Better Software Conference 2006 Conference Proceedings 




Get a Brochure





Master Schedule




To Exhibit


SQE Home

Other Conferences

Email Software Quality EngineeringRegister Now

Software Quality Engineering

Better Software Conference & EXPO 2006 Concurrent Sessions

Go To:  Wednesday  |  Thursday

View by Track

 Wednesday, June 28, 2006 11:30 AM
Managing Projects and Teams
There's Always Time for Pragmatic Project Planning
Robert Galen, RGCG, LLC

“Plan your work. Work your plan.” Or, “Plan? Plan? We don’t need no stinkin’ plan.” Which is the best approach for your software project? According to Robert Galen, neither is the right answer. Because software projects are expensive and challenging, you need a pragmatic project plan—one that is concise, targeted, useful, used, and adaptive. Beginning with a chartering process that leads to a high level project strategy, stakeholders determine the critical success factors and where to focus their planning activities. Robert describes the use of “Sticky Note Planning” workshops to develop and, more importantly, to maintain pragmatic plans as living documents. Learn from Robert what to monitor in your project, what milestones to set, and what the important drivers should be for adjusting the plan. Make planning one of the top contributors to the success of your project.

• What should—and should not—go into a pragmatic software project plan
• How to create and maintain a plan that actively guides the work
• Introduction to "Sticky Note Planning as a general purpose planning method
Plan-Driven Development
Introduction to the Capability Maturity Model® Integration (CMMI®)
Steven Lett, The David Consulting Group

Many organizations have achieved success in using the SEI Capability Maturity Model Integrated (CMMI®) as a framework for their process improvement program. Steven Lett describes the structure and contents of the CMMI®, including the continuous and staged versions of the model. He discusses each of the five maturity levels and their process areas, the specific and generic practices that exist within each process area, and the typical process documentation and work products required for each. Learn an effective approach that companies take in driving change across their software engineering organizations. Find out how the model is meant to be interpreted and take back examples of the successes that companies have experienced in using both CMMI® and the earlier Capability Maturity Model (CMM®).

Capability Maturity Model® and CMMI® are registered trademarks of Carnegie Mellon University.

• The benefits of Capability Maturity Model® Integration
• Process areas within each maturity level in the CMMI®
• A typical approach for implementing CMMI®-based process improvement
Agile Development
Risk Management on an Agile Project
Michele Sliger, Rally Software Development

Plan-driven software project management is very specific on how to identify and manage risks. When moving to Agile software development practices, what happens to all the risk management activities that project managers used to oversee? Contrary to what many expect, there are Agile risk management practices that reduce risk by providing opportunities for the team to identify, monitor, and control risk events. For each of the traditional risk management areas—identification, analysis, response planning, and monitoring and controlling—you will learn the corresponding Agile approach. In keeping with Agile's strengths, team involvement and collaboration are key inputs into the risk management process. Michele Sliger explains how and when to involve the team in identifying risks, analyzing the opportunities and threats, mitigating as appropriate, and monitoring these risks throughout the lifetime of the Agile project.

• The differences between risk management in traditional and Agile environments
• Typical risk management activities in an Agile project
• The project manager’s role in Agile risk management
Operational Security in Software Development
Carol Woody, Software Engineering Institute

Research conducted by CERT, the computer security incident response team based at the Software Engineering Institute (SEI), indicates that writing quality coding is not enough to ensure system security. Operating platforms, supported user devices, interface designs, linkages with legacy systems, source code management, data exchange protocols, and controls for authentication data among system modules all impact operational security. Incomplete security requirements and poorly planned implementations further contribute to security risk. Using both research and a follow-up case study, Carol Woody describes the things you can do in your development and test organizations to improve operational security. She introduces an analysis technique for evaluating operational risks within the development process and offers guidelines for clearly defining testable security requirements. Discover an approach to coordinate security risks among stakeholders to reduce and possibly eliminate high impact operational security failures.

