Description: Part of our role at DHS is to better enable all stakeholders to secure their part of cyberspace. Given that our adversaries will exploit even the smallest weakness, identifying and mitigating exploitable weaknesses before they become a pathway for attack is vital to the defense against predatory practices. One weak link in the chain can compromise an entire software application and degrade our enterprise capabilities....

Description: As illustrated in the featured articles, all components of the department must work together to enhance the capability and capacity of the systems and software engineering workforce through training and educational initiatives...

Description: Software has increasingly become modern infraístructure. Ones and zeros permeate most aspects of our daily existence. Yet software is not nearly as trustworthy or reliable as our physical infrastructure. For those in security, we’ve become painfully aware of the seemingly infinite vulnerabiliíties in digital infrastructure....

Description: DHS is proud to sponsor this issue, primarily focused on SwA Game-Changing Tools and Practices.

Description: The articles in this issue of CrossTalk discuss the human side of our software development processes, and are part of a very important dialogue....

Description: Systems assurance is a matter of strategic concern to our nation’s security; one the DHS takes very seriously. Fundamentally, it is the concerted effort to ensure that users have the highest level of confidence possible in their critical systems and data....

Description: The November/December issue of CrossTalk, themed 21st Century Defense, explores slightly different advancements specific to the software defense industry. The software battlefront now includes laptops, desktops, servers, PDAs, cell phones, personal identification cards, and even a soldier’s clothing....

Description: The March/April issue of CrossTalk provides five well-crafted articles intended to assist developers in avoiding the pain of “software cavities” by bolstering their current processes through implementation of sound reinforcement practices....

Description: This issue of CrossTalk addresses some of these compelling challenges as we strive to improve integration/interoperability.

Description: This issue of CrossTalk provides an in-depth look at the implementation and development of safety-critical software systems. It also explores how these systems will likely face unplanned challenges during long-term development, requiring developers to build flexibility into their approaches....

Description: This issue’s cosponsor, the DHS Software Assurance Program, offers many free resources for Application Security – just follow the link on the back cover. So, to all those charged with the difficult duty...

Description: This article discusses conventional roles and responsibilities of the project sponsor and gives strategies project managers can employ to facilitate project success; this article approaches the role of motivation and emotion in maximizing team performance and presents an actionable and accessible approach for shaping both motivation and emotion; this article teaches how managers can build better, more efficient teams and successfully navigate the toughest project environments in tandem by reading a set of human gauges; Kulpa describes the People Capability Maturity Model and its necessity in addressing the need to integrate effective people practices with process and technology; this article describes two types of decision-making methods: voting and multi-criterion; this article outlines a set of common misconceptions about Service Oriented Architectures and suggests ways to more effectively address critical issues that potential users, developers, and acquisition officers may have....

Table of Contents: Working as a Team: Wisdom for Building the Project Manager/Project Sponsor Relationship: Partnership for Project Success; by LTC Nanette Patton and Allan Shechet. This article discusses conventional roles and responsibilities of the project sponsor and gives strategies project managers can employ to facilitate project success -- Shaping Motivation and Emotion in Technology Teams; by Jennifer Tucker and Hile Rutledge. This article approaches the role of motivation and emotion in maximizing team performance and presents an actionable and accessible approach for shaping both motivation and emotion -- The Gauge That Pays: Project Navigation and Team Building; by Kasey Thompson and Tim Border. This article teaches how managers can build better, more efficient teams and successfully navigate the toughest project environments in tandem by reading a set of human gauges -- Software Engineering Technology: Why Should I Use the People CMM?; by Margaret Kulpa. Kulpa describes the People Capability Maturity Model and its necessity in addressing the need to integrate effective people practices with process and technology -- Too...

Description: The authors use anecdotal evidence from interviews to discuss source of hidden costs of COTS-based systems and strategies to manage these; this article discusses some basic, but often-neglected factors, affecting COTS selection and use; in this article, the author briefly describes the Avionics Integration Support Facility and then discusses several examples of how it is using COTS to reduce maintenance costs and improve performance; this article presents the success story of the selection of a new COTS product for testing operational flight programs; this article discusses the use of Java in mission-critical, real-time systems; this article addresses the amount spent on verification with a quantitative cost analysis model; this author outlines four software exploitation categories that should be considered before a software product is released....

