Re: CRIME better computing for oregon using open source

From: charles radley (c.radley@private)
Date: Tue Sep 24 2002 - 08:29:49 PDT

Next message: James Wilcox: "RE: CRIME Computers vulnerable at Oregon department"

Previous message: Dion Baird: "RE: CRIME Computers vulnerable at Oregon department"
In reply to: Shaun Savage: "CRIME better computing for oregon using open source"
Next in thread: Crispin Cowan: "Re: CRIME better computing for oregon using open source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Shaun,

Congratulations on a clear definition of the objectives, I can certainly
agree with those principles.   I am an ASQ Certified Software Quality
Engineer (CSQE) with 10+ years experience.

Shaun Savage wrote:

> This is is a continuance of the "Computer vulnerable at Oregon" thread!
>
> The question here is will cost be reduced and security improved using
> Open Source.
>
> A few basic axioms of this debate is:
> 1> "monopolies increase cost by reducing competition"
>         1A+ "competition inceases software quality"
>         1A- "shorter development time reduces software quality"
> 2> "proper software development inceases software quality"
> 3> "people are more important than business"
>         Greedy CEO's believe this is false.
>
> If we can all agree on these simple axioms then progress will be better.
>
> The topics I want to discuss are
> What procedure are need to improve software quality for the state?

What we have here is is a classical process improvement problem, plenty
of expertise is available in this field if the powers that be wish to
take advantage of it.   I myself am available for employment or
consulting in those areas.   

The first thing I would do would be an audit of the present state of
software practices to see what is working and what is not.

I would recommend they adopt a good set of policies, perhaps ISO, TickIT
or CMM, tailor as needed for the particular environment.   This could
encompass XP or other development models.

I would establish a metrics program to measure the current defect rates
and productivity of the processes, and from that develop a plan to
achieve a repeatable set of development practices.

Then execute the plan.

Then enforce the policies and practices by periodic audits.   Modify
practices and policies and business NEEDS dictate.

Let the flaming begin.

> How the bidding for software can be done to improve quality and security?
> --- you add more???
>
> One idea is to have development and maintaince be two seperate
> contracts.  But this would also require a formal acceptance testing
> procedure.
>

By itself that will do little to solve the underlying problems.

Probably not essential, but would not hurt at all.

	Best regards,

		Charles F. Radley - CSQE

text/x-vcard attachment: Card for charles radley

Next message: James Wilcox: "RE: CRIME Computers vulnerable at Oregon department"
Previous message: Dion Baird: "RE: CRIME Computers vulnerable at Oregon department"
In reply to: Shaun Savage: "CRIME better computing for oregon using open source"
Next in thread: Crispin Cowan: "Re: CRIME better computing for oregon using open source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 09:12:07 PDT