A Technical History of the SEI
ihQTwP
ihQTwP
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
e-estimation as a means to assess progress. Risk-reduction practices such as prototyping<br />
or modeling and simulation may lead, for example, to both reduced “cost to complete”<br />
and also narrowed variances (i.e., greater confidence that <strong>the</strong> estimates are accurate).<br />
c. Incentives and acquisition practices. How can acquisition practices be developed to<br />
build on advances in measurement and process models that feature a structuring <strong>of</strong> incentives<br />
that enables government and contractors to collaborate effectively in development<br />
<strong>of</strong> architectures and in iteration at scale?<br />
d. S<strong>of</strong>tware sustainment and modernization. The reality <strong>of</strong> many sustainment efforts is<br />
that <strong>the</strong>y are really supporting a continual evolution and modernization <strong>of</strong> systems.<br />
Planning for continuous evolution, for example in <strong>the</strong> form <strong>of</strong> identifying and separating<br />
dimensions <strong>of</strong> variability, is a necessary feature <strong>of</strong> architectural design. Continuous<br />
evolution, importantly, can also involve discontinuous change as infrastructures and<br />
subsystems evolve and new choices emerge.<br />
2. Evidence-Based S<strong>of</strong>tware Assurance and Certification. The goal <strong>of</strong> this second element <strong>of</strong><br />
vision is a dramatic reduction in <strong>the</strong> cost and difficulty <strong>of</strong> making assurance judgments related to<br />
quality and security attributes. Achieving this goal is particularly important as systems become<br />
more complex and evolve more rapidly. Current approaches for certification and accreditation are<br />
largely based on an after-<strong>the</strong>-fact evaluation <strong>of</strong> a snapshot <strong>of</strong> a system.<br />
While after-<strong>the</strong>-fact approaches are effective for certain well-defined categories <strong>of</strong> components<br />
and systems, <strong>the</strong>y tend to break down as systems increase in complexity, scale, and dynamism.<br />
They also tend to hinder ongoing evolution, rapid reconfiguration, dynamic loading <strong>of</strong> components,<br />
autonomy, and composition and interlinking <strong>of</strong> systems <strong>of</strong> systems. Put simply, <strong>the</strong>se established<br />
techniques do not scale up, and <strong>the</strong>y do not work well for <strong>the</strong> emerging s<strong>of</strong>tware framework-based<br />
systems now prevalent in commercial and infrastructural applications.<br />
The industry folklore has long asserted that quality-related activities, including security-related<br />
assurance, can consume half <strong>of</strong> total development costs for larger systems. For example, <strong>the</strong> IBM<br />
Systems Journal states that in a typical commercial development organization, “<strong>the</strong> cost <strong>of</strong> providing<br />
[<strong>the</strong> assurance that <strong>the</strong> program will perform satisfactorily in terms <strong>of</strong> its functional and nonfunctional<br />
specifications within <strong>the</strong> expected deployment environments] via appropriate debugging,<br />
testing, and verification activities can easily range from 50 to 75 percent <strong>of</strong> <strong>the</strong> total<br />
development cost.” [Hailpern 2002]. Additionally, after-<strong>the</strong>-fact evaluation practices can add a<br />
year or more to <strong>the</strong> elapsed time required to develop and deploy s<strong>of</strong>tware-reliant systems. Commercial<br />
systems, including products and s<strong>of</strong>tware as a service and cloud-based systems, tend to<br />
undergo a relatively rapid and continual evolution. For many <strong>of</strong> our DoD and infrastructural systems,<br />
we similarly need to support a continuous evolution.<br />
Some areas <strong>of</strong> particular technical emphasis include<br />
a. Architecture and composition principles. These enable separate evaluation <strong>of</strong> individual<br />
components, with <strong>the</strong> possibility <strong>of</strong> combining results to achieve aggregate assurance<br />
CMU/<strong>SEI</strong>-2016-SR-027 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 289<br />
Distribution Statement A: Approved for Public Release; Distribution is Unlimited.