI V1.3 and architecture, ROI in process improvement from a probabilistic perspective, and an empirical and experimental approach to software process improvement. SEI-Certified SCAMPI Lead Appraisers also had the opportunity to complete the required upgrade training for SCAMPI V1.3.

“With more than 50 technical sessions across nine tracks, the SEPG Europe 2011 program offered sessions that appealed to delegates who are relatively new to the field as well as seasoned professionals,” noted Patrick Kirwan, SEPG Europe 2011 technical program co-chair. “The program examined software from a holistic perspective by emphasizing not only process and performance improvement, but also architecture and software security. The well-rounded program gave delegates practical advice as well as inspirational vision to help them deliver solid customer results.”

SEPG Europe 2011 was not just about the technical program, but also quality networking. On Tuesday evening, the SEPG Europe 2011 exhibiting companies unveiled their displays and exchanged ideas and solutions with delegates at the exhibits opening reception.

Global Leaders Educate, Inform, and Inspire
The program on Wednesday opened with remarks from Paul Nielsen, director and CEO, SEI, who introduced keynote speakers James Over of the SEI and Martin Curley of Intel Labs Europe.

Over, a leader of the TSP initiative at the SEI, connected space flight, surgery, and baseball to software engineering to illustrate the notion that failure is not an option. He urged the delegates to realize that defects do not have to be an inherent, unavoidable property of software engineering.

Curley spoke about the IT Capability Maturity Framework (IT-CMF) and Innovation Value Institute (IVI), a consortium of more than 50 organizations that strives to help CIOs achieve increased, measurable value from IT. Curley lauded the SEI’s and CMMI’s wide-reaching impact and ability to reinvent, as CMMI’s legacy led to the development of the IT-CFM. He emphasized that assessments can be run efficiently and with low overhead through use of standardized tools and documents.

During the gala reception on Wednesday evening, SEPG Europe 2011 delegates had an opportunity to network in a more relaxed environment and earn a special certification that had nothing to do with maturity levels. This certification was issued by the Guinness Storehouse to any delegate who learned how to pour the perfect pint of Ireland’s signature beer.

Anita Carleton, director of the SEPM Program at the SEI, opened the Thursday program by introducing the keynote speakers. Alexander Springer of Robert Bosch GmbH talked about how the right habits and paradigms help to manage daily business challenges and interpret institutionalism. Using his experience as director of passive safety systems and experience with automotive airbag systems, Springer shared how after eight years of process work, Bosch made a habit of acting according to defined and stable processes. Springer advised the delegates that everything should be clearly stated, teams should have processes and stick to them, and integrity should be a higher priority than profit. He urged the delegates to make excellence not an act, but a habit.

The final keynote speaker, Bill Curtis of CAST, presented a quadrant for categorizing maturity models that illustrated the difference between organizationally-based and best practice-based models. Curtis summarized his view of successful process improvement by noting that winners have better people, but not all winners are champions. Therefore, while winners have better people, champions have better organized people. Curtis concluded with the notion that dynasties have better organizations, which is what well-designed maturity models achieve.

Celebrate ¡A Passion for Process! in June 2012

SEPG Europe 2011 technical program co-chairs Patrick Kirwan and Alan Willett unveiled the location of SEPG Europe 2012, inviting delegates to come to Madrid, Spain, in June 2012. With the theme ¡A Passion for Process!, the 17th annual SEPG Europe conference will give delegates the chance to experience and share the passion for process improvement in the capital city and the economic, social, and cultural engine of Spain.

SEPG Europe 2012: Coming to Madrid, Spain

SEPG Europe 2012 will be coming to Madrid, Spain in June 2012. Join us and share your Passion for Process.

SEPG Europe 2011 Technical Coordinator: Recapping the Week in Dublin

Following is a guest post by Michele Falce, technical program coordinator for the SEI.

This week in Dublin at SEPG Europe 2011 has been a fantastic experience. Dublin and its citizens have welcomed us with friendship and warmth, and there are very few who would say we haven’t been treated royally here at The Burlington Hotel. From sightseeing at the Kilmainham Gaol, Jameson’s Distillery, and the amazing Cliffs of Moher to shopping on Grafton Street and sampling the fish and chips at Sheehan’s Pub to taking in the Ragus Irish music and dance show at The Burlington, I’ve had a wonderful week so far!

I wanted to send a big thank you to all of the SEPG Europe presenters who are here this week for their professionalism, interest in transitioning their knowledge to the community, and their good nature. It has truly been a pleasure for me to make new acquaintances and renew old ones. Everyone has been timely in delivering their presentations, interested in their audiences’ questions, and ready to give their all to inform the conference delegates. We’ve also had a chance to see the future of software engineering in our seven student poster presenters, who have been busy explaining their research to the conference delegates who stop by their posters in the Exhibit Area. All of the posters are very interesting and I can see that a lot of work has gone into their efforts.

