KEY: Data Driven Management and Technical Execution Best Practices
Mature data-driven best software project management and technical engineering practices are required to consistently achieve the goal of delivering high quality, safe, secure, and reliable systems on schedule and within budget.
The software project management processes and technical development processes must be documented, institutionalized and enforced. The software development plan must specify the steps, activities, roles and responsibilities, and required reviews and metrics that are used for both the initial system development (pre-IOC) and sustainment (post-IOC) efforts. This includes the set of required metrics and measures-of-success that will be utilized to proactively control cost, schedule, technical performance, quality, and risk for the current effort as well as facilitating analysis and continuous improvement for cost, schedule, technical, and quality performance of future efforts. At a minimum, each software development organization must collect, maintain, share and report on a frequent, regular and structured basis the quantitative and qualitative information to address all of the critical execution questions listed below:
- Are the expected system requirements stable and understood?
- Is the scope and size of the effort understood?
- Is the activity adequately staffed?
- Is the activity making the required progress?
- Is the activity being executed within budget?
- Is the activity meeting technical performance, assurance, and quality goals?
- Is the activity formally successfully identifying and mitigating risks?
- Is the activity continually improving efficiency and effectiveness?
Continuous improvement requires the software teams to maintain awareness of and apply emergent best practices which include tools, techniques, methods, technologies, etc. For example, a few proven best sw engineering technical practices include:
- User Centered and Model-based system and software engineering.
- Documented traceability between requirements, design, code and test artifacts.
- Multi-Discipline-expert peer reviews of artifacts (specifications, code, tests, etc.).
- Build-a-Little Test-a-Little (Rapid prototyping, Agile development, etc.).
- Automated testing (at CSCI level) and simulators for go/fault/stress testing.
- Tracking defect detection and removal in each development phase.
- Regular causal analysis of defects to improve earlier detection and removal.
Project teams must take the time to formally and regularly assess their cost, schedule, technical, quality and risk management performance trends and then identify and track to closure the associated specific process improvement actions.
Software assurance (quality AND resiliency against cyber vulnerabilities) must be engineered-in throughout all development activities. This entails much more than applying the latest COTS security patches prior to delivery. SW assurance requirements must be defined, the software design must not only defend against cyber intrusions, but also be resilient enough to detect and complete mission critical functions after intrusion; coders must be trained on and apply secure coding techniques; multiple tools must be integrated into all activities to identify and remove vulnerabilities as early as possible; and all testing phases should include penetration testing.