LOFTER-网易轻博

===============================================================================================

Sunrise按：本文乃Sunrise在整理需求开发中的一篇小文章，供理解需求开发和ISO-9126质量特征描述间的关系。今发出，供参考。

================================================================================================

软件开发中，需求是软件开发的源头。需求的改变将如同亚马逊河一边蝴蝶翅膀的振动引起另外一边的风暴一样，将引起一系列相应活动和文件的改变。故要联动地看待需求的改变。见图：

CMMI-DEV V1.3在需求开发中强调了软件需求的质量属性定义，见下图：

什么是软件的质量属性呢？CMMI-DEV V1.3中就提出了timeliness, throughput, responsiveness, security, modifiability, reliability, and usability这么几个属性。所有的软件质量属性都是非功能性需求范围。但如果想要知道明确的软件质量属性定义，那恐怕就要从非CMMI-DEV这个模型去查了。

ISO-9126就是专门阐述软件质量属性的文件。它提出了6个专门的软件属性及21个子属性。见下图：

有关ISO-9126软件质量特征的细部说明如下：

ISO-9126 软件需求质量定义

Functionality

Sub Characteristics

Suitability:
Attribute of software that bears on the presence and appropriateness of a set of functions for specified tasks. (ISO 9126: 1991, A.2.1.1)

Accuracy:
Attributes of software that bear on the provision of right or agreed results or effects. (ISO 9126: 1991, A.2.1.2)

Interoperability:
Attributes of software that bear on its ability to interact with specified systems. (ISO 9126: 1991, A.2.1.3)

NOTE -- Interoperability is used in place of compatibility in order to avoid possible ambiguity with replaceability. (ISO 9126: 1991, A.2.1.3)

Compliance:
Attributes of software that make the software adhere to application related standards or conventions or regulations in laws and similar prescriptions. (ISO 9126: 1991, A.2.1.4)

Security:

Attributes of software that bear on its ability to prevent unauthorized access, whether accidental or deliberate, to programs and data. (ISO 9126: 1991, A.2.1.5) 

Reliability

NOTE -- Wear or ageing does not occur in software. Limitations in reliability are due to faults in requirements, design and implementation. Failures due to these faults depend on the way the software product is used and the program options selected rather than on elapsed time. (ISO 9126: 1991, 4.2)

Sub Characteristics

Maturity:
Attributes of software that bear on the frequency of failure by faults in the software. (ISO 9126: 1991, A.2.2.1)

Fault tolerance:
Attributes of software that bear on its ability to maintain a specified level of performance in cases of software faults or of infringement of its specified interface. (ISO 9126: 1991, A.2.2.2)

Recoverability:
Attributes of software that bear on the capability to re-establish its level of performance and recover the data directly affected in case of a failure and on the time and effort needed for it. (ISO 9126: 1991, A.2.2.3) 

Usability

NOTES

1. `Users' may be interpreted as most directly meaning the users of interactive software. Users may include operators, end users and indirect users who are under the influence or dependent on the use of the software. Usability must address all of the different user environments that the software may affect, which may include preparation for usage and evaluation of results.
2. Usability defined in this International Standard as a specific set of attributes of software product differs from the definition from an ergonomic point of view, where other characteristics such as efficiency and effectiveness are also seen as constituents of usability. (ISO 9126: 1991, 4.3)

Understandability:
Attributes of software that bear on the users' effort for recognizing the logical concept and its applicability. (ISO 9126: 1991, A.2.3.1)

Learnability:
Attributes of software that bear on the users' effort for learning its application (for example, operation control, input, output). (ISO 9126: 1991, A.2.3.2)

Operability:
Attributes of software that bear on the users' effort for operation and operation control. (ISO 9126: 1991, A.2.3.3) 

Efficiency

NOTE -- Resources may include other software products, hardware facilities, materials, (e.g. print paper, floppy disks) and services of operating, maintaining or sustaining staff. (ISO 9126: 1991, 4.4)

Sub Characteristics

Time behaviour:
Attributes of software that bear on response and processing times and on throughput rates in performing its function. (ISO  9126: 1991, A.2.4.1)

Resource behaviour:
Attributes of software that bear on the amount of resources used and the duration of such use in performing its function.(ISO 9126: 1991, A.2.4.2) 

Maintainability

NOTE -- Modifications may include corrections, improvements or adaptation of software to changes in environment, and in requirements and functional specifications. (ISO 9126: 1991, 4.5)

Sub Characteristics

Analysability:
Attributes of software that bear on the effort needed for diagnosis of deficiencies or causes of failures, or for identification of parts to be modified. (ISO 9126: 1991, A.2.5.1)

Changeability:
Attributes of software that bear on the effort needed for modification, fault removal or for environmental change. (ISO 9126: 1991, A.2.5.2)

