Web E-Commerce Development CMM

Web E-Commerce Development -- CMM Report

Meg Broderick (Project Leader) Cynthia Chan Eric Cole Joe Feliciano Tony Gottlieb Stella Konstantinou David Ulmer

Revision 1: August 4, 2002

Assignment for DCS823 Doctorate of Professional Studies in Computing

Pace University Web E-Commerce Development -- CMM

School of Computer Science and Information Systems July 2002

2 Web E-Commerce Development -- CMM

Executive Summary

This report defines a high-level Capability Maturity Model (CMM) for web development practices targeted at e-commerce web sites. The CMM methodology uses a range of 1 -5 to define the refinement of the processes which range the level 1 -"Just Do It" approach to process optimization at level 5. E-commerce sites present unique software engineering challenges that are different from traditional software development. This uniqueness is not only based on the differences in the technologies used (in many cases less mature technologies), but also because the end-user is the company’s customer. Maintaining and leveraging this mission-critical customer – vendor relationship is a significant aspect of most e-commerce web sites and drives the need and extra effort expended on usability and graphical/brand appeal.

Approach

We choose as a starting point the CMM model for software development. The Web Development

E-Commerce CMM has many of the dimensions relating to software development in common, but since it encompasses the entire solution, hardware, network, security and other key process areas are incorporated into the CMM. In essence, the Web E-Commerce Development CMM is a superset of the Software CMM. To illustrate the differences, Section One of this report compares and contrasts the SW CMM to a proposed CMM for Web E-Commerce Development.

In Section Two, the capabilities for Web E-Commerce Development are then mapped by process area and level. Under the CMM methodology, the next step requires the establishment of measurements and other tools. Metrics for Testing and Error Tracking are examined in Section

Three. Finally, Section Four provides a summary of the findings and recommendation for further study.

Comparative Analysis

Software CMM [1] Web Development CMM

Level 2 - Repeatable Level 2 – Repeatable / Largely Static Web Site Requirements Management Requirements Management Goal 1: System requirements allocated to software are controlled Goal 1: Same to establish a baseline for software engineering and management use. Goal 2: Software plans, products, and activities are kept Goal 2: Same consistent with the system requirements allocated to software. Goal 3: Physical facilities such as internet testing labs and special equipment and hardware requirements determined and planned

Application Integration Requirements Goal 1: Cross-functional application integration process defined Goal 2: Platform (e.g. windows, Unix, Mac, etc) and browser support defined Goal 3: Software and standard application (e.g. coexistence process defined Goal 4: Software device and printer support defined

Privacy Requirements Goal 1: Privacy policy defined.

Internationalization Requirements Goal 1: Locale support defined

Legal Requirements Goal 1: A legal/business process to evaluate and regulate customer privacy is defined. Goal 2: A legal/business process to evaluate and regulate application specific legal issues is defined

Software Project Planning Goal 1: Same

Goal 2: Same. Software Project Planning Goal 1: Software estimates are documented for use in planning Goal 3: Same. and tracking the software project. Goal 2: Software project activities and commitments are planned Goal 4: Legal group (privacy, security and internationalization) and documented. activities and commitments are refined, documented and planned Goal 3: Affected groups and individuals agree to their commitments related to the software project. Goal 5: Legal group agrees to their commitments related to legal requirements required for the software project

Software Project Tracking and Oversight Goal 1: Same

Goal 2: Same Software Project Tracking and Oversight Goal 1: Actual results and performances are tracked against the software plans. Goal 3: Same Goal 2: Corrective actions are taken and managed to closure when actual results and performance deviate significantly from the software plans. Software Subcontract Management Goal 3: Changes to software commitments are agreed to by the Goal 1: The organization’s management selects qualified software affected groups and individuals. subcontractors. Goal 2: The organization and subcontractor agree to a statement Software Subcontract Management of work and contract Goal 1: The prime contractor selects qualified software Goal 3: The organization and subcontractor establish regular subcontractors. communication meetings and mechanisms (e.g., status reports, Goal 2: The prime contractor and the software subcontractor email, working group meeting schedules, agree to their commitments to each other. Goal 3: The prime contractor and the software subcontractor Repository access/update, etc.)

6 Web E-Commerce Development -- CMM maintain ongoing communications. Goal 4: The organization’s IT department tracks the actual results and performance against its commitments.

