Managing license compliance in free and open source software development

License compliance in Free and Open Source Software development is a significant issue today and organizations using free and open source software are predominately focusing on this issue. The non-compliance to licenses in free and open source software development leads to the loss of reputation and the high costs of litigation for organizations. Towards an automated compliance management, we use the Open Digital Rights Language to implement the clauses of open source software licenses in a machine interpretable way and propose a novel algorithm that analyzes compatibility between free and open source software licenses. Also, we describe a framework that inductively manages compliance of license clauses in a free and open source software development. We simulate and evaluate the formalized license compliance management by analyzing a real-time open source software project GRASS.     

An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other adopted models, ABAC provides more granularity, scalability, and flexibility. This makes it a valuable access control system candidate for securing platforms and environments used for coordination and cooperation among organizations and communities, especially over open networks such as the Internet. On the other hand, the basic ABAC model lacks provisions for context, trust and privacy issues, all of which are becoming increasingly critical, particularly in high performance distributed collaboration environments. This paper presents an extended access control model based on attributes associated with objects and subjects. It incorporates trust and privacy issues in order to make access control decisions sensitive to the cross-organizational collaboration context. Several aspects of the proposed model are implemented and illustrated by a case study that shows realistic ABAC policies in the domain of distributed multiple organizations crisis management systems. Furthermore, the paper shows a collaborative graphical tool that enables the actors in the emergency management system to make better decisions. The prototype shows how it guarantees the privacy of object’s attributes, taking into account the trust of the subjects. This tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. The resulting platform demonstrates the integration of the ABAC model, the evolving context, and the attributes of actors and resources.     

黄河工情险情全天候监测感知预警系统的研究与应用

针对黄河河道工程出险后在短时间内有迅速扩大的危险，对重要险工、控导等水利工程进行信息化强监管，开发、敷设及时可靠的黄河工情险情全天候监测感知预警系统提升监测能力。黄河工情险情全天候监测感知预警系统是数字孪生黄河工程建设的重要内容之一，利用物联网、大数据、云存储等技术，借助于黄河河道工程内部埋设的传感器，对根石和坦石的出险情况进行实时监测与监视，并以此为基础，通过现有黄河网和公网，实现工程的网格化分级管理，做到为指挥中心防汛抢险决策提供准确、及时、科学的数据信息支持，推动治黄信息化发展与治黄业务的深度融合，有效实现险情的“抢早、抢小、抢住”。     

Factors affecting the quality of software project management: an empirical study based on the Capability Maturity Model

Rigorous project management can help raise a software product development process from an initial, immature stage that is unstable and unrepeatable to an optimized maturity level characterized by continuous improvement and innovation. Goals and actions related to a repeatable project management process have been outlined in the Capability Maturity Model (CMM) developed by the Software Engineering Institute at Carnegie Mellon University. The CMM provides good guidelines for initiating software process improvement particularly in the project management area; however, the successful implementation of the CMM guidelines is often not accomplished without significant organizational change involving increased emphasis on change management, teams and employee empowerment. This paper is empirically based on observations, surveys, and interviews of project team managers and project team members in a large, multinational organiplanning, change management, quality management, team work, and process control. Findings presented in this paper are correlated with the CMM guidelines as well as organizational factors that were found to enable or impede the successful deployment of various aspects of a project management improvement plan. The role of education and training in process and quality techniques as well as project management tools that support group work is also examined. This paper provides some insight into the issues faced by organizations based on traditional hierarchy or matrix management as they attempt to move into a more process-driven, quality-oriented development environment. As organizations move towards global markets they need increased emphasis on quality, value, teams, standards and global project management strategies based on structured guidelines to handle process flow within and between projects, departments, organizations, and national boundaries.     

Establishment and application of Enterprise management maturity model based on multimedia data information systems

Multimedia Tools and Applications - Project management maturity model is a method and tool to help the project management organizations evaluate and improve their own project management level, and...     

