Meeting Dates: Tuesday, July 17 – Thursday, July 19, 2007
Meeting Location: Sheraton Yankee
Clipper Hotel,
The purpose of this meeting is to do the following:
1. Address
specific S2ESC management issues
2. Review
progress of ongoing projects
3. Conduct
strategic planning
4. Review
action items
Introductions:
|
Ken Costello (newly elected MB member) |
|
Paul Croll, S2ESC Chair |
|
Scott Duncan, Management Board |
|
Mark Henley, Chair, Web Planning Group, |
|
Joe Jarzombek, DHS Liaison (Weds.) |
|
Keith Middleton, Management Board |
|
Annette Reilly, Management Board |
|
Christina Sahr, IEEE SA Staff |
|
David Schultz, Chair, Management Board |
|
John Walz, Vice Chair, Planning, VP Standards, IEEE CS |
|
Chuck Walrad, Secretary |
|
Malia Zaman, IEEE SA Staff |
|
Liang-jie (“LJ”) Zhang, Chair, WG on SOA Reference Architecture |
Review of current
membership and positions/responsibilities. Question of S2ESC’s relationship
to SC7 led to Croll’s explanation of the relationship among the S2ESC, The IEEE
Computer Society (IEEE CS), and the IEEE Standards Association (IEEE SA), and
the U.S. Technical Advisory Group for ISO/IEC JTC1/SC7 (SC7 TAG), which
represent the
Please see attached report.
3.1.1
Croll
will withdraw 1175.5 PAR
3.1.2
Croll
will request 2-year extension for 610.12 to enable approval by its replacement
(ISO 24765).
3.1.3
Croll
will request 2-year extension of 1008.
As SC7 liaison,
3.1.4
Plan
had been for JW Moore, funded by DHS, to write 1062 to address Supply Chain
risks in SW Acquisition (threats to SW). Kathy Land might also be a good
possibility, now that she is researching this area and has moved to MITRE.
3.1.5
Material
from 1228 is being considered for inclusion in a joint project (ISO/IEC/IEEE
15026), after which it will be withdrawn. However, it will probably have to be
extended until after 15026 is approved. (Sahr will verify for Paul that this is
the best approach.)
3.1.6
The
P90003 & 1362, 1362a (ConOps) re-affirmations received many negative
comments. Zaman will communicate to reviewers the IEEE policies on retaining
such comments for later consideration when ISO standards being adopted or re-affirmations are subsequently revised
or replaced. 1362 is being re-affirmed to keep it alive until S2ESC provides a
draft document combining 2063 and 1362 for submission to ISO.
3.1.7
We
will begin a re-affirmation of 1420.1, .1a, and .1b
3.1.8
1471
was fast-tracked to ISO as 25961. The MB will ask Rich Hilliard to do a PAR
revision for IEEE 1471 to align the number with ISO 25961 (it has been a joint
project).
3.1.9
IEEE
12207.0 is being replaced the by latest version of ISO/IEC 12207. IEEE 12207.1 is being replaced by ISO/IEC
15289, and IEEE 12207 .2 may be replaced by ISO/IEC 24748. We need to make a decision about 12207.2
soon..
3.2.1
In
the past, we have identified about 14 roles to replace the 2 roles of User and
General Interest ballot (e.g., Singer added roles with definitions for
1175.1). We need an S2ESC-approved
standardized list of specific of roles and definitions that all ballots use.
Walrad will attempt track down the previous list(s).
See attached
presentation.
3.3.1
The
1012 working group needs guidance from the MB about the concerns about possible
incursion into HW areas, how it addresses testing, and how it harmonizes with
ISO.
3.3.2
It
was pointed out that, if the IEEE has changed our standards review and approval
process, then the IEEE staff needs to update the process slides that Ortiz
presented last year, and send them to the ExCom and get them on the SA/S2ESC
website for WGs to access.
3.3.3
S2ESC
plans to roll together 1362, 830 and 1233 into IEEE 2063
(Requirements Engineering), and then propose it to SC7. We are unable to get it
done by the next submission round in 9/2007, though.
3.3.4
PAR
for SOA WG is on the July 30, 2007, agenda for approval. WG Chair is from IBM’s
SOA group.
