Daily Habits

Each day, we woke up to things to do. Yet sometimes, we forgot to do the things that would allow us to move forward. Here are 4 things I find it helped me to set my head, body, and mind ready to move forward without making the big step. Each day, I do these four items:

  1. Walk (at least 5 minutes)
  2. Yoga (at least 5 minutes to check in with the body to stretch)
  3. Read (at least 5 minutes of any genre, to focus on one thing without distraction)
  4. New skill (at least 5 minutes to work on a new skill. It can be to read or watch a video to learn a new skill).

That is it! The 5 minutes, of course, for each task will not take 5 minutes, however, it will open us up to new opportunities to work on the task until our heart says it is enough for today. We mark on our calendar that we have done it (feel-good effect). And we have done things that keep us moving forward. Don’t overthink the habits, simple of 5-minute of each 4 tasks. In a year, you will discover you’ve done more than just 5 minutes. Happy upskilling your life!

Learning Security+ with me

These are resources I’m using to study for the exam.

Reading
CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
https://amzn.to/3c9hjcF

Watching
Udemy Jason Dion https://www.udemy.com/share/101Wj8A0oac1tUQQ==/
Udemy Mike Meyers https://www.udemy.com/share/101WtyA0oac1tUQQ==/
YouTube Professor Messers https://youtu.be/JU5zkddWits

Share your resources with me if you have any recommendation.

###

Learning Salesforce with Me

These two free accounts are needed to learn Salesforce on your own pace:

MAKE IT OFFICIAL

The official certification will ask the patron to sit down for an exam.
https://trailhead.salesforce.com/credentials/developeroverview

If you want to follow my profile https://trailblazer.me/id/krioseco

###

Reader on a budget 

I’m a slow reader and love to drool over how authors use words in their storytelling. That being said, I’m a big fan of free things especially books. I use 3 tools: library card, Libby app, and Amazon Kindle. I am so excited to find these resources.

First, apply for a library card from the nearest library.

Second, download app call Libby by OverDrive (via on Android). I use Libby to check out books and audiobooks. And, I enjoy listening to audiobooks on Libby. Then, I use Amazon Kindle or Kindle device to read books.

Third, download app Kindle (known as an Amazon Kindle). As I mentioned earlier, I read book with Kindle app on my phone or on my Kindle device.

These are ways a reader can read as many books on a budget. In fact, there is no money needed. books are free.

Through Libby app, you can  borrow or read up to 10 books for 21 days at a time (limit to 10 borrowed; placed on hold is 15). After 21 days, the books will get automatically checked in or manually renew if there is no patron waiting on hold. Moreover, there is no overdue charge (if you forget to check-in the book at the library).

I hope you enjoy my tips. Happy Reading, Kat

Impacts of the Software Configuration Management

ABSTRACT

Software development projects have complexity with different technical expertise and in different phases of the software development life cycle from developmental phase, maintenance, and to production.  In addition, the software developers and testers possess different levels of technical security-related knowledge to perform their job function.  It is a must to implement Software Configuration Management (SCM) discipline into every phase of software development. The process integrates different systems engineering functions, security-related policies and procedures, and techniques that involve other disciplines such as version management, change management, building management, and release management to finalize a completed software application with integrity, reliability, and security for end-users.

Given that most of the software development companies have already implemented their own trusted tools and utilized best practices and process maturity principles for their software development life cycle, I will not rehash the tools and methodologies (such as waterfall or spiral) that a particular organization may be using.  However, it is important that software development organization look into Software Configuration Management (SCM) discipline to document the changes of the evolution of the software processes of the initial implementation of the potential software maintenance process.

In most software development organizations, they have worked with different user requirements and baselines; and with multiple clients at the same time. In this paper, I will discuss the importance of implementing software configuration management (SCM) discipline and address issues with SCM. 