Identifying and overcoming the challenges of implementing a project management office

With the ongoing challenge of successfully managing information technology (IT) projects, organizations are recognizing the need for greater project management discipline. For many organizations, this has meant ratcheting up project management skills, processes, and governance structures by implementing a project management office (PMO). While anecdotal evidence suggests that implementing a PMO can be quite difficult, few studies discuss the specific challenges involved, and how organizations can overcome them. To address this gap in existing knowledge, we conducted a Delphi study to (1) identify the challenges of implementing a PMO for managing IT projects, (2) rank these challenges in order of importance, (3) discover ways in which some organizations have overcome the top-ranked challenges, and (4) understand the role of PMO structure, metrics, and tools in the implementation of a PMO.We identified 34 unique challenges to implementing a PMO and refined this list to 13 challenges that our Delphi panelists considered most important. The top-three challenges were (1) rigid corporate culture and failure to manage organizational resistance to change, (2) lack of experienced project managers (PMs) and PMO leadership, and (3) lack of appropriate change management strategy. Through follow-up interviews with selected panelists, we identified a series of actions that can be taken to overcome these challenges including having a strong PMO champion, starting small and demonstrating the value of the PMO, obtaining support from opinion leaders, hiring an experienced program manager who understands the organization, bringing the most talented PMs into the PMO implementation team, adopting a flexible change management strategy, and standardizing processes prior to PMO implementation. The interviews were also used to better understand the role of PMO structure, metrics, and tools. In terms of PMO structure, we found that ‘light’ PMOs were more likely to be implemented successfully. Most organizations eschew formal metrics, instead relying on subjective indicators of PMO success. Lastly, it appears that PMO tools are difficult to implement unless a project management culture has been established.     

mbeddr: instantiating a language workbench in the embedded software domain

Tools can boost software developer productivity, but building custom tools is prohibitively expensive, especially for small organizations. For example, embedded programmers often have to use low-level C with limited IDE support, and integrated into an off-the-shelf tool chain in an ad-hoc way. To address these challenges, we have built mbeddr, an extensible language and IDE for embedded software development based on C. mbeddr is a large-scale instantiation of the Jetbrains MPS language workbench. Exploiting its capabilities for language modularization and composition, projectional editing and multi-stage transformation, mbeddr is an open and modular framework that lets third parties add extensions to C with minimal effort and without invasive changes. End users can combine extensions in programs as needed. To illustrate the approach, in this paper we discuss mbeddr’s support for state machines, components, decision tables, requirements tracing, product line variability and program verification and outline their implementation. We also present our experience with building mbeddr, which shows that relying on language workbenches dramatically reduces the effort of building customized, modular and extensible languages and IDEs to the point where this is affordable by small organizations. Finally, we report on the experience of using mbeddr in a commercial project, which illustrates the benefits to end users.     

版本管理与代码走查系统设计与实现

为优化软件项目管理,解决软件版本管理混乱、人工代码走查过程负责和结果难于控制的问题,研究了软件版本管理工具和代码走查工具,介绍了版本管理工具和代码走查工具在软件项目管理中应用。根据实践中软件项目管理的需求,提供了一种版本管理工具Subversion与代码走查工具Reviewboard相结合的系统的实现方法,介绍了版本管理工具和代码走查工具的安装部署,给出了一种基于该系统的软件开发应用流程。     

An Examination of Determinants of Software Testing and Project Management Effort

Software estimation research has primarily focused on software effort involved in direct software development. As more and more organizations buy instead of building software, more effort is spent on software testing and project management. In this empirical study, the effect of program duration, computer platform, and software development tool (SDT) on program testing effort and project management effort is studied. The study results point to program duration and software tool as significant determinants of testing and management effort. Computer platform, however, does not have an effect on testing and management effort. Furthermore, the mean testing effort for third generation (3G) development environment was significantly higher than the mean testing effort for fourth generation (4G) environments that used IDE. In addition, the management effort for 4G environment projects without the use of IDE was lower than nonprogramming report generation projects.     

