ABC Software ABC Software Improvement Team: Germán Benítez John Boveri Siewhung Tee Akeya Vaughan.
-
date post
21-Dec-2015 -
Category
Documents
-
view
215 -
download
1
Transcript of ABC Software ABC Software Improvement Team: Germán Benítez John Boveri Siewhung Tee Akeya Vaughan.
ABC Software
ABC Software Improvement Team:ABC Software Improvement Team:Germán Benítez Germán Benítez
John Boveri John Boveri Siewhung TeeSiewhung Tee
Akeya VaughanAkeya Vaughan
Agenda Define
Charter CTQ Tree Kano Gantt Chart
Measure Pareto Timeline Balance Scorecard
Agenda Analysis
Fishbone Opportunity Cost
Improve Commitment Scale Pilot PDCA Involvement Matrix Communication Plan Gantt Chart
Agenda
Control Standard Operations Combination Chart SOP Monitor Mechanism Quality Assurance
Conclusion
Gantt Chart – High Level
Define Phase
Gantt Chart – Define stage
Current Process Flow
Legal monitors Intranet for product
release
Is there a new product?
Legal asks Product Manager for the contact information of the developers responsible for the software product
Legal sends e-mails to the developers and asks them if the product contains OS
Is there any OS in the product?
No further inquiry necessary
YES
NO
A
Developers send licenses or location of the licenses to Legal
Legal make analysis of licenses
Is there any problem with the use of the license?
Legal e-mails developer that the
OS is OK
YES
NO
Current Process Flow
A
A
Legal contacts Development Management and advises them of the risk (s)
Development Management considers the level of risk
Is the level of risk high?
Development Management notifies Legal and no further
action is taken
Development Management notifies Legal that the product will be fixed in the next
release
Current Process Flow
YES
NO
A
Charter
Purpose ABC Software Inc. incorporates 3rd party open source software
into their products without consistent legal analysis or risk assessment of the software’s licensing requirements. As a result, working closely with ABC Software, an efficient legal process will be developed to asses and communicate the risks of open source software components used in product development. This project is intended to add value to all involved areas per this charter.
Importance Liability
To protect the company from the risk of harmful or improperly used open source software.
Customer compliance To develop a streamline database that would allow Legal to log and
categorize the components of all of their software products. Time
To lower the cycle time of the necessary risk assessment processes.
Charter
Scope Development of a process such that any use of open
source software in the products of ABC Software Inc. will be reviewed by Legal staff prior to development in a efficient, and effective manner. In addition, the project will focus on the flow of information and communication between Development, Legal and the release of the product.
Measure Utilize current cycle time of legal analysis of developed
software as a baseline measurement. Deliverables
By May 16th the team will deliver and present a complete package of process improvements that meet the scope of the project.
Charter
Project success Success is defined as the development of an efficient
and effective process of the legal analysis and categorization of all developed software products.
Resources Team Sponsor: Alice Smith, Intellectual Property, ABC
Software Inc. Team members: German Benitez, John Boveri, Siew Hung
Tee, Akeya Vaughan Coach: Dr. Saaed. Sponsor is available 4 hours a week for meetings and
correspondence.
CTQ Tree
Legal Process
Eliminate legal as bottleneck
Improve access to developer responsible for product
Eliminate legal as bottleneck
Develop a database for quicker/ better access of product info.
Eliminate legal as bottleneck
Provide contact list of lead developers for each productDelegate responsibility
Availability of open source scanning tools
Require developer to keep track components used to develop the product
Needs Drivers CTQ
CTQ Tree
Database
Gather product components info.
Develop database field
Eliminate legal as bottleneck
Communicate and develop
Obtain license info from internet
Analyze the field needed
Determine critical field
Contact IT department
Determine user permission
Version Control
Developer provide what will change in new product/ new versionOn-
going tracking Legal permission to release
product
Needs Drivers CTQ
Kano Model
Must Be More Is Better Delighters
Legal Process
Have an effective process to remove risk from open source software that increases the cycle time.
