Verlag Dr. Otto Schmidt 30.09.2016
CRi 6/2010 161
John P. Beardwood /Michael Shour Risk Management and Agile Software Development: Optimizing Contractual Design
A recent report from Forester Research(Dr. Dobb’s I. Understanding (FR)AGILE Software Global Developer Technographics Survey Q3 2009) asked a cross-selection of 1298 IT professionals to iden- 1. Traditional Software Development tify which methodology most closely reflected the devel- Agile is perhaps best understood by contrasting it to opment process that such professional was currently Waterfall methods of development. The traditional using. At 35 %, the most popular response was Agile, in plan-driven software development model of the Water- comparison to a mere 13 % who responded that Water- fall process was initially conceived to manage the devel- fall was their current methodology of choice. Put opment of large software projects in the 1960s, such as another way, three times as many IT professionals used IBM’s System/360 operating system. Waterfall arranges Agile methodologies as did those who used Waterfall. software development into a sequential series of com- partmentalized phases, each with its own defined deli- Over the last ten years, Agile software development verables. A typical Waterfall process will be comprised methodologies – those which take an iterative and incre- of the following phases: requirements analysis; project mental approach, which aim to reduce unnecessary doc- planning and system design; coding; and integration and umentation and formality, and which seek to promote testing. 1 teamwork and experimentation – have increasingly been adopted by the software development community. The Waterfall process is characterized by planning, Agile’s advocates argue that by liberating programmers organization, and documentation. At the outset of a from the shackles of traditional rigid, formalized devel- Waterfall process, there will be a great deal of emphasis opment methodologies, Agile has no equal for speed of on gathering and defining the business requirements – development, for efficiency, and for fostering creativity. that is, the “raw data” as to the what the customer Agile’s critics counter that Agile is another name for wants. Through formal meetings and analysis, a highly “cowboy coding”, or undisciplined “hacking”, which detailed requirements document is developed. Once the produces less robust and buggier software. From a legal requirements are set out in the requirements document, perspective, however, the question is not whether Agile a system design document is developed, with a set of spe- is a superior development methodology. Rather, the cifications 2 – or design “roadmap” – as to how those question is whether a contract for software development requirements will be achieved through software design. using Agile needs to be differently structured, and From an operational point of view, the process of devel- include different content, than where the development is oping the specifications involves the customer, and thus using Waterfall. This paper argues that the answer is an can itself assist in clarifying the requirements of the cus- emphatic yes. tomer. From a contractual point of view, however, if there are ever disputes, or any ambiguity, as to what was The paper begins by examining the differences between, promised to the customer, this also can be clarified and the advantages and disadvantages of each of, the through an examination of these documents. Waterfall and Agile development methodologies and examines how Agile is not single, monolithic methodol- Once the design specifications have been developed, the ogy, and that it in fact suffers from some definitional project is divided into distinct modules with detailed problems (e.g. when does Iterative programming transi- deliverables. Each module can be assigned to a different tion into Agile?), by briefly reviewing some of the major programming team, with each team being responsible Agile methodologies (I.). The paper then summarizes the for programming, testing, and debugging their respec- developing consensus as to when Agile will, or will not, tive module. Since the deliverables for each module are be an appropriate methodology for a development pro- clearly set out in the planning documents, the program- ject (II.). mers need not be well-rounded, highly-skilled program- mers, but merely need to be sufficiently skilled to under- Having provided a briefing on Agile as a methodology, stand the requirements and carry out their respective the paper then highlights the risks of Agile, and potential tasks. Test plans and reports are produced to ensure that contractual strategies for responding to and mitigating each module meets the specifications. If any changes are such risks (III.). 1 Michael A. Cusumano and Stanley Smith , Beyond the Waterfall: Soft- ¸ John P.Beardwood and Michael Shour are of the law firm Fasken Mar- ware Development at Microsoft (Working Paper #3844-BPS-1995, MIT tineau DuMoulin LLP, Toronto. John is a partner, Co-Chair of the Sloan School of Management and International Business Machines). firm’s National Technology and Intellectual Property Practice Group, The Waterfall model was first described by Winston W.Royce , “Manag- and Co-Chair of the Outsourcing Practice Group. Michael is an asso- ing the Development of Large Software Systems,” Proceedings of IEEE, ciate in the Business Law Group. This is a general overview of the sub- August, 1970. ject matter and should not be relied on as legal advice. For specific legal 2 Thetermsarenotalwaysutilizedsoclearly,inthatarequirements docu- advice on the topic and related matters, please contact the authors. Fur- ment is sometimes called a “requirements specification” i.e. simply the ther information about the authors at p. 192. requirements written down on paper.