Safety measures will be added to software improvement model
- By Vandana Sinha
- Mar 27, 2003
Federal officials are working to attach new safety and security practices to existing models to boost agencies' software capabilities'an important goal, considering current international hostilities, a Defense Department executive said.
'Recent events point out more and more that safety and security are not only good things, but things we have to do,' said Joe Jarzombek, deputy director for software-intensive systems in the Defense Systems Directorate of the Office of the Under Secretary of Defense.
'It's integral to everything we do,' Jarzombek said yesterday at the Software Quality Forum 2003, sponsored by the Energy Department and National Nuclear Security Administration. 'Safety and security should be incorporated in the way we do business.'
Jarzombek's office is working with the Federal Aviation Administration's chief engineer for process improvement to develop best practices for safety and security, called the Integrity Assurance program area. The Army, Navy, NASA and Energy have joined the effort, and Jarzombek said federal agencies have asked companies to help as well.
The Integrity Assurance program will be included in version 2.0 of the FAA's integrated Capability Maturity Model and version 1.1 of the Capability Maturity Model Integration for systems and software engineering, developed by the Software Engineering Institute at Carnegie Mellon University.
Released about a year and a half ago, the original CMMI model was based on software standards that didn't formally incorporate or emphasize security, Jarzombek said. But after launching the effort last May, and putting out a call for review late last year on draft safety and security practices, a new steering committee is making Integrity Assurance a higher priority.
Jarzombek said the effort has received interest from two Defense organizations to pilot the Integrity Assurance program, a step targeted for this spring. A final technical note could be published as early as June on the new extension's integration into CMMI, including guidance on security and safety standards.
The addition has caused agencies to wonder whether they need to overhaul their CMMI strategy to include new safety and security measures. 'The answer is no,' Jarzombek said. 'Unless you're not already doing everything you need to be doing.'