Tools: Evaluation Criteria

[ljknews at mac.com (ljknews)]

At 12:34 PM -0400 5/23/07, McGovern, James F (HTSC, IT) wrote:

> If one can produce a metric, scorecard or other terms attractive to
> modern IT executives, it is certainly more attractive than engineering
> practices they don't understand.

A good metric would be what development process was used in development.
"Relying exclusively on component reuse" might seem attractive to the
accountants, but more thorough analysis would say it is not the solution
to all problems.

> Audit-oriented thinking also allows folks to put clauses into contracts 
> when enterprises procure software from third-parties and can mandate scans 
> by multiple tools that produce a score below say X 

Racing sailboat rigging gets periodic X-ray (or magnetic flux, I forget)
scanning to find developing cracks.  I presume the same is true for some
types of aircraft.  Certainly it is better to find the _cause_ of fatigue
since it is possible to have a defect not caught by the scan.

> while what you are proposing is a lot harder and requires more trust 
> when third parties are involved.

How is trust involved ?  Are you saying that vendors would lie about the
kind of software development methodology they can use ?
-- 
Larry Kilgallen