Software Acquisition BEST PRACTICES Part 2 Lesson 3

Framework + Tools + Data + People These ingredients comprise a formal methodology for software acquisition practices.

Definition of Terms  Framework  A framework, or software framework, is a platform for developing software applications.  It provides a foundation on which software developers can build programs for a specific platform.  For example, a framework may include predefined classes and functions that can be used to process input, manage hardware devices, and interact with system software.  This streamlines the development process since programmers don't need to reinvent the wheel each time they develop a new application.  Read more -

Definition of Terms  TOOLS  A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications.  The term usually refers to relatively simple programs, that can be combined together to accomplish a task, much as one might use multiple hand tools to fix a physical object.  The ability to use a variety of tools productively is one hallmark of a skilled software engineer.

TOOLS used in Software Development  TOMCAT  Apache Tomcat™ implements several Java EE specifications including Java Servlet, JavaServer Pages (JSP), Java EL, and WebSocket, and provides a "pure Java" HTTP web server environment for Java code to run in.  is a light-weight web container used for deploying and running web application based on Java 

SVN  SVN  Apache Subversion which is often abbreviated as SVN, is a software versioning and revision control system distributed under an open source license.

Jenkins & Sonar  JENKINS  Is a cross-platform, continuous integration and continuous delivery application that increases your productivity.  Use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for users to obtain a fresh build.  It also allows you to continuously deliver your software by providing powerful ways to define your build pipelines and integrating with a large number of testing and deployment technologies.  SONAR  is "a tool for managing code quality." It focuses on analyzing code.  SONARQUBE – is an open platform to manage code quality

 APACHE MAVEN  is a build automation tool used primarily for Java projects.  Maven addresses two aspects of building software:  1. It describes how software is built, and  2. It describes its dependencies.  SSH  sometimes known as Secure Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a remote computer.  It is widely used by network administrators to control Web and other kinds of servers remotely.

 JUNIT  is an open source framework designed for the purpose of writing and running tests in the Java programming language.  has been important in the development of test-driven development, and is one of a family of unit testing frameworks which is collectively known as xUnit that originated with SUnit.  PRIMEFACES  is a component suite open source User Interface (UI) component library for JavaServer Faces (JSF) based applications.  PrimeUI is a pure CSS-JS library designed to work with any server side and client side technology. PrimeUI is an offspring project of the mighty PrimeFaces.  www. primefaces.org/

Definition of Terms  Data  is information that has been translated into a form that is more convenient to move or process  People

Best Software Acquisition Practices  There are a number of policies, requirements, standards, frameworks, and process improvement initiatives that specifically address best software acquisition practices.  Generally speaking, the five most important standards are the following:  ISO/IEC 14598—Software Product Evaluation  IEEE —Recommended Practice for Software Acquisition  Control Objectives for Information and Related Technology (COBIT)  Capability Maturity Model Integration for Acquisition (CMMI- ACQ)  Information Technology Infrastructure Library (ITIL)

What is a STANDARD?  A standard is a document, established by consensus and approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context.

ISO/IEC 14598—Software Product Evaluation  The ISO/IEC series of standards give methods for measurement, assessment and evaluation of software product quality.  They describe neither methods for evaluating software production processes nor methods for cost prediction (software product quality measurements may, of course, be used for both these purposes).

International Organization for Standardization  is an independent, non- governmental organization, the members of which are the standards organization of the 164 member countries.  It is the world's largest developer of voluntary international standards and facilitates world trade by providing common standards between nations.  Nearly twenty thousand standards have been set covering everything from manufactured products and technology to food safety, agriculture and healthcare.  Use of the standards aids in the creation of products and services that are safe, reliable and of good quality.  The standards help businesses increase productivity while minimizing errors and waste. By enabling products from different markets to be directly compared, they facilitate companies in entering new markets and assist in the development of global trade on a fair basis.  The standards also serve to safeguard consumers and the end-users of products and services, ensuring that certified products conform to the minimum standards set internationally.

International Electrotechnical Commission  The IEC is one of the bodies recognized by the World Trade Organization (WTO).  Entrusted by it for monitoring the national and regional organizations agreeing to use the IEC's international standards as the basis for national or regional standards as part of the WTO's Technical Barriers to Trade Agreement.

Best-practice components of ISO/IEC software acquisition practices:  Evaluation process  Establish evaluation requirements  Establish the purpose of evaluation  Identify types of product(s) to be evaluated  Specify quality model  Specification of the evaluation  Select metrics  Establish rating levels for metrics  Establish criteria for assessment  Design of the evaluation  Produce evaluation plan  Execution of the evaluation  Take measures  Compare with criteria  Assess results

Institute of Electrical and Electronics Engineers  IEEE, an association dedicated to advancing innovation and technological excellence for the benefit of humanity, is the world’s largest technical professional society.  It is designed to serve professionals involved in all aspects of the electrical, electronic, and computing fields and related areas of science and technology that underlie modern civilization.  IEEE is a set of useful quality practices that can be selected and applied during one or more steps in a software acquisition process is described.  This recommended practice can be applied to software that runs on any computer system regardless of the size, complexity, or criticality of the software, but is more suited for use on modified-off-the-shelf software and fully developed software.

Selected IEEE components of software acquisition practices: Software acquisition process 1. Planning organizational strategy 2. Implementing organization's process 3. Defining the software requirements 4. Identifying potential suppliers 5. Preparing contract requirements 6. Evaluating proposals and selecting supplier 7. Managing for supplier performance 8. Accepting the software 9. Using the software

COBIT  COBIT is a framework and supporting tool set that allow managers to bridge the gap with respect to control requirements, technical issues and business risks, and communicate that level of control to stakeholders.  COBIT enables the development of clear policies and good practice for IT control throughout enterprises  COBIT has become the integrator for IT good practices and the umbrella framework for IT governance that helps in understanding and managing the risks and benefits associated with IT.

Information Technology Infrastructure Library  ITIL is the most widely accepted approach to IT service management in the world. ITIL can help individuals and organizations use IT to realize business change, transformation and growth.  ITIL does not contain a software acquisition practices module as such.  For software acquisition practices, it is preferable to refer the frameworks mentioned.