Updating and maintaining legacy systems creates significant challenges for software developers. M... more Updating and maintaining legacy systems creates significant challenges for software developers. Modifying legacy applications can be a time-consuming process which is fraught with architectural and code minefields. In many instances, the same developers, because of their specialist knowledge, and the same processes have been used to improve these systems over an extended period of time. Introducing new practices into such an environment presents problems, on both the human and the technological level. This paper reports on the experience of implementing a scaled-down version of eXtreme Programming (XP) into a small manufacturing company. How the difficulties, in creating the climate for such an implementation, were overcome, and the resulting benefits of the experiment are reported on. Finally, the conclusions and lessons learned offer support and advice to others who may also be considering such an approach.
This paper presents work for the development of a framework to assure the security of networked m... more This paper presents work for the development of a framework to assure the security of networked medical devices being incorporated. The paper focuses on one component of the framework, which addresses system development processes, and the assurance of these through the use of a Process Assessment Model with a major focus on the security risk management process. With the inclusion of a set of specific security controls and assurance processes, the purpose is to increase awareness of security vulnerabilities, risks and controls among Medical Device Manufacturers with the aim of increasing the overall security capability of medical devices.
Communications in computer and information science, 2013
The recent introduction of networked medical devices has posed many benefits for both the healthc... more The recent introduction of networked medical devices has posed many benefits for both the healthcare industry and improved patient care. However, because of the complexity of these devices, in particular the advanced communication ability of these devices, security is becoming an increasing concern. This paper presents work to develop a framework to assure the security of medical devices being incorporated into an IT network. It begins by looking at the development processes and the assurance of these through the use of a Process Assessment Model with a major focus on the security risk management processes. With the inclusion of a set of specific security controls, both the Healthcare Delivery Organisations and the Medical Device Manufacturers work together to establish fundamental security requirements. The Medical Device Manufacturer reports the achieved security assurance level of their device through the development of a security assurance case. The purpose of this approach is to increase awareness of security vulnerabilities, risks and controls among Medical Device Manufacturers and Healthcare Delivery Organisations with the aim of increasing the overall security capability of medical devices.
In adopting a software process model, many small software companies are ignoring standard process... more In adopting a software process model, many small software companies are ignoring standard process models and models for process improvement. This study uses an empirical approach to investigate what processes software companies are using on a day-today basis and examines why these companies are rejecting "best practice" approaches.
Teaching and learning software project management concepts using traditional plan-driven approach... more Teaching and learning software project management concepts using traditional plan-driven approaches to software development can be difficult. It is often necessary to define a waterfall style plan and follow this throughout a full development project. Students rarely have an opportunity to practice management activities. However, with agile approaches to software development the expectation is that a project plan will evolve, in response to change, while development progresses. This poster presents an overview of the Extreme Programming (XP) approach to project planning and observations and feedback from a project conducted by degree students.
This paper describes the development of 'Adept', a low-overhead method of software process apprai... more This paper describes the development of 'Adept', a low-overhead method of software process appraisal specifically targeted at Irish software small-to-medium-sized enterprises (SMEs). The method explicitly focuses on organisations that have little or no experience of software process improvement (SPI) programmes. Historically, it has been difficult for software SMEs to find the resources, in both time and money, necessary to engage properly in SPI. To alleviate this, we have created a low-overhead and relatively non-invasive solution to support SMEs in establishing process improvement initiatives. The paper initially describes how Adept was developed and then illustrates how the method is currently being extended to include an on-line tool that may be used by the appraised organization to perform follow-on self-assessments.
Starting in January, IEEE Design & Test of Computers will publish six issues a year instead of fo... more Starting in January, IEEE Design & Test of Computers will publish six issues a year instead of four. Look for the January-February 2001 issue on defect-oriented diagnosis for very deep submicron systems.
Faced with challenges in relation to interpretation of requirements, issues with build and deploy... more Faced with challenges in relation to interpretation of requirements, issues with build and deployment and excessive integration defects, this paper examines how a software team propose using a novel combination of Covey's 'First Things First' principle and Cockburn's Methodology Shaping, as a potential solution to examine their current process and define a new set of working conventions which will address these issues.
Updating and maintaining legacy systems creates significant challenges for software developers. M... more Updating and maintaining legacy systems creates significant challenges for software developers. Modifying legacy applications can be a time-consuming process, which is fraught with architectural and code minefields. In many instances, the same developers, because of their specialist knowledge, and the same processes, have been used to improve these systems over an extended period of time. Introducing new practices into such an environment presents problems, on both the human and the technological level. This article reports on the experience of implementing a scaled-down version of eXtreme Programming (XP) in a small manufacturing company. How the difficulties in creating the climate for such an implementation were overcome, and the resulting benefits of the experiment, are reported here. Finally, the conclusions and lessons learned offer support and advice to others who may also be considering such an approach.
