The Missing Metrics of DevOps

DevOps , DevOps Tips No Comments »

By Tim Palko
Senior Member of the Technical Staff
CERT Cyber Security Solutions Division

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Tim PalkoSome say that DevOps is a method; others say it is a movement, a philosophy, or even a strategy. There are many ways to define DevOps, but everybody agrees on its basic goal: to bring together development and operations to reduce risk, liability, and time-to-market, while increasing operational awareness. Long before DevOps was a word, though, its growth could be tracked in the automation tooling, culture shifts, and iterative development models (such as Agile) that have been emerging since the early 1970s. While its community-driven evolution has given DevOps strength by infusing it with ideas from many corners of the software development world, it has also hindered the movement by not providing the community with a central set of operational guidelines.

Read more...

Applying the 12 Agile Principles in the Department of Defense

Agile 1 Comment »

By Suzanne Miller
Principal Researcher
Software Solutions Division

Suzanne MillerIn 2010, the Office of Management and Budget (OMB) issued a 25-point plan to reform IT that called on federal agencies to employ “shorter delivery time frames, an approach consistent with Agile” when developing or acquiring IT. OMB data suggested Agile practices could help federal agencies and other organizations design and acquire software more effectively, but agencies needed to understand the risks involved in adopting these practices. Two years later, OMB directed agencies to consider Agile development in its 2012 contracting guidance. As organizations work to become more agile, they can employ the 12 principles outlined in the Agile Manifesto to assess progress. I work with a team of researchers at the SEI who explore the barriers and enablers to applying Agile in government settings. We have found that each of these principles plays out differently in the federal landscape. While some principles are a natural fit, others are harder to implement. This blog post introduces a series of discussions recorded as podcasts about the application (and challenges) of the 12 Agile principles across the Department of Defense (DoD).

Read more...

Resilience, Model-Driven Engineering, Software Quality, and Android App Analysis – The Latest Research from the SEI

Android , Resilience Management Model (RMM) , Secure Coding No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtAs part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in governing operational resilience, model-driven engineering, software quality, Android app analysis, software architecture, and emerging technologies. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

DevOps in Government: Where To Start?

DevOps , DevOps Tips No Comments »

By Hasan Yasar
Technical Manager
Cyber Engineering Solutions Group

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Hasan YasarThe federal government continues to search for better ways to leverage the latest technology trends and increase efficiency of developing and acquiring new products or obtaining services under constrained budgets. DevOps is gaining more traction in many federal organizations, such as U.S. Citizenship and Immigration Services (USCIS), the Environmental Protection Agency (EPA), and the General Services Administration (GSA). These and other government agencies face challenges, however, when implementing DevOps with Agile methods and employing DevOps practices in every phase of the project lifecycle, including acquisition, development, testing, and deployment. A common mistake when implementing DevOps is trying to buy a finished product or an automated toolset, rather than considering its methods and the critical elements required for successful adoption within the organization. As described in previous posts on this blog, DevOps is an extension of Agile methods that requires all the knowledge and skills necessary to take a project from inception through sustainment and also contain project stakeholders within a dedicated team.

Read more...

Model Driven Engineering: Automatic Code Generation and Beyond

Acquisition , Architecture , Architecture Analysis & Design Language (AADL) , Model-Based Engineering 2 Comments »

By John Klein,
Senior Member of the Technical Staff
Software Solutions Division

John KleinAcquisition executives in domains ranging from modernizing legacy business systems to developing real-time communications systems often face the following challenge:

Vendors claim that model-driven engineering (MDE) tools enable developers to generate software code automatically and achieve extremely high developer productivity.

Are these claims true? The simple answer might be, “Yes, the state of the practice can achieve productivity rates of thousands of function points and millions of lines of code per person-month using MDE tools for automatic code generation.” The complicated reality is that MDE consists of more than code generation tools; it is a software engineering approach that can impact the entire lifecycle from requirements gathering through sustainment. While one can make broad generalizations about these methods and tools, it is more useful to consider them in the context of a particular system acquisition. Aligning MDE methods and tool capabilities with the system acquisition strategy can improve system quality, reduce time to field, and reduce sustainment cost. On the other hand, when MDE methods and tools do not align with the acquisition strategy, using them can result in increased risk and cost in development and sustainment. This blog post highlights the application of MDE tools for automatic code generation (in the context of the full system lifecycle, from concept development through sustainment) and also provides a template that acquirers can use to collect information from MDE tool vendors.

Read more...