BPMNt: A BPMN extension for specifying software process tailoring

ContextAlthough SPEM 2.0 has great potential for software process modeling, it does not provide concepts or formalisms for precise modeling of process behavior. Indeed, SPEM fails to address process simulation, execution, monitoring and analysis, which are important activities in process management. On the other hand, BPMN 2.0 is a widely used notation to model business processes that has associated tools and techniques to facilitate the aforementioned process management activities. Using BPMN to model software development processes can leverage BPMN’s infrastructure to improve the quality of these processes. However, BPMN lacks an important feature to model software processes: a mechanism to represent process tailoring.ObjectiveThis paper proposes BPMNt, a conservative extension to BPMN that aims at creating a tailoring representation mechanism similar to the one found in SPEM 2.0.MethodWe have used the BPMN 2.0 extensibility mechanism to include the representation of specific tailoring relationships namely suppression, local contribution, and local replacement, which establish links between process elements (such as in the case of SPEM). Moreover, this paper also presents some rules to ensure the consistency of BPMN models when using tailoring relationships.ResultsIn order to evaluate our proposal we have implemented a tool to support the BPMNt approach and have applied it for representing real process adaptations in the context of an academic management system development project. Results of this study showed that the approach and its support tool can successfully be used to adapt BPMN-based software processes in real scenarios.ConclusionWe have proposed an approach to enable reuse and adaptation of BPMN-based software process models as well as derivation traceability between models through tailoring relationships. We believe that bringing such capabilities into BPMN will open new perspectives to software process management.     

Implementing Security Metrics Initiatives

Abstract

Although Global 2000 organizations today are becoming increasingly aware of the importance of a metrics program to maximize the effectiveness of an information security strategy, there's little guidance available around the practical “how to's” of putting such a program into practice. As a result, security metrics are shrouded in mystery and are considered “too hard” to do—with the end result being that this necessary and effective management tool has yet to be implemented at many organizations, and in the organizations where it has been launched, it has yet to be automated to ease management and reduce resource costs.     

Assessing the health of open source communities

Before contributing to a free or open source software project, understand the developers, leaders, and active users behind it. The computing world lauds many Free/Libre and open source software offerings for both their reliability and features. Successful projects such as the Apache httpd Web server and Linux operating system kernel have made FLOSS a viable option for many commercial organizations. While FLOSS code is easy to access, understanding the communities that build and support the software can be difficult. Despite accusations from threatened proprietary vendors, few continue to believe that open source programmers are all amateur teenaged hackers working alone in their bedrooms. But neither are they all part of robust, well-known communities like those behind Apache and Linux.     

Assessment methodology for software process improvement in small organizations

ContextDiagnosing processes in a small company requires process assessment practices which give qualitative and quantitative results; these should offer an overall view of the process capability. The purpose is to obtain relevant information about the running of processes, for use in their control and improvement. However, small organizations have some problems in running process assessment, due to their specific characteristics and limitations.ObjectiveThis paper presents a methodology for assessing software processes which assist the activity of software process diagnosis in small organizations. There is an attempt to address issues such as the fact that: (i) process assessment is expensive and typically requires major company resources and (ii) many light assessment methods do not provide information that is detailed enough for diagnosing and improving processes.MethodTo achieve all this, the METvalCOMPETISOFT assessment methodology was developed. This methodology: (i) incorporates the strategy of internal assessments known as rapid assessment, meaning that these assessments do not take up too much time or use an excessive quantity of resources, nor are they too rigorous and (ii) meets all the requirements described in the literature for an assessment proposal which is customized to the typical features of small companies.ResultsThis paper also describes the experience of the application of this methodology in eight small software organizations that took part in the COMPETISOFT project. The results obtained show that this approach allows us to obtain reliable information about the strengths and weaknesses of software processes, along with information to companies on opportunities for improvement.ConclusionThe assessment methodology proposed sets out the elements needed to assist with diagnosing the process in small organizations step-by-step while seeking to make its application economically feasible in terms of resources and time. From the initial application it may be seen that this assessment methodology can be useful, practical and suitable for diagnosing processes in this type of organizations.     