This paper outlines how the goals, practices and capability levels for the configuration manageme... more This paper outlines how the goals, practices and capability levels for the configuration management (CM) process area within a software process improvement (SPI) framework have been developed. This framework addresses an opportunity to integrate the regulatory issues and SPI mechanisms so as to achieve improvements that are critical to the development of software for medical devices [1]. Software is becoming an increasingly important aspect of medical devices and medical device regulation. Medical devices can only be marketed if compliance and approval from the appropriate regulatory bodies of the Food and Drug Administration (FDA) [2] (US requirement), and the European Commission under its Medical Device Directives (MDD) [3] (CE marking requirement) is achieved. Integrated into the design process of medical devices, is the requirement of the production and maintenance of a device technical file, incorporating a design history file. Design history illustrates the well documented, defined and controlled processes and outputs, undertaken in the development of medical devices and for our particular consideration with this frameworkthe software components.
Faced with challenges in relation to interpretation of requirements, issues with build and deploy... more Faced with challenges in relation to interpretation of requirements, issues with build and deployment and excessive integration defects, this paper examines how a software team propose using a novel combination of Covey's 'First Things First' principle and Cockburn's Methodology Shaping, as a potential solution to examine their current process and define a new set of working conventions which will address these issues.
In this paper we describe the implementation of an assessment method that was developed to assess... more In this paper we describe the implementation of an assessment method that was developed to assess software processes within small to medium-sized Irish software organisations that have little or no experience of software process improvement (SPI) programmes. We discuss the actual overheads associated with performing software process assessments based upon our experiences of performing assessments in three small to medium sized (SMEs) software development companies.
This paper compares and contrasts the results of two similar studies into the software process pr... more This paper compares and contrasts the results of two similar studies into the software process practices in Irish Small and Very Small Enterprises. The first study contains rich findings in relation to the role and influence of managerial experience and style, with particular respect to the company founder and software development managers in small to medium seized enterprises (SMEs), whilst the second study contains extensive findings in relation to people and management involvement / commitment and SPI goal planning in very small enterprises (VSEs). By combining these results of these two studies of Irish SMEs/VSEs we can develop a rich picture of managerial commitment towards SPI and in particular explore the similarities between Small and Very Small Enterprises
Software Engineering and Knowledge Engineering, Jul 1, 2006
A clear and realistic release plan is central to the strategic planning activities of the firm de... more A clear and realistic release plan is central to the strategic planning activities of the firm developing the software. This paper supports existing agile methods by developing a novel but relatively simple statistical methodology to predict the real time to develop selected functionality. In so doing it provides the product owner with a decision support mechanism to determine the likelihood of completing releases on time for any combination of stories. In this way it is consistent with the best Extreme Programming (XP) practice of selecting stories of two types for a quarterly release, ones that are key and must be delivered and ones that are considered as "Slack" and that can be developed if time permits. A case study is used to explain the proposed methodology.
Software Process: Improvement and Practice, Sep 1, 2008
There is often a misconception that adopting and tailoring agile methods is straightforward resul... more There is often a misconception that adopting and tailoring agile methods is straightforward resulting in improved products and increasingly satisfied customers. However, the empirical nature of agile methods means that potential practitioners need to carefully assess whether they are exposed to the risks that can make agile method adoption problematic. This is particularly the case with small software companies who are less able to absorb the impact of failed experimentation. This study describes a minimally intrusive assessment approach for small software companies preparing for agile method adoption and tailoring in the light of key risks. The approach has been conducted with six small software companies, three of which are presented to show the evolution of the approach, describe the resource commitment that companies have to make, and highlight the type of information generated from an assessment. The contribution of this study is that small software companies have an alternative to 'mere experimentation' with agile methods and can take reasoned steps towards their adoption and tailoring.
Agile software development has steadily gained momentum and acceptability as a viable approach to... more Agile software development has steadily gained momentum and acceptability as a viable approach to software development. As software development continues to take advantage of the global market, agile methods are also being attempted in geographically distributed settings. In this paper, the authors discuss the usefulness of published research on agile global software development for the practitioner. It is contended that such published work is of minimal value to the practitioner and does not add anything to the guidance available before the existence of current agile methods. A survey of agile GSD related publications, from XP/Agile conferences between 2001 and 2005, is used to support this claim. The paper ends with a number of proposals which aim to improve the usefulness of future agile GSD research and experience.
