This volume constitutes the refereed proceedings of the 23rd EuroSPI conference, held in Graz, Austria, in September 2016.The 15 revised full papers presented together with 14 selected key notes and workshop papers were carefully reviewed and selected from 51 submissions. They are organized in topical sections on SPI and the ISO/IEC 29110 standard; communication and team issues in SPI; SPI and assessment; SPI in secure and safety critical environments; SPI initiatives; GamifySPI; functional safety; supporting innovation and improvement.

CMMI® for Development (CMMI-DEV) describes best practices for the development and maintenance of products and services across their lifecycle. By integrating essential bodies of knowledge, CMMI-DEV provides a single, comprehensive framework for organizations to assess their development and maintenance processes and improve performance. Already widely adopted throughout the world for disciplined, high-quality engineering, CMMI-DEV Version 1.3 now accommodates other modern approaches as well, including the use of Agile methods, Lean Six Sigma, and architecture-centric development. CMMI® for Development, Third Edition, is the definitive reference for CMMI-DEV Version 1.3. The authors have revised their tips, hints, and cross-references, which appear in the margins of the book, to help you better understand, apply, and find information about the content of each process area. The book includes new and updated perspectives on CMMI-DEV in which people influential in the model’s creation, development, and transition share brief but valuable insights. It also features four new case studies and five contributed essays with practical advice for adopting and using CMMI-DEV. This book is an essential resource–whether you are new to CMMI-DEV or are familiar with an earlier version–if you need to know about, evaluate, or put the latest version of the model into practice. The book is divided into three parts. Part One offers the broad view of CMMI-DEV, beginning with basic concepts of process improvement. It introduces the process areas, their components, and their relationships to each other. It describes effective paths to the adoption and use of CMMI-DEV for process improvement and benchmarking, all illuminated with fresh case studies and helpful essays. Part Two, the bulk of the book, details the generic goals and practices and the twenty-two process areas now comprising CMMI-DEV. The process areas are organized alphabetically by acronym for easy reference. Each process area includes goals, best practices, and examples. Part Three contains several useful resources, including CMMI-DEV-related references, acronym definitions, a glossary of terms, and an index.

The DoD¿s multi-billion dollar business systems modernization efforts are high risk, in part because key information tech. (IT) mgmt. controls have not been implemented on key investments, such as the Navy Cash program. Initiated in 2001, Navy Cash is a joint Dept. of the Navy (DoN) and Dept. of the Treasury Financial Mgmt. Service program to create a cashless environment on ships using smart card tech., and is estimated to cost about $320 million to fully deploy. This report analyzed whether DoN is effectively implementing IT mgmt. controls on the program, including architectural alignment, economic justification, requirements dev¿t. and mgmt., risk mgmt., security mgmt., and system quality measurement against relevant guidance. Illus.

CMMI® for Services (CMMI-SVC) is a comprehensive set of guidelines to help organizations establish and improve processes for delivering services. By adapting and extending proven standards and best practices to reflect the unique challenges faced in service industries, CMMI-SVC offers providers a practical and focused framework for achieving higher levels of service quality, controlling costs, improving schedules, and ensuring user satisfaction. A member of the newest CMMI model, CMMI-SVC Version 1.3, reflects changes to the model made for all constellations, including clarifications of high-maturity practices, alignment of the sixteen core process areas, and improvements in the SCAMPI appraisal method. The indispensable CMMI® for Services, Second Edition, is both an introduction to the CMMI-SVC model and an authoritative reference for it. The contents include the complete model itself, formatted for quick reference. In addition, the book’s authors have refined the model’s introductory chapters; provided marginal notes to clarify the nature of particular process areas and to show why their practices are valuable; and inserted longer sidebars to explain important concepts. Brief essays by people with experience in different application areas further illustrate how the model works in practice and what benefits it offers. The book is divided into three parts. Part One begins by thoroughly explaining CMMI-SVC, its concepts, and its use. The authors provide robust information about service concepts, including a discussion of lifecycles in service environments; outline how to start using CMMI-SVC; explore how to achieve process improvements that last; and offer insights into the relationships among process areas. Part Two describes generic goals and practices, and then details the complete set of twenty-four CMMI-SVC process areas, including specific goals, specific practices, and examples. The process areas are organized alphabetically by acronym and are tabbed for easy reference. Part Three contains several useful resources, including CMMI-SVC-related references, acronym definitions, a glossary of terms, and an index. Whether you are new to CMMI models or are already familiar with one or more of them, this book is an essential resource for service providers interested in learning about or implementing process improvement.

