PATTERN LANGUAGE

Modeling, Managing, Making it Right.

October 2006

The folks at the Software Engineering Institute (SEI) have released a technical report entitled "Risk Themes Discovered Through Architecture Evaluations".

Written by Len Bass, Robert Nord, William Wood, and David Zubrow, the report analyzes the output of 18 evaluations conducted using the Architecture Tradeoff Analysis Method (ATAM) developed by the Carnegie Mellon Software Engineering Institute. The goal of the analysis was to find patterns in the risk themes identified during those evaluations. The major results are:

• A categorization of risk themes
• The observation that twice as many risk themes are risks of "omission" as are risks of "commission".
• A failure to find a relationship between the business/mission goals of a system and the risk themes revealed during an ATAM evaluation of that system.
• A failure to find a relationship between the domain of a system being evaluated and the risk themes associated with the development of that system.

Posted by Jon Erickson at 10:50 AM  Permalink |

Headway Software has announced an upgrade to its software structural analysis and architectural control product, Structure101 for Java.

According to Headway, controlling software architecture through dependency management and analysis is an often overlooked but critical aspect of software development projects. It is often overlooked because it can be hard to do. Headway says that Structure101 simplifies the process of finding, analyzing and measuring the impact of rogue software dependencies.

Structure101 for Java lets you see and understand how applications are constructed. Supposedly, all you do is point Structure101 at your code and you can see where those architectural skeletons lie. Structure101 for Java features include: view dependencies at any level; detect, measure, and report excessive structural complexity; different hierarchies and auto partitioning of graphs.

Structure101 Version 2 adds:

• A new Slice perspective that lets you see your whole code-base at any level of composition, for example at the class level, package level or at any design level. It also lets you quickly discover tangles and how they percolate up through the higher levels.
• A dependency structure matrix ('dsm') representation for large dependency graphs (such as slices).
• Tagging of code-level items in order to discover how they roll up through different slices and hierarchies.
• Hiding of model items.

You can download Structure101 for Java.

Posted by Jon Erickson at 11:21 AM  Permalink |

According to Howard Lipson, a fundamental truth of system design is that, in the absence of countermeasures, a system’s security and survivability will degrade over time. Okay, I'll go along with that.

In his recently released paper entitled "Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks" Lipson goes on to say that changes in a system's environment, or changes to the elements that compose the system, can introduce new or elevated threats that the system was not designed to handle and is ill-prepared to defend itself against. He adds that the first step in evolving to meet new threats to your system’s security and survivability is to recognize the need to modify your system.

Lipson's paper, which has been published by the Software Engineering Institute at Carnegie Mellon University, is interesting and readable--and well worth the time you spend reading it.

Posted by Jon Erickson at 03:33 PM  Permalink |