button_present_small.jpg (5221 bytes) button_future_small.jpg (5652 bytes)Past Meetings

2003-2004 Season

_________(in reverse chronological order)________

Click here for the Past Meetings Page

______________________________________________________________________

June 9, 2004

Application Security and the SDLC

Presented by

Dan Cornell

Denim Group, Ltd.

 

Due to the rise in popularity of Internet-facing custom web software applications application-level security is a growing area of focus in both the application development and information security fields. The variety of deployment options for custom applications (Internet, Extranet, Intranet, etc) requires that organizations extend their defense-in-depth strategies to the application level. Moving beyond the infrastructure focus of traditional information security practices, application level security involves auditing the code and databases used in custom-developed applications to ensure they behave as expected and provide appropriate controls so that applications continue to function and are safe from disclosing or altering information in an unauthorized manner regardless of attempts to subvert the application logic.

The presentation first provides an overview of application-level security and explores the differences between application level security and traditional information security. By analyzing the cultural differences between application development and security organizations, the presentation spotlights issues bound to surface when information security concerns are applied to software development processes. Given this background, the presentation then steps through a traditional waterfall software development process and examines changes and additions that can be made to more fully integrate application-level security concerns into the development process.

Although application-level security is a highly technical discipline, this presentation covers the technological aspects only to the degree needed to provide sufficient background. The true focus is on the organizational and process issues software development organizations are likely to face when coming to grips with the implications of the burgeoning area of application security.

You can contact Dan Cornell, Denim Group, at http://www.denimgroup.com .

Our presenter has graciously granted us permission to place a copy of his slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_June2004_Cornell.pdf   (502 Kb).   Also attached are copies of John Dickson's Jumpstart documents, the first is for developers (33 Kb) and the second is for information security (32 Kb) professionals.

 

Best viewed with the latest Acrobat Reader, which is version 6 or higher.  If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

______________________________________________________________________

May 12, 2004

CMMI for Small Businesses

Presented by

Nat Guadagnino, PMP

OnBoard Software

 

The CMMI- Continuous Representation offers small business a method to improve the way they do business and implement process improvement in manageable increments.

This presentation discusses how the Continuous Representation of the CMMI lends itself to being implemented where human resources are always over-stretched and money is always tight. I expect that nicely describes most small businesses, but I also include small departments that are independently set up as profit centers. Process improvement using the CMMI framework does not have to exhaust a company in both people and money terms. When the company or department is small and resource limited, being able to reduce the scope of the implementation to manageable size can make the difference in deciding to do CMMI or not. A major objective of the SEI has been to promote and foster process improvement throughout industry. By offering the Continuous Representation they have removed formidable obstacles from this goal for small businesses.

With an orientation toward small business, we will show how to:

  1. Select the process areas that will satisfy business objectives in a priority, phased sequence.

  2. Use a ‘Balanced Minimalization’ approach to give the quickest and most worthwhile ROI.

  3. Prepare a phased project plan that fully utilizes the benefits of the CMMI – Continuous Representation. (meeting CMMI level 5 project requirements).

  4. Determine skills needed to accomplish the tasks required for the Continuous Representation, phased approach.

  5. Figure out why it is easier for a small business to go straight to Level 5 in many practice areas.

  6. Find free support, tools, templates and other implementation aids on the web.

  7. Show staff how CMMI Goals translate into policies and how CMMI Best Practices translate into Procedures, Work Instructions, Guidelines and Standards.

  8. Determine how far you can go with ‘bragging rights’ with certifications based on the Continuous Representation.

The expected outcome of this presentation is to convince attendees to make the commitment to implement CMMI – Continuous Representation and to ease the way by laying out some steps that can help.

You can contact Nat Guadagnino, PMP, at http://www.onboard-software.com

Our presenter has graciously granted us permission to place a copy of his slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_May2004_Guadagnino.pdf   (427 Kb). 

