USC CSSE Workshop Overview: Top 3 Software-Intensive Systems Risk Items

Barry Boehm, USC-CSSE

February 14, 2007

http://csse.usc.edu/BoehmsTop10/

boehm@usc.edu

2

Outline: Top-3 SIS Risks Workshop

Working group guidelines Risk survey results and survey update(?) The top three risks

– Architecture complexity; system quality tradeoffs

– Requirements volatility; rapid change

– Acquisition and contracting process mismatches Architecture complexity and system quality tradeoffs

– Architecture complexity phenomenology

– Nature of system quality

– Quality tradeoff perspectives

3

Working Group Guidelines

Product: briefing, preferably with notes

Topics should include:– Most critical success factors in each area

– Current best practices for addressing them

– Areas for further research Rated 0-10 on value and difficulty of research

4

Research Topics: Agile Methods

0

5

10

0 5 10

Difficulty of Research

Valu

e o

f R

esearc

h

1a

1b

2

3

4

5

6

7

8

9

10

11

12

1. Relationship between plan driven and agilitya. For individualsb. For organizations

2. Differences between agile and plan driven outcomes

3. Effect of Gurus4. Mismatches between development

approach and acquisition practices5. How do you measure quality in an agile

environment?6. Data collection; agile experience base7. Team of teams8. Agile Development and Evolutionary

Prototyping9. Shared Code and/or module ownership10. Architecture: when, how much, how to

express11. Lack of user consensus12. Dynamic Homegrounds

5

SIS Risk Survey 2006: Statistics

Number of Surveys: 25 Average Experience: ~28 years (6 years – 51 years) Area Distribution:

– Software: 20– Systems: 17– Hardware: 0

Business Domain Distribution:– Aerospace: 18– Software Infrastructure: 5– Business: 4– Telecom: 3– Others: Secure Apps (1); Safety Critical Apps (1); C4ISR (1)

6

Risk Survey 2006: Nominees

Acquisition and contracting process mismatches Architecture complexity; quality tradeoffs Budget and schedule constraints COTS and other independently evolving systems Customer-developer-user team cohesion Migration complexity Personnel shortfalls Process maturity Requirements mismatch Requirements volatility; rapid change Technology maturity User interface mismatch

7

USC CSSE Top 10 Systems and Software Engineering Risk Items

130.5142

109.5

77

115.5

75.5

99

46.83

100.33

131.66

58.564.67

0

20

40

60

80

100

120

140

160

Risk Areas

Su

m o

f R

anks

Acq & Cont process mismatches

Arch complexity; quality tradeoffs

Budget & Schedule

COTS

Customer-developer-user

Migration Complexity

Personnel Shortfalls

Process Maturity

Requirements Mismatch

Requirements Volatility

Technology Maturity

User Interface Mismatch

Risk Survey 2006 Results

8

SIS Risk Grouping

# Risk Item ΣRanks

1 Architecture complexity, quality tradeoffs 142

2 Requirements volatility 131.66

3 Acquisition and contracting process mismatches 130.54 Customer-developer-user 115.5

5 Budget and schedule 109.5

6 Requirements mismatch 100.33

7 Personnel shortfalls 99

8 COTS 77

9 Migration complexity 75.5

10 User interface mismatch 64.67

11 Technology maturity 58.5

12 Process maturity 46.83

9

Survey 2007: Early Statistics

Number or Surveys: 41 Average Experience: ~27 years (6 years – 51 years) Area Distribution:

– Software: 33– Systems: 34– Hardware: 0

Business Domain Distribution:– Aerospace: 32– Software Infrastructure: 7– Business: 6– Telecom: 5– Others: Secure Apps (1); Safety Critical Apps (1); C4ISR (1);

Network and Protocols (1); Defense (1); Program and Risk Management (1)

10

Survey Results: 2006-2007

USC CSSE Top 10 Systems and Software Engineeiring Risk Items 2007

241.8

284.7

238.5

188.4206.2

133.8

188.65

109.31

205.93

265.06

158.03

113.2

0

50

100

150

200

250

300

Risk Areas

Su

m o

f R

anks

Acq & Cont process mismatches

Arch complexity; quality tradeoffs

Budget & Schedule

COTS

Customer-developer-user

Migration Complexity

Personnel Shortfalls

Process Maturity

Requirements Mismatch

Requirements Volatility

Technology Maturity

User Interface Mismatch

11

SIS Risk Grouping 2006-2007

# Risk ItemPrevious Rank

ΣRanks

1. Architecture complexity, quality tradeoffs ↔ 1 284.7

2. Requirements volatility ↔ 2 265.06

3.Acquisition and contracting process mismatches

↔ 3 241.8

4. Budget and schedule ↑ 5 238.5

5. Customer-developer-user ↓ 4 206.2

6. Requirements mismatch ↔ 6 205.93

7. Personnel shortfalls ↔ 7 188.65

8. COTS ↔ 8 188.4

9. Technology maturity ↑ 11 158.03

10. Migration complexity ↓ 9 133.8

11. User interface mismatch ↓ 10 113.2

12. Process maturity ↔ 12 109.31

12

Outline: Top-3 SIS Risks Workshop

Working group guidelines Risk survey results and survey update(?) The top three risks