3.3.5
Issue
WRT to P9126.1 ISO is revising ISO/IEC 9126.1 as 25010, so we probably need to
create a project for P25010.
3.3.6
12207.1 will be replaced by 15289. Issue WRT
whether or not 12207.2 should be replaced by ISO/IEC 24748 (Guide to SWLC
Processes) or by something else as 12207 is revised/updated (e.g., additions to
24748, which is in-ballot). ISO 24748 is about 55 pages. ExCom will review to
determine appropriate disposition.
3.3.7
15026.
Note that
3.3.8
ISO/IEC
16326 is being merged with IEEE 1058 as a coordinated revision. Henley will
shortly be submitting a draft for MEC (Mandatory Editorial Comment) to Zaman
with the comments from the
3.3.9
For
PMBOK update adoption as an IEEE std (due for revision in 2008), we need to
either re-affirm or extend this one, or adopt a new one, depending on where PMI
is in its revision cycle. Walrad will talk with Kathy Land about getting a plan
together for negotiating additional rights for revisions with PMI, and find out
from PMI what their revision cycle is.
3.4.1
MB
has begun to add space to its WG rosters for indicating if people want to work
on other standards after their WG is dismissed. Note that the WG feedback has
shown a preference to uses spreadsheets for rosters, rather than the “roster”
feature on MyProject, because the self-selected folks on MyProject may not be
actually selected/qualified to be on the WG or may not be active.
3.4.2
Discussion
(again) of the need for IEEE to provide better support for tracking those who
have indicated they want to participate further in standards development and to
periodically contact them about their status. Sahr says they are beginning to
think about such issues.
3.2.1
ASQ Software Division Liaison [ Duncan ]
3.2.2
SC7
Liaison [
3.2.3
SEI
Liaison [ Chrissis ] (Not present; no
presentation)
[0900 Call To Order And
Continuation Of The Agenda [ Croll ]]
3.2.4
DHS
Liaison [Jarzombek]
Software assurance: a strategic initiative of the US DHS to promote
Integrity, Security, and Reliability in software
3.2.4.1
See
the Build Security In public website; also https://us-cert.esportals.net for
WGs, and http://us-cert.gov/SwA.
3.2.4.2
See
Jarzombek’s slides (attached) for a complete overview of DHS activities in SwA,
such as the Common Weakness Enumeration dictionary, the IT Security Essential
Body of Knowledge, Practical Measurement Guidance for SwA/Information Security,
etc. Also, various articles in
Crosstalk.
3.2.4.3
They
have recruited Stan Wiessman from Booz, Allen, Hamilton to head the 1062
(Software Acquisition) WG, and a PAR will be submitted soon. Reilly is the MB
rep for that WG.
3.2.4.4 By bringing together the whole
community, DHS has made far progress in the area of Software Assurance than
expected. Have established a SW Assurance
Users community to facilitate cross-pollination of ideas/information.
4.1
MyProject:
Sahr (c.sahr@ieee.org) is the Technical Project Manager responsible for
this. Sherry Hampton is the NesCom administrator (s.hampton@ieee.org). The new process for
PAR submission, as required by NesCom (New Standards Committee) caused new
changes to MyProject. Sahr walked the group through the screens that a Sponsor
uses to manage PARs. (Note that non-WG chairs and non-Sponsor cannot view
submitted PARs until approved.) When the sponsor accepts the PAR, it is
submitted to NesCom for review at their next FTF meeting. It then goes up to
the Stds Bd for approval.
4.2
Sahr pointed out that the IEEE CS editors would
like to be included in the WG text development much before the MEC step
(Mandatory Editorial Content).
4.3
John Walz commented that the IEEE has created an
on-line tool (http://ieee.sharedinsights.com/) that allows IEEE members and WGs
to communicate via wikis, etc.
4.4
MyBallot:
Currently, the staff feels that the WG activities after the WG is
launched until the MEC and being ready for ballot is “a black hole”. From the WG perspective, there is no clear
big picture of what steps the IEEE SA requires
the WG to go through to get started and to get to the finish line.
