Past Meetings
Past Meetings
2006-2007 Season
_________(in reverse chronological order)________
Click here for the Past Meetings Page
Title: Agile and Secure - Can We Be Both?
Dan Cornell
Principal of the Denim Group
Software development organizations find themselves being pulled in two directions. Agile software development methodologies such as eXtreme Programming and Scrum have allowed organizations to be more responsive to business concerns by involving the customer, increasing the pace of stable releases and decreasing the time required before new features are deployed. In addition, a more aggressive regulatory environment as well as an increased focus on security requires that organizations more reliably produce secure software applications. Traditional approaches to security and compliance are very top-down and document-centric, but these approaches often run counter to the spirit of agile software development methodologies.
This presentation examines the goals of both agility and security and discusses strategies for making the two compatible – or at least for minimizing the conflict between them. First, the fundamentals of secure software development are outlined to provide a baseline that any methodology – traditional or agile – must follow. The practices of agile development are examined from the viewpoint of providing security assurance. Potential modifications to those practices are discussed that provide an approach to creating the artifacts required for compliance and security assurance with a minimum of impact on the typically documentation-light agile development practices. Finally, the unavoidable conflicts between security and agility are discussed and recommendations are provided so that organizations can make the tough decisions appropriate to their environment in order to enforce the requisite amount of security while still remaining responsive to business concerns.
Our presenter has graciously granted us permission to place a copy of his slides on our web site. The slides are in Adobe Acrobat format and are available by clicking the file name SASPIN_Jun2007_Cornell.pdf , (282 Kb)
| Best viewed with the latest Acrobat Reader, which is version 7 or higher. If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 5 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. |
| With Netscape you may view, save or print the slides with Adobe Acrobat 5 or later. |
If you don’t already have the Acrobat Reader click on the image to the left to
download the latest version free.
______________________________________________________________________
Importance of Load and Performance testing for critical business successes.
Joseph Daiva
United Software Inc.
During the past 20 years, companies have turned to software to digitize work. Software applications have been used to drive huge efficiency and productivity gains and to provide a new medium for collaboration and information sharing in a global economy. Today, software applications – from e-mail to CRM to transaction processing – mean business.While software development technologies have changed and matured tremendously during this time period, the complexity of the modern applications has also exploded. Complexity directly correlates to more potential points of performance issues in a business process and hence more difficult to isolate the root cause of a problem. The presentation will cover the importance of load and performance testing for success of any critical business applications. Includes the overview of the online holiday experience, potential performance bottlenecks, definitions, benefits, ten step performance testing methodology for business successes, Importance of workflow modeling, risks, best practices, common tools and their market share, performance testing framework and real time case studies, analysis, interpretations and results impacting business decisions.
______________________________________________________________________
Leading Change
(Based on the book by the same name, authored by John P. Kotter, a professor emeritus at the Harvard Business School)
David Srulowitz
Quality Manager at Karta Technologies, Inc.
The presentation will cover why organizational process improvements typically fail, the differences between leadership and management, the 21st century business environment and its likely future, and 8-step process organizations are successfully using to implement significant organizational change to position themselves for the opportunities the future holds. Professor Kotter's ideas are very insightful and thought provoking. He explains a lot of the psychology and behaviors one typically sees during transformation and offers constructive ways of dealing with them that the audience can use! If you are brave, invite your boss to attend with you. It might just be what they need to hear! This is definitely information everyone can readily use in his or her organization.
Our presenter has graciously granted us permission to place a copy of her slides on our web site. The slides are in Adobe Acrobat format and are available by clicking the file name Saspin_Mar2007_Srulowitz.pdf , (282 Kb)
| Best viewed with the latest Acrobat Reader, which is version 7 or higher. If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 5 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. |
| With Netscape you may view, save or print the slides with Adobe Acrobat 5 or later. |
______________________________________________________________________
If you don’t already have the Acrobat Reader click on the image to the left to
download the latest version free.
November 29, 2006
CMMI v1.2: What Changed from CMMI v1.1?
David Srulowitz
Quality Manager at Karta Technologies, Inc.
The CMMI for Development, Version 1.2 (CMMI v1.2) was released for implementation on August 25, 2006 and is an upgrade of the CMMI-SE/SW/IPPD/SS, Version 1.1 (CMMI v1.1). The name has changed to reflect the model’s more comprehensive coverage of product development and a CMMI architecture update (inclusion of the CMMI "constellations" concept). A constellation is a set of CMMI components designed to meet the needs of a specific area of interest. A constellation can produce one or more related CMMI models and related appraisal and training materials. "CMMI for Development" is the first such constellation and represents the "Development" area of interest (Acquisitions and Services are two other constellations being written). Even though there are two models that comprise the CMMI for Development constellation (i.e. "CMMI for Development" and "CMMI for Development +IPPD"), and each has retained the Staged and Continuous representations introduced in the CMMI v1.1, the CMMI v1.2 is now described in one single document, just like the CMMI v1.1 book. The presentation will cover what changed in CMMI v1.2 from CMMI v1.1 and the presenter’s thoughts on what is important to know to ensure a smooth transition, including how to get a copy of the model, official SEI upgrade training, and the yet-to-be-published book.
______________________________________________________________________
Is there a Workforce Crisis on the Horizon
Palma Buttles-Valdez, Ph.D.
Software Engineering Institute
Our presenter has graciously granted us permission to place a copy of her slides on our web site. The slides are in Adobe Acrobat format and are available by clicking the file name Saspin_Sep2006_Buttles.pdf , (1437 Kb)
| Best viewed with the latest Acrobat Reader, which is version 7 or higher. If you are using Microsoft Internet Explorer 4 or later you must use Adobe Acrobat 5 or later to view and print the slides and if you wish to save the file you must have Internet Explorer 5 or later. |
| With Netscape you may view, save or print the slides with Adobe Acrobat 5 or later. |
If you don’t already have the Acrobat Reader click on the image to the left to
download the latest version free.
___________________________________
______________________________________________________________________
______________________________________________________________________