Have an effective process that doesn’t add more time to current time.
Have a total integrated process such as to effectively analyze software and streamline entire process and reduce cycle time.
Must Be More Is Better Delighters
Database
At the minimum, legal can maintain and develop a spreadsheet for each product.
Database should have both legal and developers access.
Database that integrate both developer and legal to speed up communication process and information exchange.
Measure Phase
Gantt Chart – Measure stage
Pareto Chart
ABC Project Priority Pareto
4035
25
05
1015202530354045
Get cooperationand buy-in for
project from Sr.Mngt
Reduce Legalanalysis time
Create efficientcomunication /transaction flow
between Legal andDev.
Primary Tasks
Pri
ori
ty (
10
0)
Tasks
ABC Legal Open Source Software Analysis of Timeline
(Wait time)
(Wait time)
(Wait time)
I Hour
1 Day
4 - 5 Days
1 Hour
Legal contacts Development Management and advises or risks.
Product Manager responds with Developer contact info. Legal sends e-mail to Developer asking if new product contains and OS software, and if so, to send all licensing info for the open source software, and how it was used, to Legal. This step often requir
Legal Monitors for new products, contacts Product Manager for contact info of developer responsible for new product
Legal receives the open source licensing info and does a legal analysis of the license language to determine if the OS software, or how it is used, is problematic.
Development Management notifies Legal of any action they will take.
10 Day Total
1 Hour
.75 - 1 Day
3 - 4 Days
Balance Scorecard
Internal Business Perspective
Learning and Growth
Perspective
Learning and Growth
Perspective
Financial Perspective
Internal Business Perspective
Goals Measure Target InitiativesReduce the number of products that have problematic open source components
Actual number of released products with problematic O.S. components vs. plan
Zero products
Step-1 Determine which have open source software
Develop a efficient legal investigation process to reduce product launch delays
Compare the current cycle time of 6-8 hours with the past
20 minutes Step-1 Identify the current process bottleneck
Develop and maintain a database of past, present, and future software components to use as a means for centralized exchange
Compare the past and present time it takes to acquire and communicate product information.
15-20 minutes
Step-1 Develop a database of all past, present, proposed future product versions and their software components
Reduce the rework required to remedy products with problematic open source code
Compare the % of rework or addition version release with the current % of version releases due to problematic open source software
0% Step-1 Making a determination of problematic open source software
Learning and Growth Perspective
Goals Measure Target InitiativesHave software developers recognize problematic open source software using open source scanning software
Compare the number of problematic open source software components found in products
30% of all software submitted to Legal have problematic open source code
Technology to support business development
Obtain upper management buy-in through educating and communicating with of the risk of O.S. use
The number of commitments from upper management
100% Managementresponse
Step-1 Develop a policy document to be circulated throughout upper management
Perform legal investigation of the use of products with open source components without impacts the time a product is delivered to market
Compare the time a product goes through the complete development process (write code, legal, delivery) with past
Delta of cycle time Train workforce
Customer Perspective
Goals Measure Target Initiatives
Have on time delivery of non-problematic software products
Compare the time it takes to deliver software non-analyzed software with O.S. components that has vs. software that has not been through the legal process
Meet customer delivery date
Step-1 Measure the current time
Customer satisfaction with all of the components used in the product
Compare the number of customer complaints due to problematic O.S. components Measure the number of customer request for product information
0 complaints Develop a database of the components in the products.
Customer retention Compare the number of customer before and after the new Legal analysis process
Retain all current Customer
Step-1 Develop a survey of customer satisfaction
Financial Perspective
Goals Measure Target InitiativesReduce the cost of rework required on problematic products that have been released
Compare the cost to developing a patch for a released a product.