 

Best viewed with the latest Acrobat Reader, which is version 6 or higher.  If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

 

______________________________________________________________________

April 14, 2004

Overview of the Process Maturity Model (PMM)

Presented by

Dr. Bill Curtis

TeraQuest

 

Bill Curtis and Charlie Weber have worked with Nedbank, Ltd. in South Africa to develop a maturity model for application to the transaction-based service operations of a bank.  In developing this model they have taken the CMM to non-project-based business processes, making CMM-based improvement ideas available to all business processes. 

 The Process Maturity Model was carefully designed to integrate with an improvement program using CMMI in Nedbank's application development division.  The PMM is now also being applied to business processes in a healthcare company and a semiconductor equipment supplier.  This talk will present the model, lessons learned in implementing an SO-MM improvement program, and the benefits achieved.

You can contact Dr. Bill Curtis at http://www.teraquest.com .

Our presenter has graciously granted us permission to place a copy of his slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_Apr2004_Curtis.pdf   (434 Kb). 

 

If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

______________________________________________________________________

March 10, 2004

Evaluating and Managing Software Requirement Risk

Presented by

Pat Clair

Institute Quality Systems, Southwest Research Institute

 

Pat Clair gave an excellent presentation on how successful completion of software development projects requires implementation of many separate and distinctly identifiable phases.  Of these identifiable phases, the front-end or conceptual phase should provide a means of understanding risks associated with a project.  Effective characterization of customers’ requirements and/or vendors’ ability to deliver is key to project success.

You can contact Pat Clair at pclair@swri.org .

Our presenter has graciously granted us permission to place a copy of his slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_Mar2004_Clair.pdf   (373 Kb) and a handout Saspin_Mar2004_Clair_handout.pdf (245 Kb). 

 

If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

______________________________________________________________________

February 11, 2004

The People-Side of PSP

Presented by

Steven Teleki and Dan Massey

Y&L Consulting, Inc.

 

Steven Teleki and Dan Massey have an excellent presentation on how Yash & Lujan Consulting, Inc. has adopted Feature Driven Development and has been successfully delivering software projects to enterprise customers. Early June 2003 we decided to introduce PSP into the Software Development Center to teach each engineer how to understand, measure, and improve his or her software development performance. We are a project-oriented software development organization. During June we had a short gap between projects, and decided to use that opportunity to start the PSP training. We got through to 6A/R4 when the team had to start on a new project. The effects of the training started to manifest themselves even after only getting through to 6A. Our developers started to understand the nuances of their performance that previously were hidden from them. These included: the satisfaction and results from individual planning and estimation, defect tracking and defect management, the feeling of moving forward, and the measurable results of progress. Additional effects noted: individual ownership of the results, improved teamwork, and personal responsibility for the team success. We are probably not alone with these results, but we feel that it is important to mention these "people-related" aspects of PSP, because we think that most organizations ignore the people side and as a result the PSP is incorrectly perceived as an imposed process, rather then an internally driven desire for outstanding results.

You can contact Steven Teleki and Dan Massey at (210) 340-0098, fax (210) 340-2191, http://www.ylconsulting.com , Steven.Teleki@YLconsulting.com and Dan.Massey@YLconsulting.com .

Our presenters have graciously granted us permission to place a copy of their slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_Feb2004_Teleki_Massey.pdf   (552 Kb). 

 

If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

______________________________________________________________________

January 14, 2004

Self-Managed Software Development

Presented by

Diana Mekelburg

Extreme Project Management

 

“Self-Managed Projects” explains the collaborative methods and models that complex, high-concept projects have used be outstanding successes. This workshop helps the participants assess and incorporate the participation of developers, business partners, and other stakeholders in the management of software projects. Participants analyze their own organizations’ readiness for self-managed projects and identify next steps in establishing self-managed projects Most activities in software development are controlled by the developer and/or business partners, rather than by a central project manager, especially in iterative lifecycles, such as agile development or extreme programming. Many of the methods traditionally used by project managers do not work effectively in the diverse, self-managed environment. Methods are effective when they coordinate the critical project tasks and are understood and accepted by project participants, especially by critical-resource specialists. After a period of rapid growth, the project management profession is now experiencing a credibility crisis in the software industry. Executives are asking, “We invested a lot of money in the PMO and a pool of certified project managers. Why haven’t they fixed our development problems?” This workshop answers that question and proposes the same remedy that forward thinking development shops have applied successfully to their most difficult projects. In this workshop, the “Self-Managed Project” model is explained in terms of it composition, responsibilities, and activities. The revised role of the project manager in a “Self-Managed Project” is described. The seven key principles and supporting practices of a “Self-Managed Project” are explained. Not all projects are good candidates for self management. Participants will analyze their own projects to determine the benefits and barriers of self-management for each project. They will also identify the support that their organizations must supply to make “Self-Managed Projects” successful.