Overall, it’s been a lovely week, and I appreciate all of your great efforts to inform the community of current events in the software engineering community and help to make this conference such a great success. I hope to see everyone soon at SEPG Europe 2012 or another SEI event.

Cheers, Michele

Educating, Informing, and Inspiring: Wednesday Keynote Summary

Yesterday, delegates enjoyed two informative and inspiring keynote presentations. James Over, a leader of the TSP initiative at the SEI, connected space flight, surgery, and baseball to software engineering to illustrate the notion that failure is not an option. He urged the delegates to realize that defects do not have to be an inherent, unavoidable property of software engineering. We can help ensure quality by employing disciplined teams who are constantly measuring, managing, and learning.

Among his key takeaways, Over emphasized to “let the game come to you”–meaning, consider the facts and statistics, and don’t overreact in any given situation. Drawing on the wisdom of the late Watts Humphrey, Over closed his presentation with the following message:

Life rarely turns out the way we plan. While our carefully developed strategies may go down in flames, a new and more rewarding opportunity shows up in the ashes. The key is to keep an open mind and keep looking. In life, we all reach the same end, so we need to concentrate on the trip. Just as with a process, once you decide how you want to live, the rest will follow. Devote yourself to excellence, and you just might achieve it. That would be worth the trip.
-Watts Humphrey

Martin Curley of Intel Europe then took the stage and spoke about the IT Capability Maturity Framework (IT-CMF) and Innovation Value Institute (IVI), a consortium of more than 50 organizations that strives to help CIOs achieve increased, measurable value from IT. Curley told the story of the development of the IT-CFM and how this framework is helping executives in government and industry to deliver more value from IT. Curley lauded the SEI’s and CMMI’s wide-reaching impact and ability to reinvent, as CMMI’s legacy led to the development of the IT-CFM.

Curley summed it up best when he noted, “if you can’t measure it, you can’t manage it.” He emphasized that assessments can be run efficiently and with low overhead through use of standardized tools and documents. The ultimate goal of the IT-CFM and IVI’s efforts is close the gap between technology and IT management practices and increase the return on investment.

BEWARE! All defects are not mistakes!

The following blog entry is a guest post by Dawn Capelli of CERT. As a preview to her Thursday technical session, Dawn shares her thoughts on insider threat.

Since I was a software engineer prior to joining the CERT Program in the SEI in 2001, it is enjoyable for me to go back to my roots at SEPG. I am now Technical Manager of the CERT Insider Threat Center, and have been working on the insider threat problem for the past ten years of my life. It is interesting for me to be reminded, at the SEPG presentations, that programmers make mistakes every day. Even serious mistakes, resulting in disastrous consequences. You see, I read about these types of situations every day, but the cases I read about involve malicious employees, contractors, and trusted business partners who INTENTIONALLY inject defects into their code.

I analyze real life cases where developers exact revenge on their employer by planting malicious code that is set to execute after they are fired or quit their job. This code wipes out data, brings down systems, or severely damages the reputation of the organization.

I also review cases of developers who deliberately modify source code to enable them to override security controls so they can commit fraud. In fact, I had the opportunity to talk to a foreign investment trader who did just that – and covered up almost $700 million US for more than five years as a result. (He did serve over 6 years in prison for his crime).

Finally, we have collected many cases in which developers quit their job, taking their source code with them – to their new job with a competitor, to start their own business, or to give to a foreign government or organization.

The good news is that after collecting and analyzing almost 650 malicious insider threat cases for the past 10 years, we have developed interesting mitigation strategies for preventing, detecting, and responding to these types of crimes. (Please note that only a fraction of the 650 cases were developers).

I will give a short presentation on Thursday afternoon to describe some interesting case examples, as well as the patterns we have observed in these cases. Fortunately, these patterns can provide good indicators that you can recognize – if you’re watching, and if you know what to look for – so you can stop these crimes before they happen to you!

Hope to see you Thursday!

Dawn Cappelli

Forget Process; Focus on People

The following guest blog post has been authored by Peter Leeson, Q:PIT Ltd. Leeson shares his thoughts on why the focus should be on people, not necessarily process.

There are two reasons to do CMMI-style process improvements. The main reason should be to improve the quality of the products and services, however it appears that the most frequent reason is actually to get a maturity level, either for advertising purposes (or because a potential customer is demanding it), or under the misguided assumption that once they are level 3, they will produce quality products and services. The aim for a maturity level is short-term approach to a problem, which may be interesting from a commercial point of view, but will quickly lead to both disappointment from the customers and seriously impact the reputation of the model, which is seen as “not delivering as promised”. Somehow, we lost the understanding that the model is there to measure maturity rather than to mature an organization artificially.

The chase of a maturity level frequently leads to a checklist approach to “improvement”. This is sustained by the SCAMPI methodology’s recommendation that the team needs to focus on what is “reasonable” and not on the “goodness” of the artifacts. In fact, all the valuable information and recommendations that are found in the informative material of the model can be officially disregarded in order to just look at the minimum acceptable level. The result is that the pursuit of a maturity level leads to a loss of quality, and (worse) the creation of documents and products that do not have any value but are only there to please the lead appraiser.

