Risk themes from ATAM data: preliminary results

Similar documents
Risk themes from ATAM data: preliminary results

Mission Assurance Analysis Protocol (MAAP)

The Fully-Burdened Cost of Waste in Contingency Operations

Improving the Quality of Patient Care Utilizing Tracer Methodology

Independent Auditor's Report on the Attestation of the Existence, Completeness, and Rights of the Department of the Navy's Aircraft

Panel 12 - Issues In Outsourcing Reuben S. Pitts III, NSWCDL

Shadow 200 TUAV Schoolhouse Training

Fiscal Year 2011 Department of Homeland Security Assistance to States and Localities

The Security Plan: Effectively Teaching How To Write One

White Space and Other Emerging Issues. Conservation Conference 23 August 2004 Savannah, Georgia

ASAP-X, Automated Safety Assessment Protocol - Explosives. Mark Peterson Department of Defense Explosives Safety Board

terns Planning and E ik DeBolt ~nts Softwar~ RS) DMSMS Plan Buildt! August 2011 SYSPARS

Engineered Resilient Systems - DoD Science and Technology Priority

Reducing System Acquisition Risk with Software Architecture Analysis and Evaluation

Test and Evaluation of Highly Complex Systems

Opportunities to Streamline DOD s Milestone Review Process

Software Intensive Acquisition Programs: Productivity and Policy

Rapid Reaction Technology Office. Rapid Reaction Technology Office. Overview and Objectives. Mr. Benjamin Riley. Director, (RRTO)

Cerberus Partnership with Industry. Distribution authorized to Public Release

United States Army Aviation Technology Center of Excellence (ATCoE) NASA/Army Systems and Software Engineering Forum

The Coalition Warfare Program (CWP) OUSD(AT&L)/International Cooperation

For the Period June 1, 2014 to June 30, 2014 Submitted: 15 July 2014

Make or Buy: Cost Impacts of Additive Manufacturing, 3D Laser Scanning Technology, and Collaborative Product Lifecycle Management on Ship Maintenance

AFCEA TECHNET LAND FORCES EAST

Afloat Electromagnetic Spectrum Operations Program (AESOP) Spectrum Management Challenges for the 21st Century

DDESB Seminar Explosives Safety Training

Social Science Research on Sensitive Topics and the Exemptions. Caroline Miner

The Army Executes New Network Modernization Strategy

Defense Health Care Issues and Data

Report Documentation Page

ALLEGED MISCONDUCT: GENERAL T. MICHAEL MOSELEY FORMER CHIEF OF STAFF, U.S. AIR FORCE

Office of the Assistant Secretary of Defense (Homeland Defense and Americas Security Affairs)

Dynamic Training Environments of the Future

Wildland Fire Assistance

Munitions Response Site Prioritization Protocol (MRSPP) Online Training Overview. Environmental, Energy, and Sustainability Symposium Wednesday, 6 May

The Military Health System How Might It Be Reorganized?

Biometrics in US Army Accessions Command

Required PME for Promotion to Captain in the Infantry EWS Contemporary Issue Paper Submitted by Captain MC Danner to Major CJ Bronzi, CG 12 19

Tim Haithcoat Deputy Director Center for Geospatial Intelligence Director Geographic Resources Center / MSDIS

Integrated Comprehensive Planning for Range Sustainability

Laboratory Accreditation Bureau (L-A-B)

Information Technology

711 HPW COUNTERPROLIFERATION BRANCH

Integrity Assessment of E1-E3 Sailors at Naval Submarine School: FY2007 FY2011

Evolutionary Acquisition an Spiral Development in Programs : Policy Issues for Congress

Military Health System Conference. Putting it All Together: The DoD/VA Integrated Mental Health Strategy (IMHS)

DOD Native American Regional Consultations in the Southeastern United States. John Cordray NAVFAC, Southern Division Charleston, SC

US Coast Guard Corrosion Program Office

Military Health System Conference. Psychological Health Risk Adjusted Model for Staffing (PHRAMS)