Evolving the Project Management Office: A Competency Continuum

Abstract

Many organizations today have recognized the need for a project management office (PMO) to achieve project management oversight, control, and support. the PMO's role is to help both the project manager and the relevant organization to not only understand and apply modern project management practices, but also to adapt and integrate business interests into the organization's project management efforts. This article describes a five-stage competency model for the PMO.     

Integrating hierarchical balanced scorecard with fuzzy linguistic for evaluating operating room performance in hospitals

Health care organizations are operating in a complex environment. The competitive and dynamic health care sector has spurred hospitals into delivering greater flexibility and quality of services. An efficient performance evaluation system is essential for controlling, monitoring and improving service quality in health care organizations. The performance evaluation of operating room (OR) is a useful work for managers to control the operational process of OR team so as to promote the performance. This paper explores the use of a management tool: balanced scorecard (BSC), which facilitates managers to meet multiple strategic goals, and fuzzy linguistic method for evaluating OR performance. BSC is a strategic planning and management system that is used extensively in business and industry, government and nonprofit organizations. First, a model is developed for measuring the acceptable performance of OR based on the interaction financial, customers, internal business process and learning and growth perspective. After that, BSC structure integrated with fuzzy linguistic is proposed for measuring and improving the service. The aim of this study was to build a performance evaluation system for OR and use a fuzzy linguistic to convert the subjective cognition of managers into an information entity and confirmation of improvement. This research results are able to help the organisation to evaluate and revise its strategy and generally to adopt modern management approaches in every day practise.     

A method for software quality planning, control, and evaluation

Squid is a method and a tool for quality assurance and a control that allows a software development organization to plan and control product quality during development. The Telescience software development project used it to build a remote monitoring and control system based in Antarctica     

User-Centric Identity Management: New Trends in Standardization and Regulation

In offering services to individuals, enterprises often deal with a lot of personal information, the improper handling of which creates security risks for both the enterprises and individuals concerned. Authentication procedures usually assume specific behavior on the part of individuals, and this perception becomes a critical part of an enterprise's security mechanism. Identity management systems are touted as a solution, but even though users and enterprises are stakeholders in the broader conversation about identity management, their interests aren't necessarily aligned: who's in control, and whose interests will prevail in ease of conflict? The European Commission-funded Privacy and Identity Management tor Europe project (Prime: www.prime-projeet.eu) proposes a solution driven by the EU Privacy Directive (95/46/EC; http://ec.europa.eu/justice_home/fsj/privacy/law/), which puts the user in control wherever possible. This article focuses on that project and how it interacts with standardization initiatives and international organizations.     

大飞机项目风险监控研究及系统的设计

项目风险被识别出来后,需要对其进行跟踪控制,监督其发展情况。风险监控过程是成功实现风险管理的重要环节。本文对项目风险监控过程的相关内容进行研究,并采用综合的风险监控方案设计项目风险监控子系统,给出应用实例。     

Project management in a software product line organization

In traditional software engineering project management, managers provide focused guidance to a team responsible for producing a specific result in a specified amount of time. Today, however, organizations are increasingly taking a product line approach to software to exploit product commonalities. Software product line organizations have unique practices and project definitions. These unconventional features offer new challenges and directions for traditional project management. How does the traditional concept of a project - a temporary endeavor aimed at creating a unique product or service - hold up under this new paradigm? In this article, we discuss this question, along with how the idea of a "project" and project management techniques must expand to fit a product line context. In particular, we show how the "overall guidelines, policies, and procedures" that Thayer and Pyster spoke of some years ago remain crucially important in product line organizations today.     

面向工控领域的组态软件的画面组态实现

组态是为了使工业控制系统现场工作站按照预定设置自动执行相应任务,使用软件对工作站的各种资源进行配置。组态软件是面向工业自动化领域监控与数据采集系统的软件平台工具,工程师可以根据不同的工控项目预置组态工程以供操作员灵活使用。组态软件的功能结构主要包括组态工程管理、组态参数配置、组态画面运行等部分。组态配置中主要包含图形组态、报表设置、报警设置、变量设置、趋势设置、用户管理、主控卡设置等。文中主要讲述了图形组态的实现方法,包含组态画面的生成和组态软件的动画连接。