Component-Based Software Engineering and the Issue of Trust Bill Councill Texas Quintessence Corporation 3909 Morningside Drive Plano, TX 75093 USA +1 972 403 7288
[email protected]
George T. Heineman Computer Science Department WPI 100 Institute Road Worcester, MA 01609 USA +1 508 831 5502
[email protected]
ABSTRACT Software component consumers are entitled to trusted components. This panel addresses the criteria for trusted components and presents generally accepted definitions for all terms used to describe both software components and the methods and processes required to verify trusted software components.
2 STATUS OF CBSE A variety of irreconcilable definitions for the terms, software component and software component framework existed until November 1999. The authors convened a virtual workshop to develop definitions for the terms and the results will be published by Addison Wesley in a forthcoming edited text, Component-Based Software Engineering: Putting the Pieces Together [6]. Generally accepted definitions of software component, software component framework, and component-based software engineering were required for software component producers, implementers, and consumers to share a common vocabulary when discussing CBD and CBSE.
Keywords Component-based development (CBD), component-based software engineering (CBSE), software component, software component framework, trusted component, third party testing, licensure 1 INTRODUCTION Component-based software development has received considerable attention among software vendors and information technology organizations, especially within the last year. A marketplace for software components is emerging. Just as CBD is an evolutionary phase emerging from the programming paradigms that preceded it, CBSE is both a subset, as well as an extension, of current software engineering practices. More importantly, however, component-based software engineers intend to define and describe the processes required to assure timely completion of high quality, complex software systems that are composed of a variety of preproduced software components, much in the same manner that civil engineers have established standardized, time-tested engineering principles to build bridges with reusable parts.
Whether CBSE is a subdiscipline of software engineering or an extension is an issue that has relevance to componentbased software engineers. The criteria for assuring trusted components must be established so that implementers and consumers, when they purchase or use software components, will be protected from injury, lost production, and diminution or loss of profits. Methods for assuring trusted components exist today. Third-party certification, using UL 1998 [1], is currently applied to a variety of safety-critical non-networked embedded software in programmable (microelectronics) components. Underwriters Laboratories in 1999 announced the third-party testing services to software application components [2]. In 2000, a UL 1998 technical planning panel will be convened to further consider the application of UL 1998 to reusable software components [3].
The objective of this panel is to discuss the most effective methods and processes to assure trusted components. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. ICSE 2000, Limerick, Ireland © ACM 23000 1-58113-206-9/00/06 …$5.00
661
Perhaps for some software engineers, the licensure of software engineers is not considered a requirement for the production of trusted components. Yet, review of other engineering professions demonstrates that licensure provides a minimal level of competent responsibility for engineering projects. Over 99 percent of all businesses in the United States are small businesses, with fewer than 500 employees [4]. A similar percentage of independent software vendors and software component producers, implementers, and Software Engineering are small businesses. The Software
of components between businesses. Only then will software Engineering follow the lead of every other engineering discipline. Building high-quality and trusted components is a first step towards achieving this goal.
Engineering Institute, perhaps inadvertently, has focused its Capability Maturity Model (CMM) towards large businesses and federal government contractors. Component-based software engineers must consider ways to assure the quality of components within the small business community, which often has insufficient resources to implement the CMM.
To better understand the professional responsibility that software engineers may need to adopt, consider reading the article that describes William LeMessurier's experience in identifying a flawed design after his Citicorp skyscraper was built [9]. As a structural engineer, LeMessurier is required to retain a liability insurance company as a way of ensuring the public safety in the buildings he designs. Trust is thus ensured through a comprehensive network of regulation and certification. This panel will provoke a lively debate on how CBSE can ensure similar trust.
3 PANELISTS AND THEIR POSITIONS The panel is composed of the following members: • • • • • •
George T. Heineman (Chair) Bill Councill Janet Flynt Alok Mehta John R. Speed Mary Shaw
Bill Councill Mr. Councill is co-editor of the forthcoming edited text from Addison-Wesley, Component Based Software Engineering: Putting the Pieces Together. With advanced degrees in counseling and law, he has served as manager of software development, software testing, and systems and software process in various small businesses. He has published articles on the need for third-party certification and the licensure of software engineers to assure trusted components and the accountability of software component producers to their corporate boards and consumers. Bill Council is also a lecturer in the Computer Science Department at University of Texas, Dallas.