Table of Contents: COTS Integration: Added Sources of Costs in Maintaining COTS-Intensive Systems; by Dr. Betsy Clark and Dr. Brad Clark. The authors use anecdotal evidence from interviews to discuss source of hidden costs of COTS-based systems and strategies to manage these -- Issues to Consider Before Acquiring COTS; by Dr. David A. Cook. This article discusses some basic, but often-neglected factors, affecting COTS selection and use -- Lean AISF: Applying COTS to System Integration Facilities; by Harold Lowery. In this article, the author briefly describes the Avionics Integration Support Facility and then discusses several examples of how it is using COTS to reduce maintenance costs and improve performance -- GL Studio Brings Realism to Aircraft Cockpit Simulator Displays; by Kim Stults. This article presents the success story of the selection of a new COTS product for testing operational flight programs -- Applying COTS Java Benefits to Mission-Critical Real-Time Software; by Dr. Kelvin Nilsen. This article discusses the use of Java in mission-critical, real-time systems -- Software Engineering Technology: The Relative Cost of ...

Description: This article emphasizes how developers need to make additional, significant increases in their processes, by adding structure and repeatability to further the security and quality of their software; this article describes how SPARK, an annotated subset of the Ada programming language, can help prove correctness of software implementations; this article presents some of the goals and uses of BIT, as well as the applications in providing a safe system; this article focuses on how to apply simple risk assessment techniques to the software development life cycle process; this article discusses how investing the resources in a software assurance program during the design, code, and test phases of a software development program will significantly reduce the likelihood of costly mishaps, failures, or system breeches during system operations and support....

Table of Contents: Software Assurance: Security in the Software Life Cycle: by Joe Jarzombek and Karen Mercedes Goertzel. This article emphasizes how developers need to make additional, significant increases in their processes, by adding structure and repeatability to further the security and quality of their software -- When Computers Fly, It Has to Be Right: Using SPARK for Flight Control of Small Unmanned Aerial Vehicles: by Dr. Ricky E. Sward, Lt. Col Mark J. Gerken, Ph.D., and 2nd Lt. Dan Casey. This article describes how SPARK, an annotated subset of the Ada programming language, can help prove correctness of software implementations -- Application and Evaluation of Built-In-Test (BIT) Techniques in Building Safe Systems: by James A. Butler. This article presents some of the goals and uses of BIT, as well as the applications in providing a safe system -- Assessing Information Security Risks in the Software Development Life Cycle: by Dr. Douglas A. Ashbaugh. This article focuses on how to apply simple risk assessment techniques to the software development life cycle process -- Increasing the Likelihood of Success of a Software ...

Description: In answering this fundamental question, this article looks at a sampler of agile methodologies, an agile case story, and a look at the future; part one of this two-part series describes how cost- and plan-driven projects can borrow from agile software development to improve their strategies and hedge against surprises; this article summarizes and critiques the compatibility of agile methodologies with plan-driven methodologies as described by the capability Maturity Model for Software; this article includes real-world insights from developers applying a tailored version of eXtreme Programming and a quantitative measure of its effectiveness since its inception; learn how adaptive techniques and small informal teams inside large organizations can complement a formal organizational process focus; this report summarizes what speakers said agile software development is and is not; this author was developing software solutions using agile methods before he realized there was such a methodology....

Table of Contents: Agile Software Development: What Is Agile Software Development?; by Jim Highsmith. In answering this fundamental question, this article looks at a sampler of agile methodologies, an agile case story, and a look at the future -- Learning From Agile Software Development--Part One; by Alistair Cockburn. Part one of this two-part series describes how cost- and plan-driven projects can borrow from agile software development to improve their strategies and hedge against surprises -- Agile Methodologies and Process Discipline; by Mark C. Paulk. This article summarizes and critiques the compatibility of agile methodologies with plan-driven methodologies as described by the Capability Maturity Model for Software -- Odyssey and Other Code Science Success Stories; by John Manzo. This article includes real-world insights from developers applying a tailored version of eXtreme Programming and a quantitative measure of its effectiveness since its inception -- Software Engineering Technology: Integrating Systems and Software Engineering: What Can Large Organizations Learn From Small Start-Ups?; by Paul E. McMahon. Learn how adapt...