• The attributes of good operational security
• Incorporate verifiable security requirements into software development
• Steps for a security risk analysis of your current and future systems
Quality Assurance
Unintended Consequences of a Capability Maturity Mismatch—Evidence from a Quality Audit
Michael Harris, David Consulting Group

In this presentation Michael Harris describes the findings of a quality assurance audit (PPQA) of the offshore outsourcing arm of a major U.S. software development company in late 2005. As the executive in charge of much of the development and as a member of the PPQA audit team, the Michael has a singular perspective on the expectations and the reality of the project. This presentation explores one particular aspect of the audit findings—the manifestations of the different CMMI® maturity levels of the onshore and offshore organizations. Take away suggestions for taking advantage of this mismatch situation instead of suffering from it.

• Review a quality assurance audit (PPQA)
• Explore the different CMMI® maturity levels of onshore and offshore organizations
• Take advantage of mismatched outsourcing situations
Special Topics
Sarbanes and Oxley: Your New Partners in Software Development
Elle Ringham, Fidelity National Financial

Determining whether legal and contractual issues apply to your development efforts isn't always simple. There may be some obvious factors: a well-regulated industry, service level agreements, or state or federal agency oversight. However, other factors may not be so obvious. The new Sarbanes-Oxley Act is largely legally untested, subjecting your company to unknown legal issues. You have an eCommerce site that stores credit card information. Your portal collects personal information. You produce proprietary software . . . and more. Does Sarbanes-Oxley apply to you? Covering legal, compliance, and audit throughout the development lifecycle, Elle Ringham discusses the right questions to ask and what to do with the answers. She provides guidelines for working with stakeholders, attorneys, and auditors. Take away audit templates, metrics to help you, and sample reports you may need to produce.

• Legal and compliance issues within software development and QA
• Questions to ask and what to do with the answers you get
• Report the results of compliance tests
 Wednesday, June 28, 2006 1:45 PM
Managing Projects and Teams
Mentoring for Rookie (and Experienced) Managers
Kevin Bodie, Pitney Bowes Inc

In the same way that every athlete needs a coach to help him develop and perfect their skills, software managers and technical leads need mentors to help them improve his leadership and management skills. Working with an effective coach should be part of every manager’s personal career development plan. With his proven track record of identifying and developing strong technical managers, Kevin Bodie discusses how to find and recruit personal mentors. He also explains how to become a great mentor yourself. Learn what you can expect from a mentor, what your mentor will expect from you, and practical techniques for mentoring and coaching others. Take away tools to build and keep leading-edge management skills and ways to assess the results of mentoring.

• Effective selection and recruiting of coaches and mentors
• Mentoring techniques that really work
• How to keep developing as a manager
Plan-Driven Development
Into the Crystal Ball—Emerging Trends in Plan-Driven Development
Carol Dekkers, Quality Plus Technologies Inc

Plan-driven development is challenged today by Agile methods, outsourcing trends, and a new emphasis on IT governance and program management. The days of straightforward software development projects are over as project managers must deal with delivery pressure from customers and the marketplace, teams distributed around the globe, and an increase in management and regulatory reporting. Using insight from her years of consulting, Carol Dekkers explores these challenges and recommends ways to adapt your practices. Learn how to realistically plan your future projects using benchmarking information such as ISBSG (International Software Benchmarking Standards Group) data together with knowledge about emerging trends. Take back a new appreciation of what constitutes “good enough” project planning today and learn to survive in this brave new world.

• Trends in IT development that are changing project management and planning requirements
• How the ISBSG benchmarking database can help with project planning
• The skills you need to survive and prosper
Agile Development
Fishing for Requirements in an Agile Project
Jennitta Andrea, Clearstream Consulting, Inc.

When you go fishing, you want to use the right lures, catch lots of fish, and avoid falling out of the boat. Developing requirements for an Agile project is similar—you need to use the right process, get the requirements you need with minimum effort, and introduce minimal risk and rework. Because every Agile project has different needs, goals, and constraints, a “one size fits all” requirements process does not work in every Agile project. In this interactive session, Jennitta Andrea shows you how to fine tune the requirements process based on a unique set of project characteristics. Learn to visualize the distinctive characteristics of a project to determine what work products to produce, how much detail to include, and which tools will provide a payback to the project.