This publication is the specification of The Open Group IT4IT Standard, Version 3.0, a standard of The Open Group. It describes a reference architecture that can be used to manage the business of Information Technology (IT) and the associated end-to-end lifecycle management of Digital Products. It is intended to provide a prescriptive Target Architecture and clear guidance for the transformation of existing technology management practices for a faster, scalable, automated, and practical approach to deploying product-based investment models and providing an unprecedented level of operational control and measurable value. This foundational IT4IT Reference Architecture is independent of specific technologies, vendors, organization structures, process models, and methodologies. It can be mapped to any existing technology landscape. It is flexible enough to accommodate the continuing evolution of operational and management paradigms for technology. It addresses every Digital Product lifecycle phase from investment decision-making to end-of-life. The IT4IT Standard addresses a critical gap in the Digital Transformation toolkit: the need for a unifying architectural model that describes and connects the capabilities, value streams, functions, and operational data needed to manage a Digital Product Portfolio at scale. The IT4IT Standard provides an approach to making digital investment decisions and managing digital outcomes that is particularly useful for: • C-level executives responsible for Digital Transformation, as a top-down view of digital value creation • Product Managers and Product Marketing Managers whose portfolios include significant digital content, as a way to integrate marketing priorities with product delivery practices • Governance, risk, and compliance practitioners, as a guide to controlling a modern digital landscape • Enterprise and IT Architects, as a template for IT tool rationalization and for governing end-to-end technology management architectures • Technology buyers, as the basis for Requests for Information (RFIs) and Requests for Proposals (RFPs) and as a template for evaluating product completeness • Consultants and assessors, as a guide for evaluating current practice against a well-defined standard • Technology vendors, as a guide for product design and customer integrations • Technical support staff, as a guide for automating and scaling up support services to deal with modern technology deployment velocity

Cyber Security Engineering is the definitive modern reference and tutorial on the full range of capabilities associated with modern cyber security engineering. Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody bring together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security throughout your full system development and acquisition lifecycles. Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, Mead and Woody introduce seven core principles of software assurance, and show how to apply them coherently and systematically. Using these principles, they help you prioritize the wide range of possible security actions available to you, and justify the required investments. Cyber Security Engineering guides you through risk analysis, planning to manage secure software development, building organizational models, identifying required and missing competencies, and defining and structuring metrics. Mead and Woody address important topics, including the use of standards, engineering security requirements for acquiring COTS software, applying DevOps, analyzing malware to anticipate future vulnerabilities, and planning ongoing improvements. This book will be valuable to wide audiences of practitioners and managers with responsibility for systems, software, or quality engineering, reliability, security, acquisition, or operations. Whatever your role, it can help you reduce operational problems, eliminate excessive patching, and deliver software that is more resilient and secure.

Many organizations that have improved process maturity through Capability Maturity Model Integration (CMMI®) now also want greater agility. Conversely, many organizations that are succeeding with Agile methods now want the benefits of more mature processes. The solution is to integrate CMMI and Agile. Integrating CMMI® and Agile Development offers broad guidance for melding these process improvement methodologies. It presents six detailed case studies, along with essential real-world lessons, big-picture insights, and mistakes to avoid. Drawing on decades of process improvement experience, author Paul McMahon explains how combining an Agile approach with the CMMI process improvement framework is the fastest, most effective way to achieve your business objectives. He offers practical, proven techniques for CMMI and Agile integration, including new ways to extend Agile into system engineering and project management and to optimize performance by focusing on your organization’s unique, culture-related weaknesses.

Process Improvement and CMMI for Systems and Software provides a workable approach for achieving cost-effective process improvements for systems and software. Focusing on planning, implementation, and management in system and software processes, it supplies a brief overview of basic strategic planning models and covers fundamental concepts and appr

Many different quality approaches are available in the software industry. Some of the ap-proaches, such as ISO 9001 are not software specific, i.e. they define general requirements for an organization and they can be used at any company. Others, such as Automotive SPICE have been derived from a software specific approach, and can be used for improving specific (in this case automotive) processes. Some are created to improve development processes (e.g. CMMI for Development), others focus on services (e.g. CMMI for Services), and again others are related to particular processes such as software testing (e.g. TMMi) or resource manage-ment (e.g. People CMM). A number of differences among quality approaches exist and there can be various situations in which the usage of multiple approaches is required, e.g. to strengthen a particular process with multiple quality approaches or to reach certification of the compliance to a number of stand-ards. First of all it has to be decided which approaches have potential for the organization. In many cases one approach does not contain enough information for process implementation. Consequently, the organization may need to use several approaches and the decision has to be made how the chosen approaches can be used simultaneously. This area is called Multi-model Software Process Improvement (MSPI). The simultaneous usage of multiple quality ap-proaches is called the multi-model problem. In this dissertation we propose a solution for the multi-model problem which we call the Pro-cess Based Unification (PBU) framework. The PBU framework consists of the PBU concept, a PBU process and the PBU result. We call PBU concept the mapping of quality approaches to a unified process. The PBU concept is operationalized by a PBU process. The PBU result includes the resulting unified process and the mapping of quality approaches to the unified process. Accordingly, we addressed the following research question: Does the PBU framework provide a soluti