KEYWORDS

Software quality assurance, software configuration management, quality, security-focused

I.                INTRODUCTION

The goal of software development is to preserve the security properties in the software system proprieties. Companies employ programmers and testers to build software. In addition, they need to have experiences with cyber security, knowledge of best practice principles and know how to help mitigate risks in the software development.  As a result, the final product is deployed with minimal defects and vulnerabilities. The Department of Homeland Security (DHS) has established the Software assurance (SwA) program to minimize exploitation, reduce software vulnerabilities, and mitigate risks with tools to assess systems for hidden malicious code. Software projects come in different sizes from a small in-house development team to large complex software development team such as U.S. Department of Defense (DoD). Thus, the SCM tools need to be flexible to maintain system components in the software configuration management discipline.

In this paper, I will discuss the need to implement a software configuration management (SCM) and address issues with the disciplines in other software phases (i.e., maintenance process). Thus, I will assume that software organizations have committed to using the best practices and methods to develop a software application that is instilled with security controls, reliability, and integrity into the final software product for their end-users.

Benefits of SCM uses in Industries

Examples of different industries using SCM for the software development

1.1 Automotive Industry

The article Protection of Intellectual Property Rights in Automotive Control Units by Wasicek (2014) demonstrates the importance of the securing their business software system components. The organization also utilizes Information and Communication Technology (ICT) security technologies to secure the communication channels with multiple suppliers and implement software configuration management to manage changes with their vendors during development of their new products. They also address information systems that are used to protect against competitors and industrial espionage from stealing the business system components. In the automotive industry, the property intellectuals consist of control algorithms (i.e., hybrid power distribution), safety functions (i.e., Anti-lock braking system), driver assistance systems (i.e., navigation system), and diagnostic systems (i.e., vehicle’s status). These system components are vital to the automotive business and competitors. Thus the interaction to create a quality software for the automotive industry is controlled and structured process by using configuration management system.

1.2 Pharmaceutical Industry

            Israel-based Teva Pharmaceutical Industries Limited has replaced its paper-based application development workflow with change management and code-change tools (i.e., MKS Integrity Manager) from MKS Inc. The tools help to meet regulatory requirements by the U.S. Food and Drug Administration (Havenstein, 2006). The tools also verify that the changes are meeting business user request. A documented trail of all activities, from initial request to when the code is moved into production for each request.  The MKS Integrity Manager workflow tool has features that integrated with software configuration management and change management in which it allows programmers to view source code needed for the change request and programmers can also compare against the details of prior changes.  The automated documentation and change management process allows a company to record and track all the details of the change requests and what changes have been made into the production.

II.              WHAT ARE SOFTWARE CONFIGURATION MANAGEMENT COMPONENTS

            Software Configuration Management (SCM) records all changes requested, reviewed, approved, rejected, and implemented through software development process and identify the actual approved software changes. The SCM documentation could be reviewed by an auditor.  Moreover, SCM supports the product after the project is completed and must be maintained for the lifetime of the software. More importantly, SCM discipline uses other tools such as version control management, change management, building management, and release management.

  • Version control management stores the existing system components to produce approved configuration version to the target software or system.
  • Change management keeps track all the records of the changes made in the development, testing, and production environment stages. 
  • Building management compiles the final products with the latest versions of the components.
  • Release management delivers and addresses the latest components in the final products.  It confirms the CCB’s responsibility for accepting or rejecting review and test results before the software’s release to the production environment. It defines the location of the backup media and installation manual. The release documentation will include release schedule and describes how change request will be packaged into release.

After a software development plan has established the project core objective, addressed the scope of the project, and defined the policies and procedures, a software configuration management plan defines the project baselines and components which correlate with deliverables and milestones.

Let’s discusses the fundamental elements of a software configuration management. 