Goal 4: The prime contractor tracks the software subcontractor's Software Quality Assurance actual results and performance against its commitments. Goal 1: Same Goal 2: Adherence of software products and activities to the Software Quality Assurance applicable standards, procedures, and requirements is verified Goal 1: Software quality assurance activities are planned. objectively through test plans. Goal 2: Adherence of software products and activities to the Goal 3: Same applicable standards, procedures, and requirements is verified objectively. Goal 4: Same Goal 3: Affected groups and individuals are informed of software quality assurance activities and results. Goal 4: Noncompliance issues that cannot be resolved within the software project are addressed by senior management. Software Configuration Management Goal 1: Same

Software Configuration Management Goal 2: Same Goal 1: Software configuration management activities are planned. Goal 3: Same Goal 2: Selected software work products are identified, controlled, and available. Goal 4: Same Goal 3: Changes to identified software work products are controlled. Static Content Management Goal 4: Affected groups and individuals are informed of the status Goal 1: A business process exists to create static information and content of software baselines. content written in HTML, PDF or other web-based formats. Goal 2: A business/legal process exists to create privacy information content written in the required web-based format. Goal 3: A business process exists to create supported locale static information. Goal 4: A business process exists to create help specific static information (demos, setup instructions, etc.)

Security Perimeter Protection

Goal 1: Firewall technology deployed to inspect and monitor incoming traffic. Goal 2: Take corrective action on attempted attack or intrusion

Front-end Static Coding Goal 1: An organizational team exists for producing static content in HTML or other web-based formats (including predefined privacy and help content). Goal 2: An organizational team exists for producing static information written in supported locales and local formats.

Functional Hardware Configuration Goal 1: System landscape exists to support a 2-tier web application (front-end web server and database server)

Hosting Co-location Goal 1: Site is co-located with no system services beyond basic environmental

Browser Compatibility Goal 1: Supported browser suite exists to verify browser compatibility

Level 3 - Defined Level 3 – Defined / Dynamic Web Site Organization Process Focus Organization Process Focus Goal 1: Software process development and improvement Goal 1: Same activities are coordinated across the organization. Goal 2: The strengths and weaknesses of the software processes Goal 2: Same used are identified relative to a process standard. Goal 3: Organization-level process development and Goal 3: Same improvement activities are planned.

Organization Process Definition Organization Process Definition Goal 1: A standard software process for the organization is Goal 1: Same developed and maintained. Goal 2: Information related to the use of the organization's Goal 2: Same standard software process by the software projects is collected, reviewed, and made available.

Training Program Training Program Goal 1: Training activities are planned. Goal 1: Same Goal 2: Training for developing the skills and knowledge needed Goal 2: Same to perform software management and technical roles is provided. Goal 3: Individuals in the software engineering group and software-related groups receive the training necessary to perform Goal 3: Same their roles.

Integrated Software Management Integrated Software Management Goal 1: The project's defined software process is a tailored Goal 1: Same version of the organization's standard software process. Goal 2: The project is planned and managed according to the Goal 2: Same project's defined software process. Application Integration Goal 1: Cross-functional application integration planned Goal 2: Platform (e.g. windows, Unix, Mac) support planned

Goal 3: Software with standard applications such as MS Word, Excel, etc. process planned Goal 4: Software printer/driver support planned

Software Product Engineering Goal 1: Same Software Product Engineering Goal 1: The software engineering tasks are defined, integrated, Goal 2: Same and consistently performed to produce the software. Goal 2: Software work products are kept consistent with each other. Intergroup Coordination Goal 1: Same Intergroup Coordination Goal 1: The customer's requirements are agreed to by all affected Goal 2: Same groups. Goal 2: The commitments between the engineering groups are Goal 3: The Project Managers identify, track, and resolve agreed to by the affected groups. intergroup issues. Goal 3: The engineering groups identify, track, and resolve intergroup issues. Peer Reviews Goal 1: Same Peer Reviews Goal 2: Same Goal 1: Peer review activities are planned. Goal 2: Defects in the software work products are identified and Dynamic Content Management removed. Goal 1: A business process exists to create dynamic information content, which is maintained in a database and rendered in JSP, ASP or other dynamic presentation languages.

Security Management Goal 1: Intrusion detection technology deployed in security architecture. Goal 2: Basic hardware (e.g., firewall) and software protective (e.g., SSL) measures are in place.