Stability:
Attributes of software that bear on the risk of unexpected effect of modifications. (ISO 9126: 1991, A.2.5.3)

Testability:

Attributes of software that bear on the effort needed for validating the modified software. (ISO 9126: 1991, A.2.5.4) 

Portability

NOTE -- The environment may include organizational, hardware or software environment. (ISO 9126: 1991, 4.6)

Sub Characteristics

Adaptability:
Attributes of software that bear on the opportunity for its adaptation to different specified environments without applying other actions or means than those provided for this purpose for the software considered. (ISO 9126: 1991, A.2.6.1)

Installability:
Attributes of software that bear on the effort needed to install the software in a specified environment. (ISO 9126: 1991, A.2.6.2)

Conformance:
Attributes of software that make the software adhere to standards or conventions relating to portability. (ISO 9126: 1991, A.2.6.3)

Replaceability:
Attributes of software that bear on the opportunity and effort of using it in the place of specified other software in the environment of that software. (ISO 9126: 1991, A.2.6.4)

NOTES

1. Replaceability is used in place of compatibility in order to avoid possible ambiguity with interoperability.
2. Replaceability with a specific software does not imply that this software is replaceable with the software under consideration.
3. Replaceability may include attributes of both installability and adaptability. The concept has been introduced as a subcharacteristic of its own because of its importance.

最近项目PDP过程中碰到了几个问题，还真是比较普遍的现象。现记录下来，以供他人和自己日后参考。

问题：

1. 裁剪该听谁？ 为何要裁剪？裁剪什么？

2. 组织级过程在项目PDP中如何裁剪？

3. 是否PDP裁剪指南中提到的Mandatory就不能裁剪？

先说第一个问题。其实在裁剪过程中，我也常听到某些人谈到，XXX顾问当初不允许我们裁剪XX过程。这里，似乎我们又回到了中国的二三十年代，那时，苏联老大哥顾问可是很吃香，举手一挥，你们应该XXXXXX。不错，顾问的确当时在评估前不许裁掉XX过程域，但那时是为大家熟悉整个CMMI ML3，同时为通过SCAMPI A评估而设的。任何话语，必须置于一定的时空背景下去理解才有意义，而非放之四海而皆准。CMMI的实践主体是公司，而非顾问。放眼读遍整个CMMI DEV V1.2版文本，也没有一定规定必须全部保留过程、活动、工作产品，等。因此，裁剪的目的是为了公司更好更有效地执行CMMI活动，更好地做项目，从而达到服务公司的业务目的。因此，项目PDP裁剪是为项目服务，而非设置障碍。项目裁剪的决定者（PL、PM、PPQA leader和其他相关干系人）在项目实际的基础上决定裁剪，则该项目PDP就可以成立，而且可以不断被更新。

那裁剪什么？什么都可以被裁剪，只要被裁剪的符合组织的期望和要求。一般来说，生命周期的phase，PA，Activities, Work Products, Measures, 等都可以被裁剪。裁剪的方法通常可以有Delete, Revise, Merge, Reduce, Add等几种。裁剪的原则就是要符合组织期待与要求，根据实际裁剪，根据实际更新裁剪。

现在说第二个问题，组织级过程在项目PDP中如何裁剪？

要回答这个问题，先要搞清楚组织级过程域通常由谁来实施。这是个白痴的问题，组织级过程当然是组织级来实施。那么组织级与项目级有何关系？是否一定要把组织级的过程域一定要拉入项目级PDP呢？

一般认为，OPF是组织EPG要关心的事，组织应该有个常任EPG的组织，负责不断采集、分析和识别组织的问题和改善机会，不断持续组织过程的改善。由于这个机构的存在，EPG参与所有的项目。因此，从这点上来看，OPF可以被列入项目PDP中，但也可以独立出来。因为，只要EPG在做事，OPF就一定能够被满足。OPD则同理。至于OT，基本相同，但操作上则更为复杂一些。

一般来说，如果组织培训架构包括了项目培训部分，即组织可以采集到项目培训计划或项目培训可以通过某种手段汇集到组织培训那儿，则OT需要包括到PDP中。否则，为提升作业效率，OT可以被裁剪。另外一个情况，如果项目人员有不熟悉组织流程、文化、必须技能而需要组织方面的培训，则OT又不可裁剪。因此，OT的裁剪需要根据实际情况和需要来决定裁剪。

在实际作业中，PPQA是一个严谨的、很遵守规范的部门。他们通常依据现有的规定来判断是否作业符合流程与规范。然而，实际的作业又需要一定的灵活性。因此，在PDP中被界定mandatory的是否一定不能裁剪呢？如果你去问顾问这个答案，则答案一定是不能裁剪。但我们知道，任何事物都在不断运动与发展中，因此，没有什么事情是一成不变的。只要你有充分的理由去改变，则你可以去改变，但需要注意的是：改变需要遵循流程，需要获得EPG（及其他相关高阶管理者）的同意，需要你将裁剪的案例陈述清楚，并贡献到组织财富库中去。

总而言之，你做CMMI是要遵循它的精神，而不是被它的某些条条框框所束缚。中国人做事的最高境界不是形似，而是神似。只有神似，才能活用，才能最大程度地利用到CMMI。这才是能力成熟度的提高。

【CMMI】评估Final Findings翻译

By Sunrise

2009-12-25

(C) No copy or duplication is allowed without prior consent of the author.