– Architecture complexity; system quality tradeoffs

– Requirements volatility; rapid change

– Acquisition and contracting process mismatches Architecture complexity and system quality tradeoffs

– Architecture complexity phenomenology

– Nature of system quality

– Quality tradeoff perspectives

13

SIS Architecture Complexity: Future Combat Systems

14

Requirements Volatility: Ripple Effects of Changes- Breadth, Depth, and Length

Platform N

• • • Platform 1

Infra

C4ISR

Command and ControlSituation AssessmentInfo FusionSensor Data ManagementSensor Data IntegrationSensorsSensor Components:

2008 2010 2012 2014 2016

…1.0 2.0 3.0 4.0 5.0

Breadth

Length

Depth

DOTMLPF

Legend: DOTMLPF Doctrine, Organization,

Training, Materiel, Leadership, Personnel, Facilities

C4ISR Command, Control, Communications, Computers,

Intelligence, Surveillance, and Reconnaissance

15

Average Change Processing Time: 2 Systems of Systems

Average workdays to process changes

0

20

40

60

80

100

120

140

160

WithinGroups

AcrossGroups

ContractMods

16

Acquisition/Contracting Mismatches: Fitness Landscapes

Role of Fitness Landscapes in Complex Adaptive Systems (CAS)– S. Kauffman, At Home in the Universe, Oxford University

Press, 1995 CSoS Acquisition Challenges

– B. Boehm, “Some Future Trends and Implications for Systems and Software Engineering Processes”, Systems Engineering 9(1), 2006, pp. 1-19.

A Candidate Three-Agent Acquisition Fitness Landscape– D. Reifer and B. Boehm, “Providing Incentives for Spiral

Development: An Award Fee Plan”, Defense Acquisition Review 13(1), 2006, pp. 63-79.

17

Role of Fitness Landscapes in CAS

Incentive structures for local behavior Induce global behavior via adaptation to change

Fitness Landscape

Uniform RandomSurvival-Related

Global Result Gridlock Chaos Edge of Chaos

Acronym

(Metaphor)

OWHITS

(Ostriches with Heads in the Sand)

TRAW

(Turkeys Running Around Wild)

NOSUFAS

(No One-Size-Uniformly-Fits-All

Solutions

Acquisition Example

MIL-STD-1521B Waterfall, Fixed

Price, Build-to-Spec

Recursive Acquisition Reform,

Total Systems Performance Responsibility

Candidate for Discussion:

3-Agent Model

18

Complex Systems Acquisition Challenges

ObjectiveCandidate Solution

Example Challenges

Avoid Obsolescence

Plan-Driven Rapid Development

4-Hour House Inflexible

Adapt to Rapid Change

Agile MethodsExtreme

ProgrammingUnscalable; Buggy

Releases

Assure Resilience

Independent V&V Formal Methods Expensive

19

Candidate Approach: 3-Agent Model

Agent Objective Agent ApproachFitness Landscape/ Incentive Criteria*

Build Current Increment

Rapid, Stable, Schedule-As-Independent Variable (SAIV),

Build to Specs and Plans

Meet Milestones/Exercise SAIV; Deliver on Time;

Collaboration with Other Agents

Assure ResilienceIntegrated, Independent

Verification and Validation

Priority-Weighted Identification of Risks and Concerns;

Collaboration with Other Agents

Prepare for Build of Next Increment

Observe, Orient, Decide on Proof-Carrying Rebaselined

Specs and Plans

Risk/Opportunity Management; Rebasline Proof Thoroughness; Collaboration with Other Agents

20

Risk-Driven Scalable Spiral Model:Increment View

Increment N Baseline

Future Increment Baselines Rapid Change

High Assurance

Agile Rebaselining for Future Increments

Short, Stabilized Development of Increment N

V&V of Increment N

Increment N Transition/O&M

Current V&V

Short Development Increments

Future V&V

Stable Development Increments

Continuous V&V

Concerns Artifacts

Deferrals Foreseeable Change (Plan)

Resources Resources

Increment N Baseline

Future Increment Baselines Rapid Change

High Assurance

Agile Rebaselining for

Short, Stabilized Development of Increment N

V&V of Increment N

Increment N Transition/O&M

Current V&V

Short Development Increments

Future V&V

Stable Development Increments

Continuous V&V

Concerns Artifacts

Deferrals Foreseeable Change (Plan)

Resources Resources

Unforseeable Change (Adapt)

21

Outline: Top-3 SIS Risks Workshop

Working group guidelines Risk survey results and survey update(?) The top three risks

– Architecture complexity; system quality tradeoffs

– Requirements volatility; rapid change

– Acquisition and contracting process mismatches Architecture complexity and system quality tradeoffs