 

Our presenter has graciously granted us permission to place a copy  of her slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_Jan2004_Mekelburg   (265 Kb). 

 

 

If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

 

______________________________________________________________________

November 12, 2003 

Managing the Crucial Critical Computer Resources in Software Development Projects:  What, How, Why

Presented by

Jorge Boria

Liveware

 

The Capability Maturity Model (CMM) of the Software Engineering Institute has become a de-facto standard for the planning and managing of computer software projects. One of the practices it advocates and that is the least understood is the estimation and tracking of critical computer resources. This practice is linked to a repeated failure factor in software products: poor performance. Performance is one of the “-ilities” that is so hard to retrofit when late in a project. It is usually designed in but not tracked until it is too late to make changes. Projects resort to “adding hardware” that in itself is not always a good solution. Instead, the CMM suggests linking performance goals to design elements and tracking them throughout the development process. This presentation tells you why it is important to do it, what to measure and how to measure it.

 

You can contact Jorge Boria at jboria@liveware.com or http://www.liveware.com

 

Our presenter has graciously granted us permission to place a copy  of his slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_Nov2003_Boria.pdf   (123 Kb). 

 

Note:  CMMI, CMM Integration, and SCAMPI are service marks of Carnegie Mellon University.

Capability Maturity Model and CMM are registered in the U.S. Patent & Trademark Office. 

 

If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

______________________________________________________________________

 

October 1, 2003 

Capability Maturity Model Integration (CMMISM)

Presented by

Dr. Cecil Martin

Martin Process Solutions, Inc.

 

CMMI is the latest version of the SEI Capability Maturity Models and will replace the SW-CMM, SE-CMM, and SA-CMM models. CMMI is a SEI required course for those individuals seeking to become a SEI Authorized Lead Assessor or serve as an assessment team member. MPSI is a transition partner of the Software Engineering Institute (SEI) and is authorized to teach this 3-day course and issue a SEI Certificate of Completion. This presentation is a high level overview of the model.

Description: This presentation introduces participants to the continuous representation of the CMMISM for Systems Engineering/Software Engineering and Integrated Product and Process Development. The discussion format combines presentations, discussions, and exercises. The CMMISM is the maturity model which will replace the Software Engineering CMM®, the Systems Engineering CMM, the Integrated Product Development CMM and the Software Acquisition CMM.

Topics Covered:

Intended Audience: Anyone (Systems and Software Engineers, Managers, Project and Program Managers, Process Action Team members, Process Engineers, and Assessment and Evaluation Professionals, etc.) responsible for developing and maintaining automated solutions to business problems. It is also very valuable to anyone responsible for developing and maintaining the processes used in software development and maintenance.

© 2002 Martin Process Solutions, Inc. All rights reserved.         

You can contact Dr. Cecil Martin at (512) 257-9612, http://www.martinpsi.com/, or cesemartin@martinpsi.com

 

Our presenter has graciously granted us permission to place a copy  of his slides on our web site.   The slides are in Adobe Acrobat format and are available by clicking the file name  Saspin_Oct2003_Martin.pdf  (190 Kb). 

 

Note:  CMMI, CMM Integration, and SCAMPI are service marks of Carnegie Mellon University.

Capability Maturity Model and CMM are registered in the U.S. Patent & Trademark Office. 

 

If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 3.01 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. 
With Netscape 3 or later you may view, save or print the slides with Adobe Acrobat 3 or later.

  If you don’t already have the Acrobat Reader click on the image to the left to download the latest version free.

______________________________________________________________________

Click here for the Past Meetings Page

______________________________________________________________________


Last revised: June 15, 2004