1．使用系統協助執行項目中工作產品審核時，審核人員由提出人指派，可能會遺漏必須參加審核人員，無法達到把關的目的。

When using a system to review and approve project work products, the review board list of each gate is assigned by the initiator. This may drop the required review persons and lead to failure of the intended purpose for review.

2. 除了關注客戶提出之需求變更和重大變更(如平台變更) 以外，需求規格基線發佈後發生的需求變更(如因設計導致的變更)，也應納入需求管理範圍中。

Besides customer proposed requirements and major changes like platform change, it is required to include all requirement changes occurring after each release of requirement baseline, such as design changes.

3. 少數項目屬性值的估算沒有變化，但工作量估算隨工期的延長而增加，不符合估算模型的精神。

There is no change of attribute value in a few projects’ estimation, but its effort grows with schedule delay. This fails to be conformant with the intended use of the organization’s estimation model.

4. 部份項目於WBS細部任務(Task)規劃與工作量分配時，未檢查規劃完成工作量與估算結果(總工作量、生命週期階段工作量分配%...等)間之一致性。

When making WBS task planning and effort allocation, some projects failed to inspect the consistency between the planned effort and the estimated effort (total effort, percentage allocation to each lifecycle phase, etc.)

5. 項目在計畫中識別所有的Stakeholders，但是對部份外部Stakeholders的參與規劃不完整。

Project plans have identified all stakeholders, but some external stakeholders’ involvement planning is incomplete.

6. 度量報告中度量項數據來源定義不夠明確，可能影響度量資料的正確性。如工作量數據，未指出原始數據(Raw Data)來源。

The definition of certain measures’ data source in MA reports is not explicit. For example, the effort data collection fails to specify its raw data source. This may impact the correctness of measurement data.

7. 度量分析多為反應度量工作執行面之問題，對數據所呈現出之意義，未有深入詮釋(Interpretation)。

The current measurement analysis is mostly seen to reflect the execution of MA work and failed to present further interpretation upon what the data convey in itself.
 
8. 建議負責度量工作人員，應接受進階的訓練(如統計分析)，強化資料分析能力。

It is recommended that MA engineers receive advanced trainings like statistics to improve their ability in data analysis.

9. 目前PPQA對所有工作產品與流程執行狀況皆有進行審核，然而對部份受審查項目之深入程度不足，無法指出相關之不符合事項(NC)。

At present, PPQA audits all work products and the execution of process activities, but lacks inspection depth in some projects and therefore is unable to find out the related non conformance items.

10. PPQA人員由各單位選派人員產生。部份PPQA人員( 含主管)的工作由其主管進行稽核，可能影響評估之客觀性。

PPQA members are now assigned by different organizational units. Some PPQA members (including manager) are audited by their direct manager, which may impact on the objectivity of its evaluation. 

11. 項目對代碼之配置識別不夠完整，可能影響後續管理工作之執行(例如對開放源代碼、自行開發代碼之管理應有所區別，以避免侵權)。

Projects failed to identify the complete configuration of source code. This may impact on the successive code management. For example, open source code should be distinguished from self developed code to avoid possible intellectual property infringement.

12. 部份逐步分解需求的文件(如：Draft Feature List、MMI Guide)，命名與定義不規範。建議能有一致性的規範。

The naming convention and definition of some requirement development documents like Draft Feature List and MMI Guide is short of a rule. It is recommended a rule for consistency be generated and followed.

13. 項目中有執行PDP中定義的Code Review工作， 但沒有在Peer　Review Plan中指定Review的Code和Review的方法，可能導致Code Review的執行範圍不清楚、方法不一致、與紀錄不完整。

In projects, code review is performed in accordance with PDP definition. However, the Peer Review Plan does not define code review scope and method, which may cause the code review’s scope unclear, method inconsistent and records incomplete.

14. 項目使用Peer Review Report和QA Test Report分別對缺陷進行分目前析，但未見對整體測試有效性之分析。建議對整個生命週期中各開發階段Verification (Peer Review，Unit Test，PI Test，QA Test)的缺陷加強總體的分析。

The projects use Peer Review Report and QA Test Report now to analyze defects independently, and therefore miss an analysis on the validity of the entire testing.  It is recommended that the organization strengthen the overall verification analysis of defects existing in each lifecycle phase (Peer Review, Unit Test, PI Test and QA Test).