Updating and maintaining legacy systems creates significant challenges for software developers. M... more Updating and maintaining legacy systems creates significant challenges for software developers. Modifying legacy applications can be a time-consuming process which is fraught with architectural and code minefields. In many instances, the same developers, because of their specialist knowledge, and the same processes have been used to improve these systems over an extended period of time. Introducing new practices into such an environment presents problems, on both the human and the technological level. This paper reports on the experience of implementing a scaled-down version of eXtreme Programming (XP) into a small manufacturing company. How the difficulties, in creating the climate for such an implementation, were overcome, and the resulting benefits of the experiment are reported on. Finally, the conclusions and lessons learned offer support and advice to others who may also be considering such an approach.
This paper presents work for the development of a framework to assure the security of networked m... more This paper presents work for the development of a framework to assure the security of networked medical devices being incorporated. The paper focuses on one component of the framework, which addresses system development processes, and the assurance of these through the use of a Process Assessment Model with a major focus on the security risk management process. With the inclusion of a set of specific security controls and assurance processes, the purpose is to increase awareness of security vulnerabilities, risks and controls among Medical Device Manufacturers with the aim of increasing the overall security capability of medical devices.
Communications in computer and information science, 2013
The recent introduction of networked medical devices has posed many benefits for both the healthc... more The recent introduction of networked medical devices has posed many benefits for both the healthcare industry and improved patient care. However, because of the complexity of these devices, in particular the advanced communication ability of these devices, security is becoming an increasing concern. This paper presents work to develop a framework to assure the security of medical devices being incorporated into an IT network. It begins by looking at the development processes and the assurance of these through the use of a Process Assessment Model with a major focus on the security risk management processes. With the inclusion of a set of specific security controls, both the Healthcare Delivery Organisations and the Medical Device Manufacturers work together to establish fundamental security requirements. The Medical Device Manufacturer reports the achieved security assurance level of their device through the development of a security assurance case. The purpose of this approach is to increase awareness of security vulnerabilities, risks and controls among Medical Device Manufacturers and Healthcare Delivery Organisations with the aim of increasing the overall security capability of medical devices.
In adopting a software process model, many small software companies are ignoring standard process... more In adopting a software process model, many small software companies are ignoring standard process models and models for process improvement. This study uses an empirical approach to investigate what processes software companies are using on a day-today basis and examines why these companies are rejecting "best practice" approaches.
Teaching and learning software project management concepts using traditional plan-driven approach... more Teaching and learning software project management concepts using traditional plan-driven approaches to software development can be difficult. It is often necessary to define a waterfall style plan and follow this throughout a full development project. Students rarely have an opportunity to practice management activities. However, with agile approaches to software development the expectation is that a project plan will evolve, in response to change, while development progresses. This poster presents an overview of the Extreme Programming (XP) approach to project planning and observations and feedback from a project conducted by degree students.
This paper describes the development of 'Adept', a low-overhead method of software process apprai... more This paper describes the development of 'Adept', a low-overhead method of software process appraisal specifically targeted at Irish software small-to-medium-sized enterprises (SMEs). The method explicitly focuses on organisations that have little or no experience of software process improvement (SPI) programmes. Historically, it has been difficult for software SMEs to find the resources, in both time and money, necessary to engage properly in SPI. To alleviate this, we have created a low-overhead and relatively non-invasive solution to support SMEs in establishing process improvement initiatives. The paper initially describes how Adept was developed and then illustrates how the method is currently being extended to include an on-line tool that may be used by the appraised organization to perform follow-on self-assessments.
Starting in January, IEEE Design & Test of Computers will publish six issues a year instead of fo... more Starting in January, IEEE Design & Test of Computers will publish six issues a year instead of four. Look for the January-February 2001 issue on defect-oriented diagnosis for very deep submicron systems.
Faced with challenges in relation to interpretation of requirements, issues with build and deploy... more Faced with challenges in relation to interpretation of requirements, issues with build and deployment and excessive integration defects, this paper examines how a software team propose using a novel combination of Covey's 'First Things First' principle and Cockburn's Methodology Shaping, as a potential solution to examine their current process and define a new set of working conventions which will address these issues.
Updating and maintaining legacy systems creates significant challenges for software developers. M... more Updating and maintaining legacy systems creates significant challenges for software developers. Modifying legacy applications can be a time-consuming process, which is fraught with architectural and code minefields. In many instances, the same developers, because of their specialist knowledge, and the same processes, have been used to improve these systems over an extended period of time. Introducing new practices into such an environment presents problems, on both the human and the technological level. This article reports on the experience of implementing a scaled-down version of eXtreme Programming (XP) in a small manufacturing company. How the difficulties in creating the climate for such an implementation were overcome, and the resulting benefits of the experiment, are reported here. Finally, the conclusions and lessons learned offer support and advice to others who may also be considering such an approach.