5.1 Virtually all of the terms in the vocabulary come from approved standards, except those taken from Software magazine’s approved vocabulary.
5.2 Online since March, 2007 at: www.computer.org/sevocab
5.3 WG Chairs should be instructed to use the Sevocab terms as far as possible. When not possible (e.g., if the meaning of a term has changed too much in current usage), the term with the then-current meaning should be added to the terminology section of the new standard. The standard can refer to Sevocab.
5.4 Anyone can download the entire vocabulary in a .pdf (about 300 pages).
5.5 We should all put this link on our websites, to encourage the community to use common terminology.
5.6 Reilly is now the ISO owner. Van Arsdale has had to resign as editor due to work pressures; Reilly is looking for a new editor in order to shepherd this thru the ISO process (as ISO/IEC CD 24765.4).
5.7
They are working on defining a process for
future updates to the vocabulary. They would like to get the CMMI vocabulary
included, also.
6.1
A Services
Computing landscape exists now: Four conferences have produced papers which
they characterize as the Services Computing Body of Knowledge and have put on
the IEEE services computing community website.
6.2
Dr. Zhang
has created an S2ESC SOA & Web Services WG (PAR P1723 “Std for SOA Solution
Reference Model” submitted but not yet approved). Includes OASIS (SOA Reference Model, OASIS
SOA Reference Architecture), Open Group (Open Group Ref. Arch. Initiative),
OMG, IEEE (IEEE 2007 Symposium on SOA standards at Services 2007, Sponsored
by IEEE Computer Society Technical Committee on Services Computing; see http://conferences.computer.org/services/2007/).
6.3
OMG and
OASIS came to them and requested participation.
6.4
Goal is to
produce a high-level reference architecture (including services invocation
model, exchange protocols, integration protocol, etc., independent of the
underlying implementation, platforms and products).
6.5
They work
with the Rational team on modeling languages.
6.6
They have
produced a draft of the IEEE SOA Reference Arch (SOA-SRA)
6.7
Work is in
progress on SOA relationships modeling language & SOA services discovery
language (federated discovery) (SOA-SDL)
6.8
Want to
create a TCP-IP type of stack model rather than the standard triangle
“architecture”. (See attached slides.)
7.1
CS offers
two types of standards – product (this includes docs as products) and process
7.2
There are a
variety of volunteer service awards (IEEE-CS, IEEE-SA, IEEE). Moore and Croll were awarded for their
standards work.
7.3
IEEE-CS
Standards Committee on Vitality (Jack Cole, Vitality Chair):
7.3.1
There are 12
CS standards committees: Design Automation Foundation for Intelligent Physical
Agents, S2ESC, etc.
7.3.2
International
standards coordination and harmonization – improve and regularize participation
in ISO work.
7.3.3
Putting
together a balanced scorecard to measure vitality for SAB, Stds Cmte sponsors,
WGs, and balloting groups.
7.4
IEEE-CS
Standards Speaker Bureau leverages existing IEEE CS Distinguished Visitors
Program
7.5
There will
be an IEEE-CS Standards seminar (one-day) in
7.6
CS is making
a focus of standards users, not just standards producers, especially for SW
process standards.
7.7
IEEE
Business Management System (BMS) may present tool opportunities for S2ESC and
its WGs.
8.1
S2ESC
Management Procedures [ Schultz ]: This
effort is in its final stages, assuring consistency among the revised
procedures.
8.2
S2ESC
Policies [Walrad]
8.2.1
Walrad produced
a matrix of the interrelationships between the Fundamental Policies, Strategic
Policies, and Operational Policies.
8.2.2
The
objective is to subsume the SPs and OPs into the FPs that refer to them, making
the policy collection’s architecture more transparent.
8.2.3
In addition,
during this process, the contents of the policies are being reviewed for
internal consistency and for currency.
8.2.4
Walrad
showed FP06, the first test case for the new approach. The revised policies on the web will have
hyperlinks within them, pointing to related paragraphs in other standards.
9.1
Status: No change since last FTF.
9.2
Content:
S2ESC Charter has been replaced by S2ESC Operating Policies document approved
by AudCom.
9.3
Dennis
Lawrence is still our archivist.