Interactive Development

Goal 1: An organizational team and skill set exists for producing front-end visual affects via JavaScript, DHTML and other front- end coding techniques.

GUI Design Goal 1: A process for designing the front-end graphical design of the web site is part of the methodology.

Scalable Hardware Configuration Goal 1: The servers are upgradeable units to scale with the traffic on the web site.

Hosting Management Goal 1: Site is co-located with network and system monitoring or fully managed.

Application Integration Goal 1: Cross-functional application integration verified Goal 2: Platform support verified Goal 3: Software and standard applications such as MS Word, Excel, etc. coexistence verified Goal 4: Software printer/driver support verified

Level 4 - Managed Level 4 – Advanced Web Site Practices Quantitative Process Management Quantitative Process Management Goal 1: The quantitative process management activities are Goal 1: Same planned. Goal 2: The process performance of the project's defined software Goal 2: Same process is controlled quantitatively. Goal 3: The process capability of the organization's standard Goal 3: Same software process is known in quantitative terms.

Software Quality Management Software Quality Management Goal 1: The project's software quality management activities are Goal 1: Same planned. Goal 2: Measurable goals for software product quality and their Goal 2: Measurable goals for software product quality and their priorities are defined. priorities are defined within test cases. Goal 3: Actual progress toward achieving the quality goals for the Goal 3: Actual progress toward achieving the quality goals for the software products is quantified and managed. software products is quantified and managed through test cases.

Information Architecture Goal 1: A process exists for enhancing the usability and stickiness of the site through an integrated process of architecture and information design. Goal 2: End-user (i.e., customer) feedback sessions are conducted to evaluate web site usability and new features. Goal 3: Privacy logic executed for supported locals Goal 4: Help system logic executed

Highly Scalable Hardware Configuration Goal 1: The system landscape is a 3-tier scalable architecture where web and application servers can be increased in number as capacity requirements grow. Goal 2: Presentation, business and database logic executed on the three different tiers of the architecture.

Goal 3: Browser support logic executed

Application Integration Goal 1: Cross-functional application integration executed Goal 2: Platform support logic executed Goal 3: Software and standard applications coexistence logic executed Goal 4: Software printer/driver compatibility tested

Scalable Network Configuration Goal 1: The Internet network access can burst 4X+ above average data capacity of web site.

Usage Tracking Goal 1: Web site metrics are tracked in aggregate for management and historical reporting purposes.

Security Proactive Management Goal 1: Extensive hardware and software protective measures are in place Goal 2: Standards are defined and performance is measured against them. Goal 3: Security monitored 24x7.

Load balancing Goal 1: Load balancing methodology executed

Privacy Goal 1: Privacy logic executed

Level 5 - Optimizing Level 5 – Optimized and Highly Advanced Web Site Defect Prevention Defect Prevention Goal 1: Defect prevention activities are planned. Goal 1: Same Goal 2: Common causes of defects are sought out and identified. Goal 2: Same Goal 3: Common causes of defects are prioritized and systematically eliminated. Goal 3: Same

Technology Change Management Goal 1: Incorporation of technology changes are planned. Technology Change Management Goal 2: New technologies are evaluated to determine their effect Goal 1: Same on quality and productivity. Goal 2: Same Goal 3: Appropriate new technologies are transferred into normal practice across the organization. Goal 3: Same

Process Change Management Goal 1: Continuous process improvement is planned. Process Change Management Goal 2: Participation in the organization's software process Goal 1: Same improvement activities is organization wide. Goal 2: Same Goal 3: The organization's standard software process and the projects' defined software processes are improved continuously. Goal 3: Same

Click Stream Analysis Goal 1: CSA is used to quantify web site modifications and justify marketing expenditures (e.g., banner ads).

Risk Management Goal 1: A fully integrated security strategy and plan exists and is practiced, which incorporates security protection and monitoring at all seven layers of the security architecture. Goal 2: The IT Steering Committee and/or Board of Directors are engaged with security related strategic decisions and architecture.

Fault-tolerant Hardware Configuration Goal 1: The system hardware landscape is fully redundant and automatic fail-over occurs on failures.

Fault-tolerant Network Configuration Goal 1: The network hardware landscape and circuits are fully redundant and automatic fail-over occurs on failures.

References

[1] Mark Paulk, Bill Curtis, Mary Beth Chrissis, Charles Weber, “Capability Maturity for Software Version 1.1”, Software Engineering Institute, February 1993