THE VIEW FROM INSIDE: Walter R. Houser

Applying CMM to federal Web efforts makes sense

Walter R. Houser

Carnegie Mellon University's Software Capability Maturity Model certification is becoming a new check box on federal information technology managers' evaluations. Unfortunately, the five-level CMM'developed by Carnegie Mellon's Software Engineering Institute'is unknown to far too many Web developers.

For a sophisticated network application, the lack of a rigorous software engineering methodology can be a distinct liability, as it can for the development of any business-grade application.

Web applications benefit from CMM like any other software engineering effort. Inconsistent systems engineering practices limit a group's ability to deliver information systems both free of bugs and conforming to predictable costs and schedules. By using a well-defined, repeatable process, you should be able to systematically improve software product delivery.

My agency is implementing a software process methodology called Gecko, from Advanced Management Technology Inc. of Arlington, Va. Developed by AMTI's Kevin Brett, Gecko is based in part on CMM and in part on the International Standards Organization 9000 quality model. Neither CMM nor ISO 9000 prescribes a specific methodology or process for software development. They do, however, let developers identify what features a methodology should possess and what degree of formality should exist in each lifecycle phase.

To accompany the new methodology, my agency has begun to implement development standards and better project management skills. The agency hopes to pass an audit of these processes by year's end.

Like many software development methodologies, Gecko has lifecycle phases:

•'Project planning

•'Concept definition

•'Software requirements definition

•'Software design

•'Software development

•'Testing

•'Delivery and installation.

Moving through the phases, the agency tracks progress in key process areas:

•'Requirements management

•'Software project planning

•'Software project tracking and oversight

•'Software quality assurance

•'Software configuration management.

Many of these process areas span several of the lifecycle phases. For example, requirements management begins during the early phases but becomes even more important in the later phases.

Unless you get a handle on your requirements, testing and delivery will never end; the project will collapse in a death spiral of creeping requirements and burgeoning change orders.

A mature process encourages multiple builds, each representing a subset of the system. Few requirements are clearly understood or agreed to at the outset. So you start with what is clearly understood and tease feedback out of the end users. As design and development proceeds, attention turns to analysis and definition of those less clear requirements'all before hard coding.

End users can ensure that the completed application meets expectations. Iterative builds let users see and share in the progress. Each iteration reveals problems. The sooner in the cycle this occurs, the less cost and rework will be required.

When the last build is completed, you are ready to test the system as an integrated whole.

The operation and installation plans require training and testing people in use and maintenance of the application. Hardware and software audits verify that the system configuration you certified in tests is the same configuration that has been installed and checked out in actual operation. Developers should review and approve operational readiness of the software, hardware and personnel before releasing the application for use.

Web developers need comprehensive software engineering practices to produce high-quality, timely applications. The methodology must be flexible so it can apply to database development, data warehousing and Web or client-server applications.

A solid software engineering methodology is essential to developers tackling critical Web applications. Unfortunately, this is often not the case in many agencies, judging from the reactions of many of my colleagues to the idea of CMM ratings.

This needs to change.

Walter R. Houser, who has more than two decades of experience in federal information management, is webmaster for a Cabinet agency. His personal Web page is at www.cpcug.org/user/houser.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above