9.4
Improvements
- new computer.org website requirements. Walz suggested that Henley add Google
analytics (free) to count page visits. Henley will add this to his website
re-org activities.
10.1
Alignment With Other Standards Bodies: We will
establish a Collection Management Study Group to consider S2ESC standards’ fit
not just with 12207, 15288, and SWEBOK, but also with the standards of other
organizations like the following:
10.1.1
SEI -
CMMI-DEV
10.1.2
Object
Management Group (OMG) modeling standards
10.1.3
Organization
for the Advancement of Structured Information Standards (OASIS)
10.1.4
SOA (service-oriented architecture) standards
(L.J. Lang, IBM)
10.1.5
ISACA
(Information Systems Audit and Control Association)
10.1.6
COBIT 4.1 -UK Office of Government Commerce
10.1.7
ITIL 3.0 IT service management practices
10.1.8
ISO/IEC
SC27, IT Security
10.1.9
IEC
TC65A, Functional Safety
10.1.10
ISO
TC210 Medical Devices
10.1.11
IEC SC
62A Medical Practice Electrical Equipment
10.1.12
Association
for the Advancement of Medical Instrumentation – Software Committee for
standards development
10.2 IEEE-SA has requested S2ESC endorsement of a Software Development Maturity Self-Assessment created by NeuraMetrics . Neurametrics was charged by SA with developing this instrument as a new revenue generator. It developed the assessment without working with S2ESC. Walz will convey our refusal to have S2ESC’s endorsement or any association with this SA product.
10.3
Reliability standards.
It was pointed out that IEEE
Reliability Society standards development sometimes overlaps with S2ESC:
They have their own software reliability standards. It is not clear how
or if this can be changed, but we should be aware of the issue.
Thursday, July 19 – S2ESC Executive Committee Meeting
(Cont.)
[0900 Call To Order And Continuation Of The
Agenda [ Croll ]]
11.1
Electronics market is $1.4B. Those in the industry are the potential
market for IEEE/S2ESC products.
11.2
S2ESC
SWOT: Walz wants us to focus on how to shorten the standards production process
to an 18 month cycle. The group pointed out the need to institute CM practices
so that SA changes to procedures that WGs are supposed to use can be better
understood and that changes to MyProject, etc., are known in advance and
announced. IEEE-SA needs to be held accountable for standard CM practices.
11.3
Before
defining a process to produce a new standard within 18 months, we need to look
at some larger issues: incenting and
managing volunteers, the fact that teleconferences and FTF meetings cost the
volunteers money (no support from SA), the fact that the larger Community of SW
Practice may be uninterested in SW process standards.
11.4
Note:
The S2ESC community (mailing list) is about 3,000 people. People can sign up by
following the instructions at http://standards.computer.org/sesc/join_s2esc/Joining-S2ESC.pdf. We are not doing a very god job of managing
these potential WG members, much less marketing to the 2,000,000 people
involved in SW.
11.5
In
committing to action, we need to think about building useful alliances that
will help us further our goals.
11.6
We
should think about delivering new standards as total packages: standard,
tutorial, and guidebook near publication.
11.7
We
could use a WG to define a WG Orientation package.
11.8
We
could use a WG to study how to bring new members, new involvement in. E.g.,
Katy Dickinson’s group at Sun. We could
look at our list of SW processes and seek people to write standards for those
we don’t have standards for.
11.9
Zaman
agreed to create a role matrix of our IEEE CS and SA staff members’
responsibilities to S2ESC and deliver at the next S2ESC telecon.
11.10
How
can we influence SWE/CS curricula to include SWE standards? This is difficult when you consider that
standards must be purchased. In some
cases, course requirements include students having to purchase one. No – universities, like corporations, can
sign up for electronic access (IEEE Xplore). Walz will determine how we can get
an inexpensive educational CD product out with the 5 basic standards that
Vladan identified as key for SWE curricula.