15. 目前即使是同樣的工作產品，也是由項目自行制定Checklist進行Peer Review。建議組織能蒐集項目回饋之Checklist，按工作產品來分類管理，以便未來項目執行Peer Review 參考。

At present each project defines checklists itself to conduct peer review, even the same work product. It is recommended that the organization can collect all checklists defined by projects and manage them by category of work products for future peer review references. 
 
16. 目前項目使用QA Test Report對缺陷進行分析，但未見對整體測試有效性之分析。建議對整個生命週期中各開發階段Verification (Peer Review，Unit Test，PI Test，QA Test)和Validation (White Glove Test, Stress Test, …等)的缺陷加強總體的分析。

Projects use QA Test Report now to analyze defects, but analysis on the validity of the entire testing is not seen. It is recommended that the organization strengthen the overall verification analysis (Peer Review, Unit Test, PI Test and QA Test) and validation analysis (White Glove Test, Stress Test, etc.) of defects existing in each lifecycle phase.

17. 組織應加強項目回饋之工作產品、度量數據、與經驗分享進行說明，以便項目應用這些資產。

The organization should strengthen instructions and trainings on project contributions like work products, measurement data and lessons learned so that projects can deploy these assets.

18.度量庫中項目類型考量不夠完整，未包含所有組織之項目形態。

OMR does not include all project types and all projects in the organization and therefore is incomplete.

19. 組織應加強財富庫管理規範(如入庫準則，標準生產率基線發佈頻率等)，以確保不會捨棄未來可用的數據，以及協助項目取得正確之規劃依據。

The organization should provide more detailed OPAL management guidelines (entry criteria, standard productivity baseline release frequency, etc.) to ensure that the organization’s process assets will not ignore the future usable data which may help plan projects correctly.

20. 少數項目未經CCB審核流程簽核，就已將資料回饋入庫。組織應加強財富庫簽核流程管理。

A few projects contributed project data to OPAL without CCB review and approval. The organization should strengthen the flow management of OPAL review and approval.

21. 組織財富庫目前使用項目作分類，庫結構比較複雜，目錄結構層次較深，影響使用人員查詢搜索與獲取文件的效率。建議財富庫架構可按流程(Processes)進行分類。

The available OPAL is categorized by projects and its structure is a bit complicated with multiple embedded folders. This will impact its searching and file getting efficiency. It is recommended that OPAL be classified by processes.

22. 目前組織培訓成果績效通常由員工直屬主管打分。建議根據培訓內容決定是否納入項目主管打分。

At present the organizational training effectiveness is usually assessed by home organization manager. It is recommended that project manager be included in training effectiveness assessment dependent on training content.

23. 少數項目PDP (Project Defined Process)之裁剪(Tailoring)理由的描述與組織裁剪指南的定義不一致。

The descriptions of a few projects’ PDP tailoring reasons do not comply with the definition in the organizational tailoring guidelines.

24. 少數項目之度量報告顯示實際工作量與估算工作量有落差，但未及時檢討，會影響矯正措施的有效性。

A few projects’ measurement reports show a gap between the planned effort and the estimated effort and failed to be reviewed timely, which may have impact on the validity of its corrective actions.

25. 在PDPＭ會議有討論與紀錄重要stakeholder之關鍵依賴關係，但未在項目計劃涵蓋所有重要stakeholder之關鍵依賴關係，可能對後續的項目進展中的管理造成漏失。

PDPM (Product Development and Project Management) meetings have discussed and recorded all important stakeholders’ key dependencies but failed to cover them in project plans, which may cause its missing in the following project management activities.

26. 少數項目對風險處理和提出的處理方法(Avoid, Mitigate, Accept, Transfer)不一致，例如處理方式是緩解，但並未列出緩解計劃。

A few projects failed to handle risks in consistency with their plans (Avoid, Mitigate, Accept and Transfer). For example, it is planned to mitigate, but a mitigation plan is missing.

27. 建議嚴重度(Impact)較高的風險，即使風險系數(Exposure)較低，也應訂定緩解計劃，避免一旦發生時會產生重大的影響。
It is recommended that risks with high impact be given mitigation plans even though their risk exposure is low, such that severe impact can be avoided in case of their occurrence.

28. 建議對於挑選出來備選方案的過程要有相關的記錄，以便未來追蹤與瞭解。

It is recommended that the process of how to select the alternative solutions be recorded for future traceability and understanding.

29. 建議對於備選方案各項準則(Criteria)的評分標準要有明確的定義，如無可能導致因個人認知不同而造成之差異。

It is recommended that there should be definite scoring instructions on each alternative solution’s criteria such that no misunderstanding will arise during rating.