The DoD Siting Clearinghouse. Dave Belote Director, Siting Clearinghouse Office of the Secretary of Defense

The Effects of Outsourcing on C2

NORAD CONUS Fighter Basing

Determining and Developing TCM-Live Future Training Requirements. COL Jeffrey Hill TCM-Live Fort Eustis, VA June 2010

Infections Complicating the Care of Combat Casualties during Operations Iraqi Freedom and Enduring Freedom

Engineering, Operations & Technology Phantom Works. Mark A. Rivera. Huntington Beach, CA Boeing Phantom Works, SD&A

Cyber Attack: The Department Of Defense s Inability To Provide Cyber Indications And Warning

Office of Inspector General Department of Defense FY 2012 FY 2017 Strategic Plan

Concept Development & Experimentation. COM as Shooter Operational Planning using C2 for Confronting and Collaborating.

2011 USN-USMC SPECTRUM MANAGEMENT CONFERENCE COMPACFLT

at the Missile Defense Agency

DoD Scientific & Technical Information Program (STIP) 18 November Shari Pitts

User Manual and Source Code for a LAMMPS Implementation of Constant Energy Dissipative Particle Dynamics (DPD-E)

Electronic Attack/GPS EA Process

The Need for NMCI. N Bukovac CG February 2009

DOING BUSINESS WITH THE OFFICE OF NAVAL RESEARCH. Ms. Vera M. Carroll Acquisition Branch Head ONR BD 251

AFRL-VA-WP-TP

Report No. DODIG December 5, TRICARE Managed Care Support Contractor Program Integrity Units Met Contract Requirements

Environmental Trends Course Cultural Resources

Report No. DODIG Department of Defense AUGUST 26, 2013

Report No. D May 14, Selected Controls for Information Assurance at the Defense Threat Reduction Agency

Preliminary Observations on DOD Estimates of Contract Termination Liability

Unexploded Ordnance Safety on Ranges a Draft DoD Instruction

Report No. D July 25, Guam Medical Plans Do Not Ensure Active Duty Family Members Will Have Adequate Access To Dental Care

Army Modeling and Simulation Past, Present and Future Executive Forum for Modeling and Simulation

Systems Engineering Capstone Marketplace Pilot

Product Manager Force Sustainment Systems

Screening for Attrition and Performance

The Air Force's Evolved Expendable Launch Vehicle Competitive Procurement

Small Business Innovation Research (SBIR) Program

The Landscape of the DoD Civilian Workforce

Military Health System Conference. Behavioral Health Clinical Quality in the MHS : Past Present and Future

GAO. FORCE STRUCTURE Capabilities and Cost of Army Modular Force Remain Uncertain

2010 Fall/Winter 2011 Edition A army Space Journal

USAF TECHNICAL TRAINING NAS Pensacola Florida Develop America's Airmen Today --- for Tomorrow

Battle Captain Revisited. Contemporary Issues Paper Submitted by Captain T. E. Mahar to Major S. D. Griffin, CG 11 December 2005

Chief of Staff, United States Army, before the House Committee on Armed Services, Subcommittee on Readiness, 113th Cong., 2nd sess., April 10, 2014.

CRS prepared this memorandum for distribution to more than one congressional office.

Representability of METT-TC Factors in JC3IEDM

Research to advance the Development of River Information Services (RIS) Technologies

U.S. ARMY EXPLOSIVES SAFETY TEST MANAGEMENT PROGRAM

United States Military Casualty Statistics: Operation Iraqi Freedom and Operation Enduring Freedom

712CD. Phone: Fax: Comparison of combat casualty statistics among US Armed Forces during OEF/OIF

Tannis Danley, Calibre Systems. 10 May Technology Transition Supporting DoD Readiness, Sustainability, and the Warfighter. DoD Executive Agent

A Scalable, Collaborative, Interactive Light-field Display System

Google Pilot / WEdge Viewer

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Incomplete Contract Files for Southwest Asia Task Orders on the Warfighter Field Operations Customer Support Contract