Compare the cost of delaying the release of a product due to problematic open source that has problematic open source components
0 dollars Reduce operating cost
Reduce the risk of law suits against the company and our Customers due to viral software
Compare the number of law suits future law suits with the present number
0 Suits brought against us or our Customer
Incorporate Blackduck software
Analyze Phase
Gantt Chart – Analyze stage
PEOPLE
Convenient
Developers download SW without checking
FreeProven
Senior management doesn’t know the risk
The company has never been sued
No many sues in the field
Is a new field
No one has ever told them
It’s a new phenomenon
There’s no customer feedback
It’s a new phenomenon
They don’t know there’s OS in the product
The company is not asking for feedback Potentially hazardous OS is being released
METHODS Current process allows the release of potentially hazardous softwareRisk is not previously understood
Lenghty legal analysis
Developers don’t know what information Legal needs
Lack of license databaseOrder of events
Legal previously wasn’t involved
The company doesn’t want to slow down development
Potentially hazardous OS is being released
Developers send insufficient information
It costs money
It costs time
The risk was not understood
No one told them
It’s a new phenomenon
Developers send wrong information
There are no instructions
It’s a new phenomenon
COMMUNICATIONS
Lack of information recording
There’s no database
No record keeping
It’s time consuming
They didn’t know is a problem
Lack of centralized information
Potentially hazardous OS is being released
It’s only for internal use
There’s no protocol
There’s no need for interdepartmental communication
RESOURCES
Employees aren’t trainedIt’s not a priority
Senior management lacks of
It’s profit driven
Prioritize costs over risks
The company is using unsanitazied open software
Potentially hazardous OS is being released
Understanding risk
There’s no analyzis of the licenses
It adds cost to the product
It delays the product
They don’t know how
They don’t know Risk Management Software
The cost is unjustified
Opportunity Cost
Upper Management Buy-in is critical SCO vs. IBM
IBM is being sued for 5 billion due to OS licensing issues
SCO vs. DaimlerChrysler Chrysler violated certification compliance of OS
being used for an undisclosed sum Blackbuck: Compliance Management
Software Code Analysis License database Reporting and Track
Opportunity Cost
Competitors who are using Blackduck Software
• Samsung •Dafca
• Siemens •Fuego
• IMLogic •EPAM
• PTC •MarketSoft
• Revivio •Ping Indentity
•Kayak •Pivot3
•Laplink •SAS
•OpenCountry •Tira Wireless
Opportunity Cost
Blackduck is offering a free 30 day trial
House of Quality
Legal not a bottleneck
Efficient Database
Developer responsible software content
Easy to use open source scanning tools
Software product tracking systemC
os
t
Tim
e
Ac
cu
rate
Inte
gra
tio
n
Eff
ec
tiv
e
Us
er
Fri
en
dly
5
4
3
2
1
Re
lativ
e I
mp
ort
an
ce
Symbols
Positive Strong
Positive Medium
Negative Strong
Negative Medium
Improve Phase
Gantt Chart – Improve stage
Commitment Scale
People or Groups
Level of Commitment Senior Management DevelopmentRelease
Department Marketing/Sales
Enthusiastic-Will work hard to make it happen ● ● ●Helpful-Will lend appropriate support ●Hesitant-Holds some reservations, won't volunteer
Indifferent-Won't help: won't hurt x xUncooperative-Will have to be prodded x
Opposed-Will openly state and act on opposition x
Hostile-Will block at all costs
Involvement Matrix
Reference Number
Action or Involvement
Which groups or individual should be:
Responsible for Involved In Consulted with regarding
Informed about
1Identifying Solutions ABC SW Team
Team Sponsor Team Coach Team Coach
2Selecting Solutions Team Sponsor
ABC SW Team
Development Team
Senior Management
3Planning and Implementation ABC SW Team
Team Sponsor Team Coach
Senior Management
4Handling potential problems
Team SponsorTeam Sponsor Team Sponsor Team Sponsor
5 Implementing the solutionTeam Sponsor
Team Sponsor Team Sponsor Team Sponsor
6 Monitoring ResultsTeam Sponsor
Team Sponsor Team Sponsor Team Sponsor
Communication Plan
Role Who Main Concerns Communication Notes
Team Leader Legal Senior Management acceptance
Weekly updates and progress report to General Council and Development Management
TeamMembers
6 Developers –One developer form each of six groups
Pilot / new processes adversely affecting development cycle
Weekly meetings
Sponsor General Council
Adding value to company
Upper Management interface as needed
Team Coaches
ABC Improvement team
Provide satisfactory service
Weekly, or more often as needed, conference calls or meetings
Other Stakeholders
Development Management
Slow production and loss of staff dedicated to pilot
Communication as needed with Legal and/or General Council
Development generates code using open source or
recycles code from previous programs
Development scans previous software code with Blackduck compliance management software to identify
and gather licenses of any open source software
Developer compares the Blackduck report results with the list of the approved OS licenses in the OSL
(Open Source License) database
NO
YES
A
Plan/ DO
Improvement Pilot Flow Process
Is the OS component being used
in an approved manner?