11.11
Need
to identify our key reason to exist, validate those needs and assess products
and services to meet those needs. Current vision statement (there is no mission
statement currently): “Our vision is a family of products and services based on
software and systems engineering standards for use by practitioners,
organizations, and educators to improved the effectiveness and efficiency of
their software and systems engineering processes, to improve communications,
between acquirers an d suppliers, and to improve the quality of delivered
software and systems containing software. We need a mission statement that
references the need for improved efficiencies & effectiveness (WRT the
current state of the practice), and what we do to further this. We need to the
value of IEEE community developed standards vs. the “Best Practices” available
for free. We need to articulate each part of the value proposition: belonging
to IEEE, to CS, to SA (and S2ESC). Reilly and Walrad will propose a revised mission statement;
include Walz as “silent partner”; and deliver to S2ESC within 2 months. Ideas
include “Extend awareness of standards and their relevance in educational
institutions; Extend participation to IT and SW product companies, Make IEEE
standards better known and their utility and purpose understood.
11.12
IEEE needs to articulate each part of the value
proposition: belonging to IEEE, to CS, to SA (and S2ESC).
11.13
Idea: Could we establish a mechanism to award free
CS or SA memberships to high-activity volunteers?
11.14
Porter
5-Force model.
11.15
Big issue: is the new Business Management system
going to improve CS’s ability to communicate with its members? Several examples of how poorly this works now
were cited. Unclear. We can’t even get
the S2ESC mailing list from SA/CS.
11.16
Reilly and Walrad pointed out that standards users expect recommendations
about document content (e.g, SCM plans, SQA plans), so are concerned that the
current focus on process precludes this.
11.17
Competitors vs. Alliances: See Walz’s slide 26- competitors. We shuld
consider working to create alliances rather than seeing them as competitors. If
PMBOK is seen as too heavy-weight, should we consider an alliance with them to
provide a slimmed down PM standard for IT projects? Note: Reilly suggests that INCITS be added to
the list. Duncan added WC3. Disagreement
about whether Microsoft should be seen as a competitor or as a potential
ally. (Microsoft has shown interest in
working together with us. They would be
interested in taking our various pieces and packaging them as a SDLC
solution.) Many organizations like
Lockheed develop their SDLC standards based on IEEE standards, but they lack
the IEEE brand.
11.18
Our potential market needs to see us as providing
solutions to their problems. The large IT consulting companies sell their
methodologies as solutions to managing risk in SW development and delivery. We
need to understand our “buyers.” Why are we confining ourselves largely to
Gov’t organizations where IEEE standards are mandated?
11.19
There was a conscious decision by CMM(I) developers
not to map their practices to ISO or IEEE standards. However, we can establish
a strong link: Croll says that the SEI
will publish any mapping we provide them.
11.20
All S2ESC members are invited to participate in the
5 study groups that hae been discussed:
Vision and Mission definition {Lead = Reilly, with Walrad), WG
Orientation package including tips for shortening the stds development cycle
(Lead= Middleton, with Costello), attracting and retaining new [qualified and
motivated] participation[1] (Lead =
Schultz, with Duncan), criteria for engaging other organizations as alliances
(Lead= Walrad, with Duncan and Croll), and Collection Management (Lead=
Croll, with Moore, Schultz, Walz, Land, and Walrad). These study groups should use http://www.sharedinsights.com/
for intra-group communication and collaboration. Each should include John Walz.
Each lead should draft a statement of purpose and a plan for proceeding and
send to Croll prior to the next telecon (meeting #147). Walz will set up work areas for these groups,
and send out an invitation to join to the S2ESC ExCom and MB members.
11.21
Next
FTF: Week of February 4 or February 25,
2008. Walrad to check with Google, et al
and ask Fujii if San Diego could be a fall-back.
11.22
Next
telecon: Thursday, 9 August 2007, 12:30
PM EDT
Walrad will send out the updated Action item
spreadsheet before the next telecon meeting.
§
Process
improvement for future meetings: the SC7
and staff and MB should provide an integrated report on the status of the
standards in the collection. This single report should be agreed among staff,
Moore, and Schultz in advance of the meeting.