• Strategies for shaping your Agile requirements process
• How much documentation you really need
• Ways to recognize and eliminate hidden waste
Building Secure Software with New Web Technologies
Ivan Krstic, Harvard University

The latest generation of Web technologies—AJAX, improved client-side scripting, support for extensive DOM manipulation in browsers, content syndication, Web service APIs, and simple interchange formats such as JSON—are all driving new, powerful Web applications. Based on his work on real world “Web 2.0” applications, Ivan Krstic discusses the security implications of these new technologies. Ivan describes specific attacks such as Web-based worms, XSS, CSRF, and HTTP response splitting and offers advice on mitigating security risks during the engineering process. Learn how standard security guidelines such as The Confidentiality-Integrity-Availability (CIA) model apply to the modern Web and about the role of cryptography and crypto-engineering in Web security. Take back concrete recommendations for security specifications during initial software design, guidelines for implementation, and security tracking requirements after deployment.

• New Web technologies that fuel new security threats
• The most successful security strategy for developers
• Harden software from attacks at each stage of development
Quality Assurance
When the Customer Does Not Know Best
John Scarborough, Aztec Software Inc

Failure to really understand business requirements, technical specifications, and schedule dependencies has embarrassed more than a few test teams. Before you assign the first test engineer to a project, sit down face-to-face with the customer and keep asking questions until you fully understand the scope of the system or application under test, how they will use it, and what success looks like through their eyes. A full needs analysis is the best preparation for designing a test strategy that will deliver exactly the data your customer needs to decide when they can ship or go live with their software. John Scarborough explores the critical areas of inquiry for conducting a needs analysis, using examples from projects he has worked on over the last five years. Learn to exercise deliberate, critical thinking while following a proven, systematic approach for conducting analyses.

• A systematic approach to performing a needs analysis from a testing perspective
• Templates and tips for conducting needs analysis interviews
• Documentation to support a needs analysis
Special Topics
Web Services Interface Design: Pitfalls and Proven Techniques
Dave Mount, J-Soup Software, Inc

Designing Web services is all about the interface. Although tools for Web services development have advanced to the point where exposing application functionality is simple, the ease of building Web services does not diminish the need for careful planning and a highly functional design. Dave Mount opens his presentation by spinning the cautionary tale of slapping together a Web services interface on a poorly structured application. This scenario serves as a reference point for a subsequent discussion of the pitfalls of a poorly designed interface. Dave illustrates techniques for correcting problems and improving the Web services interface. Looking at high profile Web services provided by Google, eBay, and, he shows how an external perspective that emphasizes consistency and conceptual clarity is key to Web services interface design.

• Web services designs that expose functionality while masking application messiness
• XML data types that improve data organization and maximize interoperability
• How to enforce security and avoid opening back doors to the underlying application
 Wednesday, June 28, 2006 3:00 PM
Managing Projects and Teams
Common Scheduling Mistakes and How to Avoid Them
Kenneth Katz, DST Output

A project schedule is an essential tool for planning the project, monitoring progress, managing the impact of changes to scope and requirements, and ultimately achieving customer satisfaction. Unfortunately, three common mistakes can make schedules useless—or worse, even destructive to the project: (1) using date constraints when dependencies should be used; (2) using dependencies when resource constraints should be used; and (3) poorly structured work breakdown structures. Using a sample project schedule that has these common scheduling mistakes, Kenneth Katz illustrates their impact through different scenarios for handling them. He shows how revising the schedules with the right practices will result in benefits to the project and the team. Learn how project schedules can become a positive force in your projects.

• Project schedules that easily accommodate scope and resource change
• Sequence project activities and manage project resources with good schedules
• How to organize project activities in a logical sequence
Plan-Driven Development
Software Production Line Automation
C Tyler, The Go To Group Inc

Traditional manufacturing employs extensive automation for maximum efficiency and reliability. Manufacturing organizations invest heavily in tooling and infrastructure to automate production lines and reap great cost savings. For certain software applications and technologies, the software development process can be optimized if it is thought of and run like a manufacturing process. With a focused tools group made up of architects, engineers, and technicians, you can build a software product line for your applications. Find out from Thomas Tyler what a software production line looks like and how it supports geographically distributed development teams with highly automated workflows. Learn to implement a concurrent development process with a flexible project management infrastructure that delivers more functionality per unit time.