If we want to actually achieve quality, we need to change our point of view and really focus on that which will produce the quality and accept that quality is not being created by the processes, and even less by the model used to measure them. Quality is being created, generated, produced by the people doing the work and the process is there only to support them. The model is there only to support the creation and control of the process, therefore is several levels removed from the creation of quality.

Over the past 35 years, Peter Leeson has worked in many organizations, teams, and groups and has found a common characteristic of every team that is both productive and creative. In his FP2 paper, he is pushing this concept of focusing on making sure that the people are able and eager to produce quality rather than quantity. The approach focuses on different levels of support required for team quality, and then compares this to three very different ways of measuring: the CMMI, Maslow’s hierarchy of needs and Dr. Deming’s 14 points of management.

The paper will be presented in session room A on Thursday afternoon just after the afternoon break at SEPG Europe 2011, and it will be made publicly available after the presentation. I know it is late in the day and you will want to be heading back to put into practice everything you have learned this week, but I believe this approach may change the way you view things.

SEPG Europe Social Events: Creating an Excellent Experience

While the engaging technical program is the heart of SEPG Europe, the networking opportunities provide a well-rounded, valuable conference experience.

Tuesday evening hosted the Exhibits Opening Reception where delegates networked with some of the industry’s top solutions-providers and the talented student poster presenters. The official unveiling of the Exhibit Area, drinks and hors d’oeuvres, and engaging conversations made for a fun and relaxed evening for all. If you missed the chance to hear from the industry’s up-and-coming professionals, you can still stop by and speak with the student poster presenters during the afternoon breaks today and Thursday. Be sure to visit our Flickr photostream to see photos of the Exhibits Opening Reception and other conference events.

Looking ahead to this evening, we hope that you will join us at the Guinness Storehouse for the Gala Reception. Learn to pull your own pint of Guinness, tour the facility, enjoy a delicious dinner, and socialize with your fellow delegates. Dress for the event is business casual or casual–feel free to come as you are.

Guests are also welcome to join in the fun. If you would like to bring a guest, you must purchase a guest badge at the Registration Desk at The Burlington Hotel or just outside the Arroll Suite at the Guinness Storehouse. A valid badge is required for admittance. Please refer to your conference addendum for details on the provided transportation and other details. We hope to see you there!

SEPG Europe 2011: Wednesday Overview

Wednesday marks the second day of SEPG Europe 2011 and the first day of general presentations on Global Excellence in Software and Security. Delegates who attended the tutorials on Tuesday explored the concept of Test Maturity Model Integration, CMMI V1.3 and architecture, ROI in process improvement from a probabilistic perspective, and an empirical and experimental approach to software process improvement. SEI-Certified SCAMPI Lead Appraisers also had the opportunity to complete the required upgrade training for SCAMPI V1.3.

Today’s program opens with remarks from Paul Nielsen, Director and CEO, Software Engineering Institute, who will introduce the first two keynote presenters in this year’s exciting line-up. The SEI’s Jim Over and Martin Curley of Intel Labs Europe aim to inform and inspire the SEPG Europe 2011 delegation in this morning’s keynote presentations.

Isabel Lopes Margarido Talks About Her SEPG Europe Experiences

Isabel Lopes Margarido of the Faculty of Engineering of the University of Porto has the unique experience of having served as a student poster presenter at SEPG Europe 2010 in Porto, Portugal, and now appearing on the Wednesday session line-up at this year’s conference. Margarido is presenting CMMI Practices: Evaluating the Quality of the Implementation at 16.00 on Wednesday, 8 June.

Video Welcome from Pat Kirwan, SEPG Europe 2011 Technical Program Co-Chair

SEPG Europe 2011 technical program co-chair Pat Kirwan welcomes delegates and shares his thoughts on how software architecture, security, and process improvement can help improve performance in your organization and address challenges in today’s challenging business environment.

Fáilte! Welcome to SEPG Europe 2011

Greetings from Dublin and SEPG Europe 2011! After several days to adjust to time changes, and the wonderful weather of Dublin last week, the dedicated staff of SEPG Europe 2011 and I are ready to welcome you to the 16th annual conference in Europe.

Like all major events, much of what takes place during an SEPG Conference Is behind the scenes, but just to let you know that since our arrival, the team has met with key Hotel Burlington staff to walk through every aspect of the three-day conference, sorted and unpacked more than two dozen boxes shipped from the SEI in Pittsburgh, assembled the official registration bags (with a big thank you to Tourism Ireland for providing us with bags this year), prepared local delivery of your conference program and all addendum materials, coordinated the set-up of the exhibit and registration areas, and kept an eye on the social media.

On behalf of all of my hard-working colleagues, I look forward to speaking with each and every one of you during our time together in Dublin!

Bob Rosenstein
Manager, Conferences, Events, and Trade Shows