2.1 Fundamental Elements of SCM

  • Software configuration identification (milestones, baselines, and components): it defines the baselines and components that calls Software Configuration Items (SCIs). It will describe the naming convention, version identification and control, and baseline identification in the release identification system. Baselined components were created during the software development life cycle models; for example, in the waterfall model (linear development in nature), each phase is completed before the next phase begins. Thus a new baseline is created after approval acceptance of all components in a specified development phase. The baseline components are incorporated into the configuration control library. As for the spiral model (cyclical development in nature), the baseline is established after each revolution through the spiral. Thus changes to the baseline are made after every iteration of the spiral.
  • Software Configuration Control: it defines the project library and specifies the access privileges and procedures. It holds the controlled documentation, source, and data for the project software. In the project development plan addressed the Project Change Control Procedures. It defines how SCM procedures will be conducted for initiating, evaluating, approving or rejecting change requests to its release. It specifies how changes may impact another system (for example, emergency request, mandated request, enhancement requests) and how potential changes will be communicated to others for maintenance systems.  The traceability features allow the auditor to verify that approved changes get implemented into the software components. Thus unauthorized implementation can be prevented and accountability is preserved.
  • Software Configuration Status Accounting: it records and reports the status of the project such as work in the project, identify the problem that could affect the milestones, baselines, and release date, as well as the system evolution.
  • Software Configuration Auditing: for the auditing purposes, the software development processes will be reviewed by quality assurance, internal auditors, and/or the external auditors. Thus, the SCM plan identifies where the records of change requests are maintained and who made the decision to authorize the implementation or the reject the request. More importantly, the auditing function will determine the overall acceptability of the proposed baselines and quality assurance of the test, evaluation, completeness, and consistency.

2.2 Advantages of software configuration management

As described in NCSC-TG-006, A Guide to Understanding Configuration Management in Trusted Systems, “the purpose of configuration management is to ensure that these changes take place in an identifiable and controlled environment and that they do not adversely affect any properties of the system” and it establishes a mechanism to ensure software security in NIST SP-800-64:

  • Increased accountability for the software by making its development activities more traceable;
  • Impact analysis and control of changes to software and other development artifacts;
  • Minimization of undesirable changes that may affect the security of the software.

Thus, it is a must in software development to implement software configuration management with the purpose of traceability. Traceability helps developers to understand the dependencies of relationship among artifacts or system components within and across different phases of the development lifecycle (such as requirements, design, and source code) in the change management.

2.3 Roles and Responsibilities

The SCM consists of key players of the project management:

  • A manager facilitates the change coordination and controls the function.
  • Technical professionals that manage the system components and software release procedures.
  • A change control board (CCB) consists of managers who are responsible for the software’s use, development, and maintenance. The CCB responsibility is to authorize changes to the software components, assign resources to work on approved change requests, and approve the release of new software components.

III.            MITIGATION ISSUES ON SOFTWARE CONFIGURATION MANAGEMENT

Software application evolution is an expected process at some point in the lifespan of software. Thus software development processes need to document all system components from the initial implementation of the project in the change management system and configuration management, for the purpose of transition to the maintenance process. 

Maintenance Process in SCM discipline

During the maintenance phase, the software gets evaluated for the classification of maintenance activities (Capretz & Munro, 1994):

  • Perfect maintenance: enhancing the software by altering functionality
  • Adaptive maintenance: changing the software to adapt to data requirements or processing environmental changes
  • Corrective maintenance: diagnosing and correcting design faults, performance faults, and implementation faults in order to keep the system properly working
  • Preventive maintenance: updating the software to anticipate future problems, such as to improve the quality of the software and documentation

By documenting the software development life cycle process with change management and configuration management, it helps to mitigate other issues with software maintenance:

  • Regression Testing: test to establish the program’s functionalities have not been changed after a program is modified.
  • Software re-engineering and reverse engineering: understand the initial functionality of the cod, recover the specifications, and opportunity to convert the software into another programming language.
  • Software maintenance metric: measure the effects of change in the software
  • Dependency analysis and slicing: determine the portions of code with affected by the program changes.

Personnel Management in SCM discipline

As noted on Common Book of Knowledge (DHS, 2007), “the competence of personnel is very important.” These competencies include technical skills in security and achieve low defect density, understand the application domain, communication skills with the team, and possess personal attributes of integrity.

For the current and future purposes of enhancement of the software development and maintenance phase, the principles and policies of SCM need to be addressed as soon as a new team member joins the group. More importantly, managers must establish software development principles and encourage the understanding of product and process knowledge that include reasons for design decisions. By understanding different viewpoints of the design decision to request changes, it helps to maintain the consistency and integrity of the configuration management system through multiple modifications in design models, source code, and test cases.  Technical professionals must also understand the reasons to adopt SCM discipline, possess the skill set to support the procedures, and integrate software development practices and principles in their job function.