New Tactics for a New Enemy By John C. Decker

ASNE Combat Systems Symposium. Balancing Capability and Capacity

MILITARY MUNITIONS RULE (MR) and DoD EXPLOSIVES SAFETY BOARD (DDESB)

Transcription:

Pittsburgh, PA 15213-3890 Risk themes from ATAM data: preliminary results Len Bass Rod Nord Bill Wood Software Engineering Institute Sponsored by the U.S. Department of Defense 2006 by Carnegie Mellon University page 1

Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE APR 2006 2. REPORT TYPE 3. DATES COVERED 00-00-2006 to 00-00-2006 4. TITLE AND SUBTITLE Risk themes from ATAM data: preliminary results 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University,Software Engineering Institute (SEI),Pittsburgh,PA,15213 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 11. SPONSOR/MONITOR S REPORT NUMBER(S) 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 25 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

Overview The data set Process followed in categorizing data Initial results Implications 2006 by Carnegie Mellon University page 2

Conceptual Flow of the ATAM Business Drivers Software Architecture Quality Attributes Architectural Approaches Scenarios Architectural Decisions Analysis impacts 18 reports Risk Themes distilled into Tradeoffs Sensitivity Points Non-Risks Risks 2006 by Carnegie Mellon University page 3

Data Set 18 ATAMs 12 DoD 2 other government agency 4 commercial The ATAMs were performed between 2000-2005. Domains range from embedded to information systems 137 Business Goals 99 Risk themes 2006 by Carnegie Mellon University page 4

Affinity Diagram Bottom up process to discover groups in raw data Developed by an anthropologist Relies on intuition Two data items are in the same group if the grouping team feels they have something in common A data item can be placed into multiple groups Groups are then categorized based on judgment, literature. 2006 by Carnegie Mellon University page 5

Risk Theme Categories Risk themes Architecture Process Organization Run time qualities availability Development time qualities modifiability Development process and tool support requirements uncertainty Big picture Addressing important considerations Product lines performance integration allocation of functionality Organizational awareness security documentation scope coordination 2006 by Carnegie Mellon University page 6

Risk theme distribution 14 12 10 number 8 6 4 2 0 2006 by Carnegie Mellon University page 7

Interesting risk themes Exhibited by over 50% of ATAMs Performance Requirements uncertainty Lack of addressing important considerations (samples Organizational awareness on next slides) Documentation Occurred in exactly last 5 ATAMs May be due to - Increased sensitivity on part of evaluation team - Better documentation of system 2006 by Carnegie Mellon University page 8

Sample risk themes addressing important considerations There are many risks arising from decisions not yet made. The volume of decisions not yet made suggests that the project schedule is at risk. There is a lack of support for data management: There is no uniform specification for managing meta-data and its persistence. There is no strategy for ensuring that data sets are accessible outside of an implementation of a sub domain. This means that while data is, in theory, exchanged by all sub domains, they may not be sharing the same assumptions about the data. And it may not be easy for one sub domain to gain access to data sets from another domain. There is a trend to move toward an integration role for the development organization. This increases exposure to liability risks in customer and 3rd party software integrated with development organization software. The market is forcing the development organization to be an integrator, but there is no clear business goal that states this. 2006 by Carnegie Mellon University page 9

Sample risk themes organizational awareness There are risks arising from a lack of an adequate training program especially for the pool of developers that will be implementing the system under review The new architecture may not be institutionalized for two primary reasons: 1. Not everyone is sensitive to the benefits that the architecture can offer. 2. The guidelines and rules for developers regarding when to use which architectural mechanisms are not complete yet." The new component-based product-line approach provides extensive potential which cannot be exercised without training, application development guidance, and tool support. There is a lack of attention to support and training issues in the architecture of the system under review. There is a test requirement to interoperate with other systems but neither test plan nor test capabilities have been detailed beyond those internal to the system under review 2006 by Carnegie Mellon University page 10