Description: Paul Maritz of Microsoft discusses commercial off-the-shelf products, open systems, quality, and Microsoft's software development culture; activities and practices to follow for development and lifetime support of COTS-based systems; commercial and Nondevelopmental Items can cause problems. Here are some ideas on how to plan for and resolve them; as government moves toward commercial off-the-shelf (COTS) and government off-the-shelf (GOTS) software, it realizes that vendor descriptions are not always sufficient; lessons learned from the U.S. AWACS Step 1 Mission Computing Upgrade Program; description of what the CMMI Product Suite is designed to provide for enterprise-wide process improvement; what is the role of the Site Coordinator and the team in undergoing a CMM assessment?...

Table of Contents: COTS: Up Close with Microsoft's Paul Maritz; by Kathy Gurchiek. Paul Maritz of Microsoft discusses commercial off-the-shelf products, open systems, quality, and Microsoft's software development culture -- An Activity Framework for COTS-Based Systems; by Lisa Brownsword, Patricia Oberndorf, and Carol A. Sledge. Activities and practices to follow for development and lifetime support of COTS-based systems -- Supporting Commercial Software; by Lt. Col. Lionel D. Alford. Commercial and Nondevelopmental Items can cause problems. Here are some ideas on how to plan for and resolve them -- Evaluating COTS/GOTS Software: Functional Test Criteria; by William H. Dashiell and Phil Brashear. As government moves toward commercial off-the-shelf (COTS) and government off-the-shelf (GOTS) software, it realizes that vendor descriptions are not always sufficient -- Field Report: Implementing COTS Open Systems Technology on AWACS; by Lt. Col. Michael K.J. Milligan. Lessons learned from the U.S. AWACS Step 1 Mission Computing Upgrade Program -- Software Engineering Technology: Creating an Integrated CMM for Systems and Software Enginee...

Description: A foundation for building interoperable command and control systems; using DII COE to improve the effectiveness of systems performing real-time C2 missions; extending V&V from an individual application system to a product line of systems; a basic year 2000 test model with lessons learned; lack of quality controls in the design and coding stages has led to many of today's software problems; a fictional account of a contractor trying to avoid a software capability evaluation; an abstract on the overview of the DII COE kernel changes....

Table of Contents: DII COE: Introduction to the Defense Information Infrastructure (DII) Common Operating Environment (COE); by Pamela Engert and Julie Surer. A foundation for building interoperable command and control systems -- Extending the DII COE for Real-Time; by Lt. Col. Lucie M.J. Robillard, Dr. H. Rebecca Callison, John Maurer. Using DII COE to improve the effectiveness of systems performing real-time C2 missions -- Software Engineering Technology: Performing Verification and Validation in Architecture-Based Software Engineering; by Edward A. Addy. Extending V&V from an individual application system to a product line of systems -- A Y2K Integration Test Model; by Dr. William H. Dashiell. A basic year 2000 test model with lessons learned -- Open Forum: Who is to Blame for the Y2K and Similar Bugs?; by Alka Jarvis, Dr. Vern J. Crandall and Cindy Snow. Lack of quality controls in the design and coding stages has led to many of today's software problems -- The Five Stages of Denial; by Dr. Richard Bechtold. A fictional account of a contractor trying to avoid a software capability evaluation -- Web Addition: Overview of the DII ...

Description: If you’ve been involved with software and system process improvement for even a short time, you’ve most likely experienced the challenges associated with applying process methodologies and tools to your real-life projects...

Description: I’ve heard the many arguments made in defense of agility versus process. This issue of CrossTalk will explore the virtues of both, also discussing the transformation and incorporation of process with other concepts, ideas, and process improvement efforts....

Description: Four articles in this issue address various experiences in the area of processes ready for replication.