Is the OS component
license listed in
OSL database?
YESNo legal analysis
of OS license required
Developer emails Legal the OS software license/info and a description of intended use
NO
A
Legal prioritizes Developer’s request and performs legal analysis ASAP, or no later than day end
NO
Legal returns email to Developer that the
software and its intended use is not
problematic
Development / Upper Management makes executive decision on using the
OS component
Legal updates the OSL database with the new OS license info for future Developer’s use
Legal returns email to Developer with explanation that OS software, or its intended
use, is problematic.
Is the OS software and its
intended use okay?
YES
Plan/ DO
Check/ Action
Check Action
ITIT performs an audit on the system to ensure that the Blackduck software is up to date with the latest Blackduck software license information
Contact Blackduck to request the latest database information upgradeYearly compliance training
DeveloperDeveloper performs 100% software inspection using Blackduck Developer performs 100% database comparison of Blackduck report with the OSL database for both match up and usage
Management performs random software audit for Blackduck complianceYearly compliance training
Check/ Action
Check Action
DeveloperDeveloper reports 100% of all unidentified OS license information
Discuss the importance of 100% compliance with the Legal Analysis of open source software process with employees
Legal100% of all OS Developer analysis inquires are reviewed for language and usage100% of all Legal analysis inquires are responded to with results no later than day end100% of new OS licenses are added to the OSL database
Development Management address problem with Legal
Control Phase
Gantt Chart – Control stage
Standard Operations Combination Chart
Standard Operations Combination Chart Developer:
Process: OS Legal Analysis Date Legal:
Product ID: Time Operation Cycle Time
Step Operation Description Manual Auto Wait 30 60 90 150 210 270 330
1 Developer generates code Varies
2 Create Blackduck Filter 5
3Run software module through Blackduck 5
4 Generate license report 10
5Compare the report to OS license database 20
6 Notify Legal of OS use 10
7 Legal performs analysis 20
8Legal responds to Developer's inquiry 5 240
9 Legal updates OS database 15
Total 45 45 240
Monitoring of SOP In order to track the process in the Standard
Operation Combination Chart, a proprietary ABC Software tracking tool, called TeamTrack, will be used.
TeamTrack is a business process automation tool that will be used to track the tasks and elapsed time throughout the OS Legal Analysis process.
A TeamTrack log will be opened whenever Development begins a new software project.
TeamTrack log will track and monitor the process and generate an activity report that will be used as a process control tool.
Quality Assurance
Legal response time to OS analysis can be monitored using TeamTrack
Developer’s compliance of SOP will be monitored through upper management random audits to ensure that Developers are having all OS components analyzed by Legal.
Conclusion
Through the application of Six Sigma Tools and DMAIC Methodology, an improved pilot process was developed that ensures timely legal open source analysis of all ABC software.
Through the implementation of this improved process, the risk associated with using OS will be mitigated.
The Control plan put in place will ensure SOP compliance.
Any Questions?
Thanks for the new process.
They deserve an A !