A Different Categorization of Risk Themes Risks of commission - those risk themes that refer to a decision in the architecture that is problematic Risks of omission those risk themes that refer to the lack of a decision or investigation Other those risk themes that are neither commission or omission Commission: 25 of 99 Omission: 57 of 99 (inter-rater reliability test is Other: 18 of 99.82) 2006 by Carnegie Mellon University page 11

Risk Themes Categorized by Omission and Commission 2006 by Carnegie Mellon University page 12

Possible factors to predict risk themes Came to the SEI not a random sample of systems by any means Business goals e.g. do systems with performance as a business goal have performance risks? Domain of system e.g. do embedded systems display different set of risk themes than information systems? Dominant architectural style e.g. do client server systems display a different set of risk themes than cyclic executives? Evaluation team are risks result of examiners? Development team maturity of team, size of system, skill set of team? 2006 by Carnegie Mellon University page 13

We have explored two possible causes for risk theme patterns: Business goals Domain In each case, we are looking for patterns in risk themes that share either business goals or are in the same domain. 2006 by Carnegie Mellon University page 14

Business goal categories Business goals Total cost of ownership Improve quality or capability Improve market position Improved business processes Development Deployment and operations performance Reliability/ availability Product lines End user ease Expand or retain market share Maintain or improve reputation maintenance Security Enter new markets retirement Safety Scalability Reduce time to market functionality functionality Create standard System constraints internationalization 2006 by Carnegie Mellon University page 15

Business goal distribution 16 14 12 number of ATAMs 10 8 6 4 2 0 2006 by Carnegie Mellon University page 16 business goals

Do systems with performance as business goals exhibit higher probability of performance risk? Interval by Interval Ordinal by Ordinal N of Valid Cases Pearson's R Spearman Correlation a. Not assuming the null hypothesis. Symmetric Measures b. Using the asymptotic standard error assuming the null hypothesis. c. Based on normal approximation. Asymp. Value Std. Error a Approx. T b Approx. Sig..194.233.792.440 c.194.233.792.440 c 18 NO! 2006 by Carnegie Mellon University page 17

How about domains? 2006 by Carnegie Mellon University page 18

Identified the following domains in the 18 ATAMs Domain Number of ATAMs Avionics 3 C4ISR 1 Command and control 4 Command and Intelligence 1 Distributed infrastructure 1 Embedded information systems 2 Embedded control systems 2 Information Systems 1 Information, Surveillance, Reconnaissance 1 Mission computing 1 Modeling and simulation 1 2006 by Carnegie Mellon University page 19

Do systems from the same domain exhibit a pattern of risk themes? For domains with more than 1 ATAM, we calculated a measure of similarity of risk themes. We are still thinking about what constitutes a good measure of similarity (.7 means significant similarity for the measure we are using.) Domain N Measure of similarity Avionics 3.245 Command and control Embedded information system Embedded control system 4.131 2.293 2.415 NO! 2006 by Carnegie Mellon University page 20

What about other possible predictors of risk themes? Found no predictors of risk themes in business goals or domains. Have not analyzed based on architectural styles. 18 is a limited data set and ATAM does not necessarily collect the correct information for predicting risk themes. Conjecture: Organization setting is a significant factor in predicting risk themes. 2006 by Carnegie Mellon University page 21

Recommendations based on what is known so far Practitioner Use checklists early in the project to mitigate likely risks Use known techniques for mitigating performance and requirements volatility risks. Researcher Explore hypothesis that risks are related to organizational setting Determine techniques to mitigate risks of organizational awareness and lack of addressing important considerations. 2006 by Carnegie Mellon University page 22

ATAM Evolution Initial thoughts: Integrate business goals into utility tree Develop risk themes based on categories presented here. We welcome ideas as to how this data can be used to improve the ATAM method. 2006 by Carnegie Mellon University page 23

More information Categorizing Business Goals for Software Architectures Rick Kazman Len Bass Technical Report CMU/SEI-2005-TR-021 Report on risk themes in preparation. 2006 by Carnegie Mellon University page 24

Questions? 2006 by Carnegie Mellon University page 25

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback