Dr Michael Azoff's keynote speech at Intland Connect: Annual User Conference 2019.
More info: https://intland.com/intland-connect-annual-user-conference-2019/
3. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Agenda
The role for ALM in engineered products and safety critical systems
Ovum Decision Matrix (ODM) ALM + DevOps 2019-20 results
Agile and DevOps in safety-critical systems
Case studies: BMW and LeddarTech
The future of ALM
5. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Alittlefunbutalsoseriousexercise
In the handout I would like you to circle an item in each row (in the red
rectangle) that best describes your organization
8. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Software inengineered products
Engineers had the choice to design same functionality
mechanically, electronically or in software,
They are choosing software.
Software was the value add in engineered products,
Today software runs engineered products.
Sources: Skoda,
IEEE, ASME
9. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
ALMplayscrucialroletoenabletraceability
For example DO-178C on software development traceability:
• Trace Data, showing the bi-directional association between
system requirements allocated to software and high-level
requirements is developed.
• Trace Data, showing the bi-directional association between
the high-level requirements and low-level requirements is
developed.
• Trace Data, showing the bi-directional association between
the low-level requirements and the source code is
developed.
13. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Whatcanbedoneaboutsoftwaresecurityinproducts
Code in machine language.
Move security into hardware:
Move algorithms onto chips.
Intel is building hooks at chip level for security purposes
Create separation layer and one way traffic between safety
critical and rest of system, e.g. infotainment system.
Security thinking:
Software security development lifecycle: end-to-end
baked-in security.
14. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Software Security Development Lifecycle (SSDL)
Comprehensive security development initiative:
A strategic approach to improve quality and security
understanding from the beginning to the end of a project.
Goal is to keep improving security through applying a security
process (not by chance), the SSDL.
Focus on building-in security functions, as well as security
hygiene:
Functions: authentication, authorization, encryption, input
validation.
Hygiene: prevent top 10 OWASP defects.
Training Requirem. Design Implement Test Release Response
19. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Agile andDevOps insafety-critical systems
DevOps correlates with high performance.
Convergence between modern industrial products and enterprise IT:
Digital transformation is changing businesses making them software-
centric.
DevOps needs to be modified to meet the needs of product
manufacturing.
Need to manage risk at speed in safety-critical system development
How to achieve agile/DevOps-based high development velocities
while managing risk.
End-to-end ALM, integrated with DevOps CD and collaboration tools,
makes it possible to identify issues and fix the problems quickly
23. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Howorganizations processinformation
Source: Ron Westrum, A typology of organizational cultures, Qual Saf Health Care 2004; v.13, pp. ii22-ii27.
27. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
BMWCaseStudy
From agile to DevOps adoption in engineering.
Create a baseline "single source of truth" of a provably working product.
It is preferable to house this in one tool rather than 20.
Who is responsible for code when it needs a fix?
Bring developers closer to the front edge.
LeSS or SAFe?
BMW found LeSS is less prescriptive, and optimized for continuous
learning within an organization.
Conway’s laws:
Organization communications are reflected in how software is architected.
BMW requires ISO 26262 support to be available out of the box.
28. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
LeddarTech CaseStudy
LiDAR: what is it?
Was defined as “light radar”, but now “light
detection and ranging”.
Example traditional applications:
Detecting vehicles on motorway/bridge tolls.
City traffic lights management.
Novel application currently in research:
Autonomous driving.
29. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
LeddarTech
Software development background:
Embedded development in C language.
Development process a hybrid V-model and agile iterations delivering incremental minimum viable products.
Before codeBeamer:
Requirements managed in Excel.
Manual steps to trace requirements through to code.
Auditing limited to ISO 9001 certification.
After codeBeamer:
High growth in requirements – could not manage without ALM.
Supporting new research for autonomous driving applications of LiDAR:
ALM is essential to fulfill ISO 26262 certification:
Trace test cases to requirements.
Trace specifications to requirements.
Improved QA support:
Supports through API hardware-in-the-loop and human-in-the-loop testing: results fed back into cB.
Greater confidence of QA process through visibility and traceability across lifecycle.
30. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
LeddarTech
codeBeamer advantages:
“Won in our selection process against competitor ALM solutions, our key criterion was traceability of
requirements across the lifecycle and codeBeamer was best for easy visualization of the traceability.”
Highly flexible configuration and REST-based API integration.
Wish list:
Easier UI for beginning user, so provide novice and expert UI options.
We needed a strong document management as well – but this is an ALM tool.
36. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Cloudnativecomputingopenfoundations
New Linux Foundation sub-foundations that aim to create open source and vendor neutral technology stacks:
Cloud Native Computing Foundation (CNCF) 2015.
For edge computing: LF Edge (Jan 2019).
Across any environment: Continuous Delivery Foundation (Mar 2019).
Source: LF Edge
39. tmt.knect365.com/ovum-industry-congress #OVUMIC @OvumLive Ovum Telecoms & Media Group
Copyright noticeanddisclaimer
The contents of this product are protected by international copyright laws, database rights and
other intellectual property rights. The owner of these rights is Informa Telecoms and Media
Limited, our affiliates or other third party licensors. All product and company names and logos
contained within or appearing on this product are the trademarks, service marks or trading names
of their respective owners, including Informa Telecoms and Media Limited. This product may not
be copied, reproduced, distributed or transmitted in any form or by any means without the prior
permission of Informa Telecoms and Media Limited.
Whilst reasonable efforts have been made to ensure that the information and content of this
product was correct as at the date of first publication, neither Informa Telecoms and Media Limited
nor any person engaged or employed by Informa Telecoms and Media Limited accepts any liability
for any errors, omissions or other inaccuracies. Readers should independently verify any facts and
figures as no liability can be accepted in this regard - readers assume full responsibility and risk
accordingly for their use of such information and content.
Any views and/or opinions expressed in this product by individual authors or contributors are their
personal views and/or opinions and do not necessarily reflect the views and/or opinions of Informa
Telecoms and Media Limited.
Notas do Editor
To help achieve greater enterprise IT security, Intel and McAfee are focused on delivering a range of hardware-enhanced security solutions, software, and services to help address key security challenges. Intel and McAfee deliver hardware-enhanced security solutions that provide deeper levels of protection for PCs. The tightly integrated solutions go beyond traditional security measures to help prevent attacks in real time, deliver robust security management, and provide strong data encryption with minimal impact on productivity.
By combining the hardware foundation of security from Intel® Core™ vPro™ processors with strong protection, management, and encryption from McAfee Deep Defender, McAfee ePO Deep Command, and McAfee Complete Data Protection, you can help lower your security operations’ costs while enhancing your overall security posture and maintaining high performance and productivity for your users.
All these solutions are available as an extension to the Security Connected framework from McAfee.
Case study
Background notes
General trend: Software is replacing moving parts and hardware due to its ease of use, ease of change/update, and lower costs of manufacture.
BMW using agile and DevOps for some years.
The overall time to market is now more rapid, the pace of change requests more frequent, so that only an iterative process can manage such changes.
Agile also puts products faster in front of customers and development gets immediate feedback which informs subsequent iterations of the product.
Points:
1 BMW has always talked with its customers intensively, what is different now is how quickly the product team is able to incorporate this feedback into the next development iteration.
2 Tool lock-in is an issue for the industry. It is not about the license, as the industry is prepared to pay for the best tools but being locked-in could result in a compromise on safety or quality in the product being built, if a tool upgrade is needed and the vendor is slow or reluctant to perform it.
3 BMW needed one common product backlog shared across multiple distributed teams, all using the same ALM tool.
4 LeSS: required more effort to implement but this effort is worthwhile and repaid.
5 DevOps brings developers closer to other departments.
6 As customer vehicles are run over many years there is the complexity of maintaining software updates for many different model vehicles and versions.
7 . The pace of change has increased and the people who manage the changes are the developers who wrote the original code.
8 Avoiding multiple layers between the customer and developers reduces risk of information loss - BMW brings developers closer to the front edge, where issues are occurring, and the whole team learns from that experience.
Points:
1 BMW has always talked with its customers intensively, what is different now is how quickly the product team is able to incorporate this feedback into the next development iteration.
2 Tool lock-in is an issue for the industry. It is not about the license, as the industry is prepared to pay for the best tools but being locked-in could result in a compromise on safety or quality in the product being built, if a tool upgrade is needed and the vendor is slow or reluctant to perform it.
3 BMW needed one common product backlog shared across multiple distributed teams, all using the same ALM tool.
4 LeSS: required more effort to implement but this effort is worthwhile and repaid.
5 DevOps brings developers closer to other departments.
6 As customer vehicles are run over many years there is the complexity of maintaining software updates for many different model vehicles and versions.
7 . The pace of change has increased and the people who manage the changes are the developers who wrote the original code.
8 Avoiding multiple layers between the customer and developers reduces risk of information loss - BMW brings developers closer to the front edge, where issues are occurring, and the whole team learns from that experience.