John Bergey

Using the Options Analysis for Reengineering (OAR) Method for Mining Components for a Product Line

The Options Analysis for Reengineering (OAR) method is a systematic, architecture-centric means for mining existing components for a product line or new software architecture. The method incorporates a set of scalable techniques and exercises to collaboratively analyze existing components, determine viable mining options, and evaluate the most promising options. The OAR method has 5 activities that are followed in a systematic manner to identify components for mining and estimate the cost and risk of changes required to each legacy component to enable its reuse within a new software architecture. The OAR method provides visibility into this highly complex analysis activity. It also provides insights into implicit stakeholder assumptions, constraints, and other major drivers that impact the mining of components. Results from a pilot application of the OAR method are presented in this paper.

Enterprise Framework for the Disciplined Evolution of Legacy Systems

Organizations that migrate legacy systems to distributed, open system environments or to a single product line of systems often fail because they concentrate on a narrow set of software issues without fully considering a broader set of enterprisewide management and technical issues. This article describes an enterprise framework that characterizes the global environment in which system evolution takes place and provides insight into the activities, processes, and work products that shape the disciplined evolution of legacy systems. The following checklists help identify critical enterprise issues that correspond to each of the frameworks elements.

Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies

Organizations often suffer harm from individuals who bear them no malice but whose actions unintentionally expose the organizations to risk in some way. This paper examines initial findings from research on such cases, referred to as unintentional insider threat (UIT). The goal of this paper is to inform government and industry stakeholders about the problem and its possible causes and mitigation strategies. As an initial approach to addressing the problem, we developed an operational definition for UIT, reviewed research relevant to possible causes and contributing factors, and provided examples of UIT cases and their frequencies across several categories. We conclude the paper by discussing initial recommendations on mitigation strategies and countermeasures.