• The tools and supporting infrastructure of a software production line
• How to construct a software production line that enables concurrent development
• The business case to justify investment in software production lines
Agile Development
Leadership—The Forgotten Element of Agile Development
Michael Portwood, Spectra Intelligent Marketing, Inc

We often hear about the difficulties and failures surrounding Agile methodologies. Articles describe everything from team and execution issues to the inadequacy of Agile methods on large projects and failures in large organizations. The root cause of these issues is often not a flaw in Agile methodologies but rather a lack of Agile leadership. A commonly held belief is that Agile teams are self-motivated and that leadership is almost evil. Quite the opposite is true. To succeed, Agile methodologies demand greater leadership skills at all levels. Learn from Michael Portwood about the differences between traditional and Agile leadership skills. Take away an Agile leadership model for team members, managers, and executives and proven techniques to foster and grow leadership skills development in your Agile organization.

• Why leadership and management are diametrically opposed
• The leadership skills needed by all Agile team members
• Ways to learn and practice leadership skills
Integrating Security into the Development Lifecycle
Ryan English, SPI Dynamics Inc

Software security is neither a development problem nor an IT operations problem. Rather, it is a paramount business problem requiring a multidisciplinary approach that minimizes organizational risk when delivering software products. By making a program-level commitment to security, IT organizations will be in the best position to defend their businesses from growing threats. Ryan English explores business management and the process components of defining, designing, instituting, and verifying secure development practices. He describes a broad set of principles that leading companies are adopting to improve the security of their software and outlines an application security program your company can implement. This approach requires a commitment to application security at all levels of management and offers the promise of a mature level of security without undue effect on the overall development process and delivery schedules.

• Standards, processes, tools, and educational needs for delivering secure systems
• Examples of clear, concise development standards for secure software
• How to create an Application Security Assurance Program (ASAP)
Quality Assurance
Essential Software Quality Planning
Tony Raymond, New Harbor Technical Management

An old—yet still true—saying is “You can’t test quality into a software product.” By planning for the quality expected in your software, your team and management will focus on the big picture—integrating development methods, the test processes, and the customer and product requirements within the framework of a quality assurance perspective. Starting with the key element of quality planning and its benefits, Tony Raymond explains how to derive quality objectives from requirements using a “just enough” balanced approach. He introduces methods to confirm that the development lifecycle processes are consistent with quality objectives and discusses the relationship of the quality plan to the test plan. Take back examples of quality planning and test planning templates to use in your next project.

• How to define “just enough” quality objectives
• Validate development process objectives, methods, controls, tools, and standards
• Tie together the development lifecycle, test process, and requirements
Special Topics
Building Traceable UML Models
Thomas Bullinger, ArchSynergy, Ltd.

While effective for modeling requirements, analysis, or design of a software system, UML diagrams are typically used in isolation or only for portions of a system. The resulting inconsistencies have the potential to create more confusion than clarity, negating the investment in the modeling process. Explore tips, tricks, and techniques to build a complete, traceable UML model for all aspects of a software application. Thomas Bullinger shares ways to gather behavioral requirements and map them into UML use cases. Learn to map use cases onto sequence or activity diagrams and extract them onto class diagrams. In a recursive process, each of the UML diagrams and associated descriptions is logically related to ensure a complete problem model and a consistent design solution.

• Create self-consistent UML models of requirements behavior and designs
• Manage change in UML models to reflect updates to requirements
• Use UML models to facilitate communications and learning

Better Software Conference & EXPO 2006 is a Software Quality Engineering Production

The Current Conference   |   |   Better Software magazine

Software Quality Engineering   •   330 Corporate Way, Suite 300   •   Orange Park, FL 32073

Phone: 904-278-0524   •   Toll Free: 800-423-8378   •   Fax: 904-278-4380   •   Email: [email protected]

© 2006 Software Quality Engineering. All rights reserved.