César Pardo

Assessment methodology for software process improvement in small organizations

Context: Diagnosing processes in a small company requires process assessment practices which give qualitative and quantitative results; these should offer an overall view of the process capability. The purpose is to obtain relevant information about the running of processes, for use in their control and improvement. However, small organizations have some problems in running process assessment, due to their specific characteristics and limitations. Objective: This paper presents a methodology for assessing software processes which assist the activity of software process diagnosis in small organizations. There is an attempt to address issues such as the fact that: (i) process assessment is expensive and typically requires major company resources and (ii) many light assessment methods do not provide information that is detailed enough for diagnosing and improving processes. Method: To achieve all this, the METvalCOMPETISOFT assessment methodology was developed. This methodology: (i) incorporates the strategy of internal assessments known as rapid assessment, meaning that these assessments do not take up too much time or use an excessive quantity of resources, nor are they too rigorous and (ii) meets all the requirements described in the literature for an assessment proposal which is customized to the typical features of small companies. Results: This paper also describes the experience of the application of this methodology in eight small software organizations that took part in the COMPETISOFT project. The results obtained show that this approach allows us to obtain reliable information about the strengths and weaknesses of software processes, along with information to companies on opportunities for improvement. Conclusion: The assessment methodology proposed sets out the elements needed to assist with diagnosing the process in small organizations step-by-step while seeking to make its application economically feasible in terms of resources and time. From the initial application it may be seen that this assessment methodology can be useful, practical and suitable for diagnosing processes in this type of organizations.

Homogenization, comparison and integration: a harmonizing strategy for the unification of multi-models in the banking sector

Information Technologies (IT) play a crucial role in the development of the business processes in organizations. Acquiring the best technologies is quickly becoming as important as understanding and improving the business model of organizations. As a result, many (inter)national standards and models for IT Management, IT Government and IT Security have been developed. This situation allows organizations to choose and improve their processes, selecting the models that best suit their needs. Since several relationships between these models can be found, carrying out the harmonization of their similarities and differences will make it possible to reduce the time and effort involved in implementing them. In this paper, we present a harmonization strategy which has been defined to harmonize COBIT 4.1, Basel II, VAL IT, RISK IT, ISO 27002 and ITIL V3. This work intends to support organizations which are interested in knowing how to carry out the harmonization of these models. Furthermore, as a result of the execution of the harmonization strategy we have defined, a unified model for Banking, called ITGSM, is presented. It resolves the conflicts between the models mentioned above and provides a useful reference model to organizations that are planning to adopt them.

Trends in Harmonization of Multiple Reference Models

Diverse models currently exist in the field of Software Engineering which help organizations to apply recommended practices in order to support ther multiple needs in the areas of software development, maintenance and operation, security, IT government, etc. Examples of such models are CMMI, ISO 9001, ISO 12207, ISO 27001, COBIT, ITIL. Nevertheless, many differences exist between these models, since each model defines its own structure, terminology, definitions and quality systems, amongst other aspects. This issue increases the complexity when an organization is required to apply two or more models in order to satisfy its needs. Organizations must, therefore, define the most appropriate means of choosing and implementing multi-models, and harmonization may be one solution. This paper presents a systematic literature review with the aim of analyzing the state of the art with regard to inititatives concerning the harmonization of multiple reference models. As a result, it has been concluded that there is currently a lack of guidelines with which to help organizations to implement the harmonization of multiple models, and of a unified terminology with which to homogenize the diversity of the structure of the different models and the harmonization techniques which can be applied. In order to address these issues, a framework to support the harmonization of multiple models is outlined.

A process for driving the harmonization of models

At present, there are several factors that may influence an organization in needing to work with more than one reference model. The following can be highlighted: (i) market niches with specific models, (ii) improvement of practices from legacy process models, (iii) business positioning, (iv) leveraged or merger corporate (v) systematic search of the capability of the processes, (vi) business growth, among others. Currently, however, there is no detailed strategy to address the harmonization of reference models. So, the aim of this paper is to present a process that defines the elements necessary to support the harmonization of multiple reference models. This process allows us to guide the implementation of a harmonization project systematically. It also describes our experience of the application of the proposed process in one organization. These results show that the process and the harmonization techniques used to support the objectives of harmonization of ISO 27001 and ISO 20000 of the company involved were suitable.

HProcessTOOL: a support tool in the harmonization of multiple reference models

If companies are to fulfil their business goals then they must implement more than one software process improvement or information technology management model. The heterogeneity of these models signifies that their harmonization in accordance with company goals has become a key initiative. It is therefore necessary to provide companies with suitable software tools which facilitate the implementation and management of the activities, methods, techniques and reference models involved in a harmonization project, thus allowing the harmonization to be properly carried out. This paper therefore presents the HProcessTOOL which guides harmonization projects by supporting specific techniques, and supports their management by controlling and monitoring the resulting harmonization projects. The tool has been applied in two case studies, and has allowed the work products, effort, time and roles involved in the harmonization projects, and the knowledge generated, to be correctly managed.

Harmonizing Quality Assurance Processes and Product Characteristics

Adapting software quality assurance processes to product requirements will result in greater product quality and compliance, and thus increased customer satisfaction.

Supporting the combination and integration of multiple standards and models

There is growing interest in defining best practices that support multiple needs in companies. This has led to the current situation, where organizations, universities and research groups, amongst others, have defined a wide range of reference models. This is also known as the quagmire of standards and models. The ample assortment of possibilities enables companies to choose and implement the models that are most suitable for their particular features. There may even be a reduction in the cost associated with effort and time in their implementation. Each model, however, defines its own process structure, approach, scope, and so forth, so carrying out the implementation of more than two models without guidelines or suitable tools can be a hard, if not impossible, task. With all this in mind, the aim of this paper is to present a harmonization Framework, which establishes the elements and tools needed to support the harmonization of multiple reference models. It also presents a detailed summary of the elements defined, along with a summary of the successful application of the harmonization framework in two case studies. This harmonization framework and its elements have been shown to be suitable for supporting the harmonization of multiple models.

Efficiency of Software Testing Techniques: A Controlled Experiment Replication and Network Meta-analysis

Background. Common approaches to software verification include static testing techniques, such as code reading, and dynamic testing techniques, such as black-box and white-box testing. Objective. With the aim of gaining a better understanding of software testing techniques, a controlled experiment replication and the synthesis of previous experiments which examine the efficiency of code reading, black-box and white-box testing techniques were conducted. Method. The replication reported here is composed of four experiments in which instrumented programs were used. Participants randomly applied one of the techniques to one of the instrumented programs. The outcomes were synthesized with seven experiments using the method of network meta-analysis (NMA). Results. No significant differences in the efficiency of the techniques were observed. However, it was discovered the instrumented programs had a significant effect on the efficiency. The NMA results suggest that the black-box and white-box techniques behave alike; and the efficiency of code reading seems to be sensitive to other factors. Conclusion. Taking into account these findings, the Authors suggest that prior to carrying out software verification activities, software engineers should have a clear understanding of the software product to be verified; they can apply either black-box or white-box testing techniques as they yield similar defect detection rates.