– Architecture complexity phenomenology

– Nature of system quality

– Quality tradeoff perspectives

22

Larger Systems Need More Architecting: COCOMO II Analysis

0

10

20

30

40

50

60

70

80

90

100

0 10 20 30 40 50 60

Percent of Time Added for Architecture and Risk Resolution

Per

cen

t of T

ime

Ad

ded

to O

vera

ll S

ched

ule

Percent of Project Schedule Devoted to Initial Architecture and Risk Resolution

Added Schedule Devoted to Rework(COCOMO II RESL factor)

Total % Added Schedule

10000KSLOC

100 KSLOC

10 KSLOC

Sweet Spot

Sweet Spot Drivers:

Rapid Change: leftward

High Assurance: rightward

23

Architecture-Breakers are the Biggest Source of Rework

0102030405060708090

100

0 10 20 30 40 50 60 70 80 90 100

% of Software Problem Reports (SPR’s)

TRW Project A373 SPR’s

TRW Project B1005 SPR’s

% ofCosttoFixSPR’s

Major Rework Sources:Off-Nominal Architecture-BreakersA - Network FailoverB - Extra-Long Messages

24

Best Architecture is a Discontinuous Function of Quality Level

$100M

$50M

Arch. A:Custommany cache processors

Arch. B:ModifiedClient-Server

1 2 3 4 5

Response Time (sec)

Original Spec After Prototyping

25

The Nature of Quality: Participant Survey

Which figure best symbolizes quality improvement?

Holistic Approach

Lean Approach

Analytic Approach

Preoccupation with Booze and Sex

30

There is No Universal Quality-Value Metric

Different stakeholders rely on different value attributes– Protection: safety, security, privacy– Robustness: reliability, availability, survivability– Quality of Service: performance, accuracy, ease of use– Adaptability: evolvability, interoperability– Affordability: cost, schedule, reusability

Value attributes continue to tier down– Performance: response time, resource consumption (CPU,

memory, comm.) Value attributes are scenario-dependent

– 5 seconds normal response time; 2 seconds in crisis Value attributes often conflict

– Most often with performance and affordability

31

Overview of Stakeholder/Value Dependencies

AttributesStakeholders

**

*

** ** **

**

** **

**

**

**

***

*

*

**

* *

*

Prote

ction

Robus

tnes

s

Quality

of S

ervic

e

Adapt

abilit

y

Afford

abilit

y

Developers, AcquirersMission Controllers, Administrators

Info. ConsumersInfo. Brokers

Info. Suppliers, Dependents

Strength of direct dependency on value attribute

**- Critical ; *-Significant; blank-insignificant or indirect

32

Implications for Quality Engineering

There is no universal quality metric to optimize

Need to identify system’s success-critical stakeholders– And their quality priorities

Need to balance satisfaction of stakeholder dependencies– Stakeholder win-win negotiation

– Quality attribute tradeoff analysis

Need value-of-quality models, methods, and tools

33

Tradeoffs Among Cost, Schedule, and Reliability: COCOMO IIWant 10K hour MTBF within $5.5M, 20 months

0

1

2

3

4

5

6

7

8

9

0 10 20 30 40 50

Development Time (Months)

Co

st

($M

)

(VL, 1)

(L, 10)

(N, 300)

(H, 10K)

(VH, 300K)

-- Cost/Schedule/RELY:

“pick any two” points

(RELY, MTBF (hours))

•For 100-KSLOC set of features•Can “pick all three” with 77-KSLOC set of features

34

Agenda : Wednesday, Feb 14

8:15 – 10:00 am: Architecture Complexity and Quality Tradeoffs; Elliot Axelband (RAND), Chair– Overview, Issues and Approaches; Barry Boehm (USC)– From Dependable Architectures To Dependable Systems; Nenad Medvidovic (USC)– Architecture Tradeoff Analysis: Towards a Disciplined Approach to Balancing Quality Requirements;

Azad Madni (Intelligent Systems Technology)

10:00 – 10:30 am: Break

10:30 am – 12:30 pm: Requirements Volatility; George Friedman (USC), Chair– Process Synchronization and Stabilization; Rick Selby, Northrop Grumman– Disciplined Agility; Rich Turner (SSCI)– Using Anchor Point Milestones; Tom Schroeder, BAE Systems

12:30 – 1:30 pm: Lunch

1:30 – 3:30 pm Acquisition and Contracting Mismatches; Rick Selby (NGC), Chair– Acquisition Assessment Analyses; Kristen Baldwin (OSD/AT&T/S&SE)– Commercial Acquisition Practices; Stan Rifkin (Master Systems Inc.)– Space Program Acquisition: Systems Engineering & Programmatic Improvements; Marilee Wheaton

(Aerospace Corporation)

3:30 – 4:00 pm: Break

4:00 – 5:00 pm: General Discussion: Working Group Formation; Barry Boehm, Chair