1700 Adjourn
Attachment 1
PAR/Standard |
Type of Project |
Status in Balloting Process |
Invitation Phase |
Ballot Phase |
Recirculation |
|
Recirculation 2 |
|
ACTION |
||
|
Open Date |
Close Date |
Open Date |
Close Date |
Open Date |
Close Date |
Open Date |
Close Date |
|
|||
|
1063-2001 |
Reaffirmation |
Recirculation
1 |
8/10/2006 |
9/9/2006 |
10/1/2006 |
10/31/2006 |
7/2/2007 |
7/12/2007 |
|
|
Moved to REVCOM as of 7/17/07. Recirculation for reaffirmation will
closed on 7/12/07. Will send email Annette with instructions on how to move
forward with reaffirmations with comments.Status update? On Hold for now
trying to complete ISO CD 24765. IEEE STD 1063 is next. |
|
1362-1998 |
Reaffirmation |
Comment
Resolution |
2/6/2007 |
3/8/2007 |
3/28/2007 |
4/27/2007 |
|
|
|
|
Carl will recirculate as of 6/25/07. Ballot closed on
4/27/07. |
|
P12207 |
Revision |
Comment
Resolution 1 |
3/27/2006 |
5/13/2006 |
8/4/2006 |
9/5/2006 |
3/7/2007 |
4/6/2007 |
7/16/2007 |
7/26/2007 |
Recirculation has started as of 7/16/07. As per Jim Moore will
start recirculation on july 3rd. In Comment resolution stage |
|
P15288 |
Revision |
Comment
Resolution 1 |
3/27/2006 |
5/13/2006 |
8/4/2006 |
9/6/2006 |
3/8/2007 |
4/7/2007 |
7/16/2007 |
7/26/2007 |
Recirculation has started as of 7/16/07. As per Jim Moore will
start recirculation on july 3rd. In Comment resolution stage |
|
P15289 |
New |
Ballot |
10/2/2006 |
11/1/2006 |
11/21/2006 |
12/22/2006 |
7/1/2007 |
8/1/2007 |
|
|
Ballot opened. 7/1/07. Ballot is reaching 6 month deadline deleyed,
due to legal review. Need to work fast. On hold due to IEEE legal team |
|
P90003 |
New |
Comment
Resolution |
1/8/2007 |
2/7/2007 |
3/19/07 |
4/17/2007 |
|
|
|
|
ask Jodi about this.. What to say about an Iso document that
cannot be changed.Scott said he recirculate soon as per 6/14/07 telecon. Ballot closed 4/17/07 |
|
1175.1-2002 |
Reaffirmation |
Submitted
to Revcom |
3/28/2007 |
4/27/2007 |
5/3/2007 |
6/2/2007 |
|
|
|
|
As 6/29/07 Submitted to REVCOM. As of 6/14/07, Carl has initiated
recirculation. |
|
P16326 |
Revision |
Pre-ballot |
4/26/2007 |
5/26/2007 |
|
|
|
|
|
|
He will be submiting MEC soon as of last email confirmation
7/11/07. MEC is not uploaded. Malia will email and inform him. Invitation Phase
Closed 5/26/07 |
|
P25051 |
Revison |
Pre-Ballot |
4/23/2007 |
5/23/2007 |
|
|
|
|
|
|
Has emailed balloters to get their decision. Invitation Phase Closed 5/23/07 |
|
P1028 |
Revision |
Pre-Ballot |
6/4/2007 |
7/4/2007 |
|
|
|
|
|
|
Invitation closed 7/4/07 .MEC Completed and turned in to Dennis
7/12/07.Mec uploaded and due 7/5/07, Michelle Turner is your Editor. |
|
P15026 |
New |
Preballot |
6/4/2007 |
7/4/2007 |
|
|
|
|
|
|
MEC Is complete, turned in to Paul 5/13/07. Invitation closed
7/4/07. Going thru NESCOM Comments. As of 6/14/07 Mec Uploded. MEC will be
completed 7/14/07. Jennie Steinhagen will be
your editor. |
|
P1175.4 |
New |
Invitation |
6/18/2007 |
7/19/2007 |
|
|
|
|
|
|
Invitation Closes on 7/19/07 |
|
P829 |
Revison |
Invitation |
6/22/2007 |
7/22/2007 |
|
|
|
|
|
|
Invitation closes on 7/22/07 |
IT/software workforce had
requisite knowledge/skills for developing secure, quality products.