This paper outlines how the goals, practices and capability levels for the configuration manageme... more This paper outlines how the goals, practices and capability levels for the configuration management (CM) process area within a software process improvement (SPI) framework have been developed. This framework addresses an opportunity to integrate the regulatory issues and SPI mechanisms so as to achieve improvements that are critical to the development of software for medical devices [1]. Software is becoming an increasingly important aspect of medical devices and medical device regulation. Medical devices can only be marketed if compliance and approval from the appropriate regulatory bodies of the Food and Drug Administration (FDA) [2] (US requirement), and the European Commission under its Medical Device Directives (MDD) [3] (CE marking requirement) is achieved. Integrated into the design process of medical devices, is the requirement of the production and maintenance of a device technical file, incorporating a design history file. Design history illustrates the well documented, defined and controlled processes and outputs, undertaken in the development of medical devices and for our particular consideration with this frameworkthe software components.
Faced with challenges in relation to interpretation of requirements, issues with build and deploy... more Faced with challenges in relation to interpretation of requirements, issues with build and deployment and excessive integration defects, this paper examines how a software team propose using a novel combination of Covey's 'First Things First' principle and Cockburn's Methodology Shaping, as a potential solution to examine their current process and define a new set of working conventions which will address these issues.
In this paper we describe the implementation of an assessment method that was developed to assess... more In this paper we describe the implementation of an assessment method that was developed to assess software processes within small to medium-sized Irish software organisations that have little or no experience of software process improvement (SPI) programmes. We discuss the actual overheads associated with performing software process assessments based upon our experiences of performing assessments in three small to medium sized (SMEs) software development companies.
This paper compares and contrasts the results of two similar studies into the software process pr... more This paper compares and contrasts the results of two similar studies into the software process practices in Irish Small and Very Small Enterprises. The first study contains rich findings in relation to the role and influence of managerial experience and style, with particular respect to the company founder and software development managers in small to medium seized enterprises (SMEs), whilst the second study contains extensive findings in relation to people and management involvement / commitment and SPI goal planning in very small enterprises (VSEs). By combining these results of these two studies of Irish SMEs/VSEs we can develop a rich picture of managerial commitment towards SPI and in particular explore the similarities between Small and Very Small Enterprises
Software Engineering and Knowledge Engineering, Jul 1, 2006
A clear and realistic release plan is central to the strategic planning activities of the firm de... more A clear and realistic release plan is central to the strategic planning activities of the firm developing the software. This paper supports existing agile methods by developing a novel but relatively simple statistical methodology to predict the real time to develop selected functionality. In so doing it provides the product owner with a decision support mechanism to determine the likelihood of completing releases on time for any combination of stories. In this way it is consistent with the best Extreme Programming (XP) practice of selecting stories of two types for a quarterly release, ones that are key and must be delivered and ones that are considered as "Slack" and that can be developed if time permits. A case study is used to explain the proposed methodology.
Software Process: Improvement and Practice, Sep 1, 2008
There is often a misconception that adopting and tailoring agile methods is straightforward resul... more There is often a misconception that adopting and tailoring agile methods is straightforward resulting in improved products and increasingly satisfied customers. However, the empirical nature of agile methods means that potential practitioners need to carefully assess whether they are exposed to the risks that can make agile method adoption problematic. This is particularly the case with small software companies who are less able to absorb the impact of failed experimentation. This study describes a minimally intrusive assessment approach for small software companies preparing for agile method adoption and tailoring in the light of key risks. The approach has been conducted with six small software companies, three of which are presented to show the evolution of the approach, describe the resource commitment that companies have to make, and highlight the type of information generated from an assessment. The contribution of this study is that small software companies have an alternative to 'mere experimentation' with agile methods and can take reasoned steps towards their adoption and tailoring.
Agile software development has steadily gained momentum and acceptability as a viable approach to... more Agile software development has steadily gained momentum and acceptability as a viable approach to software development. As software development continues to take advantage of the global market, agile methods are also being attempted in geographically distributed settings. In this paper, the authors discuss the usefulness of published research on agile global software development for the practitioner. It is contended that such published work is of minimal value to the practitioner and does not add anything to the guidance available before the existence of current agile methods. A survey of agile GSD related publications, from XP/Agile conferences between 2001 and 2005, is used to support this claim. The paper ends with a number of proposals which aim to improve the usefulness of future agile GSD research and experience.
Uploads
Papers by Gerry Coleman