George T. Heineman (Chair) George Heineman is an assistant professor of Computer Science at WPI in Worcester, MA. He is co-editor of the forthcoming edited text from Addison-Wesley, Component Based Software Engineering: Putting the Pieces Together. His Software Engineering research is supported by an NSF Early Faculty Career Development Award (CAREER) and industrial sponsors (Natural Microsystems and Intellution, Inc.). Mr. Heineman has authored or co-authored over 20 articles and papers on Software Engineering topics, including component adaptation techniques, componentbased software engineering, software development environments, and software process.
The Web and highly integrated applications connecting multiple organizations are information technology’s equivalents of highway and railroad bridges. Web, commercial, and organizational applications are highly unlikely to injure users; yet Web-based and application software can severely injure the operations, cash flow, or profits of businesses and other types of organizations.
Today, one can purchase many types of components (witness the many visual basic controls and JavaBeans offered for sale), but the situation more closely resembles a bazaar than a component marketplace. Such an environment limits the true productivity of the entire software engineering field. Too often, CBSE researchers simply assume that a marketplace will exist and do not show how technology or the software engineering culture will create such a marketplace.
While civil engineers and bridge builders wrestled with their duties to protect the public through comprehensive specifications in the 1800s and developed their first Standard Specifications for Highway Bridges in 1931, software engineers have yet to adopt uniform practice standards and generally have opposed licensure. The public, through higher taxes and prices for products, continuously assumes the costs of software engineering's numerous, well-known failures.
In software engineering, we should pay more attention to the concept of network externalities. An externality is created when individual users adopt a technology and the user benefits and "external" benefits accrue to other users as a result of the adoption decision. For example, a fax machine becomes increasingly useful as more individual fax machines are sold. The more people that share this technology, the more valuable it becomes.
Software engineering — a largely unregulated discipline that adopted a professional appellation — has experienced momentum, both within the field and by users, towards true professionalism. This movement in the field for professional accountability includes: the certification of professional engineers, standards for software component testing, and third-party software component certification based on complete, concise, and risk-based requirements and design specifications.
CBSE represents the best practices of the processes, tools, and methods developed by the software engineering community. An individual component will not likely have significant impact. Organizations in the software industry must learn to consider software reuse as more than an internal cost-cutting measure. It must become the standard means of doing business and we need to increase the reuse
Bill Councill will offer a tripartite proposal intended to
662
with many component-based technologies in all phases of the software cycle. In particular, he has led the effort to evolve the legacy AMS into a component-based system. He is currently managing an e-Commerce project at AFS.
encourage confidence by the public in software engineering's ability to develop quality software repeatedly, within all organizations that implement the following plan: 1. Extend standards for third-party certification to operating systems and applications, initially by contract;
Mr. Mehta has a BS in Mathematics and Physics. He holds an MBA from Plymouth State College and an MS in Computer Science from Northeastern University. He is also pursuing a Ph.D. at WPI. He has published a paper in COMPSAC 99 describing the evolution of legacy systems.
2. License component-based software engineers based on completion of software engineering degree, internship, and examination; and 3. Engage licensed software engineers to exercise direct control over the software development life cycle and personnel.
Mr. Mehta will talk about methodologies and benefits of CBSE in evolving legacy systems. He will discuss what software developers can do (and are doing) to create trusted components. There is a lack of technology to create trusted components, and he will describe the general problem of the quality of trusted components.
Third-party certification is a requirement for repeated success in software development projects. The second and third criteria— licensing of software engineers and their exercise of direct control over software development projects — is vital for building and maintaining bridges of information that have the same initial success and longevity as their counterparts, highway bridges.
John R. Speed John Speed, PE, is a consulting engineer specializing in the design and program management for public infrastructure. He was formerly the Executive Director of the Texas Board of Professional Engineers, managing the state’s regulation of the engineering profession. Mr. Speed holds a BS in civil engineering from Texas A&M University, an MS in political science with an emphasis in public management from Midwestern State University, and is a graduate of the Texas Governor’s Executive Development Program. He has authored several dozen papers/articles on topics ranging from engineering professionalism to the economic impacts of transportation projects.
Janet S. Flynt Janet Flynt is the Program Manager of the Programmable Electronics department at Underwriters Laboratories Inc. Presently, Ms. Flynt is the Program Manager for UL's Programmable Electronics activities in software certification, which includes the development of the UL 1998 Standard for Safety-Related Software. Under contracts with medical device firms, Ms. Flynt has conducted analyses in support of manufacturers medical device software submissions and has used the FDA 510(k) Reviewer Guidance for Computer-Controlled Medical Devices. She is a graduate of the University of North Carolina, receiving a B.S. in Mathematical Sciences and a M.S. in Operations Research and System Analysis.