In the article of Improving Change Management in Software Development: Integrating Traceability and Software Configuration Management by Mohan et al. (2008), it emphasizes the need to support personnel management with the skills in the product and process knowledge. By understanding of the two knowledge in product and process, it will bring consistency and maintain a high-quality practice in the development of system components via the change management.  It defined that product knowledge refers to an understanding of the software systems (models, specifications, documents, artifact versions, etc), and process knowledge refers to the knowledge about the artifact’s continuous evolution during the development (for example, the rationale behind design decisions). Both knowledges are important to contribute to a high-quality in software development. The article discussed further how the synergistic integrations of both knowledges will improve developer’s understanding of the system and how it may improve the change management process.  Their methodology research also discussed the reasons to link the artifact’s dependence connection in the SCM tools with traceability development model to manage the process knowledge elements to other parts of artifacts (such as use case and classes).

Impact Analysis in SCM discipline

            Impact analysis describes how to conduct a complete analysis of the impact of a change in existing software (SWEBOK, 2015). To conduct the impact analysis, programmers need to understand the software’s structure and content. The software configuration management system identifies all systems and stores software products that affected by the change request throughout the lifecycle of the software application. Thus impact analysis is performed with the knowledge of structure and contents of the software system. These are the impact analysis activities:

  • Analyze modification request (MR)
  • Replicate or verify the problem report (PR)
  • Develop options for implementation the medication
  • Document the MR/PR, the results, and the execution options
  • Obtain approval for the selected modification option

The maintainability of software configuration management helps facilitated impact analysis.

IV.            CONCLUSIONS

The value of implementing software configuration management and change management disciplines allow the continuous evolution of software application. In this paper, I have discussed the issues that might arise in maintenance process and traceability due to lack of SCM. Moreover, SCM helps to identify the structure of the software product, control changes incorporated in software artifacts, maintain the status of these artifacts, and generate reports for auditing and status update, and the importance of using change management for traceability.

VI.       REFERENCES

Bliss, M. (1993). Software Configuration Management. Information Systems Management, 10(3), 35.

Capretz, M. A. M., & Munro, M. (1994). Software configuration management issues in the maintenance of existing systems. Journal of Software Maintenance: Research & Practice, 6(1), 1-14.

DHS. (2007). Software Assurance: A Curriculum Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software. Retrieved from:https://buildsecurityin.uscert.gov/sites/default/files/publications/CurriculumGuideToTheCBK.pdf.

Havenstein, H. (2006). Right from the Start. Computerworld, 40(6), 26-26.

Mohan, K., Xu, P., & Ramesh, B. (2008). Improving the change-management process. Communications of the ACM, 51(5), 59-64. doi:10.1145/1342327.134233

Mohan, K., Xub, P., Caoc, L., & Rameshd, B. (2008, November). Improving change management in software development: Integrating traceability and software configuration management. Decision Support Systems on ScienceDirect, 45(4), pp. 922–936. Retrieved from https://doi-org.ezproxy.umuc.edu/10.1016/j.dss.2008.03.003

NIST. (1988, March). A Guide to Understanding Configuration Management in Trusted Systems. Retrieved from National Computer Security Center: http://csrc.nist.gov/publications/secpubs/rainbow/tg006.txt

NIST. (2008, October). Security Considerations in the System Development Life Cycle. Retrieved from NIST Computer Security Division: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-64r2.pdf

NIST. (2011, August). Guide for Security-Focused Configuration Management of Information Systems. Retrieved from United States Government Publishing Office: https://permanent.access.gpo.gov/gpo28868/sp800-128.pdf

SAFECode. (2008). Software Assurance: An Overview of Current Industry Best Practices. Retrieved from:http://www.safecode.org/publication/SAFECode_BestPractices0208.pdf.

Software Engineering Body of Knowledge. (2015). In SWEBOK, Chapter 5: Software Maintenance. Retrieved from http://swebokwiki.org/Chapter_5:_Software_Maintenance

Wasicek, A. (2014). Protection of Intellectual Property Rights in Automotive Control Units. SAE International Journal of Passenger Cars: Electronic & Electrical Systems, 7(1), 201-211. doi:10.4271/2014-01-0338

###