During Mr. Speed's tenure as executive director of the Texas Board of Professional Engineers, the board added software engineering to its rules "to allow the Board's governing regulations to match actual practice, not to force the practice into a particular mold. [5]"
Janet Flynt will describe how producers of software components can benefit from third-party certification. Certification refers to a third-party's review activities, which generally include review of the testing performed by the producer, as well as review of the product’s development plan, risk analysis, requirements, design implementation practices, development process, and configuration management activities. Further, Ms. Flynt will explain that consumers' expectations of trusted components depend on third-party certification.
John Speed will elucidate (and defend) his position that software engineers, especially those operating in the field of component-based development, should be licensed and held accountable to the regulatory practices of professional engineering. He will describe how CBD and third-party certification require adherence to well-recognized engineering practices that are best managed by licensed engineers. Finally, Mr. Speed will explain how direct supervision of software component producers' development activities is beneficial to the public.
Alok Mehta Mr. Mehta is the Senior Vice-President and Chief Technology Officer of American Financial Systems, Inc. (AFS) of Weston, MA. AFS is a small software development firm in Weston, Mass. Mr. Mehta is an original architect of AFS Master System (AMS). AMS is one of the main products that AFS offers. AMS integrates executive benefit and life insurance using sophisticated algorithms. Mr. Mehta has over 10 years of experience in the industry as a software developer. He has been working
Mary Shaw Mary Shaw is the Alan J. Perlis Professor of Computer Science in the School of Computer Science at Carnegie Mellon University. She has been a member of this faculty since completing the Ph.D. degree at Carnegie-Mellon in 1972. From 1992 to 1999, she served as the Associate Dean for Professional Education. In 1997-98 she was a Fellow of the Center for Innovation in Learning. From 1984 to 1987 she served as Chief Scientist of CMU's Software Engineering Institute. She had previously received a B.A
663
(cum laude) from Rice University and worked in systems programming and research at the Research Analysis Corporation and Rice University. In 1993 she received the Warnier prize for contributions to software engineering. She is a Fellow of the Association for Computing Machinery (ACM), the Institute for Electrical and Electronics Engineers (IEEE) and the American Association for the Advancement of Science (AAAS).
8. Douglas W. Bennett, The Promise of Reuse, Object Magazine, 4(8), pp. 5-68, January 1995. 9. J. Morgenstern, "The Fifty-Nine Story Crisis". The New Yorker, 29, May 1995, pp 45-53. 10. David Garlan, Robert Allen, and John Ockerbloom. Architectural Mismatch: Why Reuse is So Hard. IEEE Software, vol 12, no 6, November 1995.
The conventional view of reusable software components holds that the components must be correct and reliable and that they must be represented by accurate and complete specifications [8]. In general, it is not practical to achieve these goals. System integrators can create dependencies on properties of components that were not anticipated by the components' authors (for example, on the ownership of the system's main event loop [10]). Moreover, establishing the properties that appear in the specification requires resources — both to add new properties and to make the specifications of specific properties more precise. I conclude that the software engineering community must develop methods and tools that can cope with specifications that are insufficient, incomplete, incremental, and heterogenous [7]. We are faced with the challenge of building trustworthy systems out of parts for which we have only partial knowledge. This requires better understanding of the cost-effectiveness of improving specifications, a way to get incremental benefit from incrementally improving specifications, and techniques for establishing trust for systems built from parts that may not themselves be trustworthy. REFERENCES 1. UL 1998, 2nd ed., UL Standard for Safety for Software in Programmable Components, Underwriters Laboratories Inc., Northbrook, IL., May 1998. 2. Councill, William. Third-Party Testing and Stirrings of the New Software Engineering. IEEE Software 16(6), Nov./Dec. 1999. 3. Councill, William. Third-Party Testing and the Quality of Software Components. IEEE Software 16(4), 55-57, Jul/Aug 1999. 4. US Small Business Administration's Web Site. . 5. Texas Board of Professional Engineers Web Site. Available at http://www.main.org/peboard/softw.htm. 6. George T. Heineman and William Councill, ComponentBased Software Engineering: Putting the Pieces Together, Addison-Wesley, October 2000. 7. Mary Shaw, Truth vs Knowledge: The Difference Between What a Component Does and What We Know it Does, Proceedings of the 8th International Workshop on Software Specification and Design, March 1996.
664
