ABC Software

1
ABC Software
ABC Software Improvement Team Germán Benítez
John Boveri Siewhung Tee Akeya Vaughan
2
Agenda

• Define
• Charter
• CTQ Tree
• Kano
• Gantt Chart
• Measure
• Pareto
• Timeline
• Balance Scorecard

3
Agenda

• Analysis
• Fishbone
• Opportunity Cost
• Improve
• Commitment Scale
• Pilot PDCA
• Involvement Matrix
• Communication Plan
• Gantt Chart

4
Agenda

• Control
• Standard Operations Combination Chart
• SOP Monitor Mechanism
• Quality Assurance
• Conclusion

5
Gantt Chart High Level
6
Define Phase
7
Gantt Chart Define stage
8
Current Process Flow
Legal monitors Intranet for product release
Is there a new product?
Legal asks Product Manager for the contact
information of the developers responsible for the
software product
Legal sends e-mails to the developers and asks
them if the product contains OS
Is there any OS in the product?
No further inquiry necessary
NO
YES
A
9
Current Process Flow
A
Developers send licenses or location of the
licenses to Legal
Legal make analysis of licenses
Is there any problem with the use of the license?
Legal e-mails developer that the OS is OK
NO
YES
A
10
Current Process Flow
A
Legal contacts Development Management and advises
them of the risk (s)
Development Management considers the level of
risk
Development Management notifies Legal and no
further action is taken
Is the level of risk high?
NO
YES
Development Management notifies Legal that the
product will be fixed in the next release
11
Charter

• Purpose
• ABC Software Inc. incorporates 3rd party open
  source software into their products without
  consistent legal analysis or risk assessment of
  the softwares licensing requirements. As a
  result, working closely with ABC Software, an
  efficient legal process will be developed to
  asses and communicate the risks of open source
  software components used in product development.
  This project is intended to add value to all
  involved areas per this charter.
• Importance
• Liability
• To protect the company from the risk of harmful
  or improperly used open source software.
• Customer compliance
• To develop a streamline database that would allow
  Legal to log and categorize the components of all
  of their software products.
• Time
• To lower the cycle time of the necessary risk
  assessment processes.

12
Charter

• Scope
• Development of a process such that any use of
  open source software in the products of ABC
  Software Inc. will be reviewed by Legal staff
  prior to development in a efficient, and
  effective manner. In addition, the project will
  focus on the flow of information and
  communication between Development, Legal and the
  release of the product.
• Measure
• Utilize current cycle time of legal analysis of
  developed software as a baseline measurement.
• Deliverables
• By May 16th the team will deliver and present a
  complete package of process improvements that
  meet the scope of the project.

13
Charter

• Project success
• Success is defined as the development of an
  efficient and effective process of the legal
  analysis and categorization of all developed
  software products.
• Resources
• Team Sponsor Alice Smith, Intellectual Property,
  ABC Software Inc.
• Team members German Benitez, John Boveri, Siew
  Hung Tee, Akeya Vaughan
• Coach Dr. Saaed.
• Sponsor is available 4 hours a week for meetings
  and correspondence.

14
CTQ Tree
15
CTQ Tree
Communicate and develop
Gather product components info.
Obtain license info from internet
Analyze the field needed
Develop database field
Determine critical field
Database
Contact IT department
Eliminate legal as bottleneck
Determine user permission
Version Control
Developer provide what will change in new
product/ new version
On-going tracking
Legal permission to release product
16
Kano Model
Must Be More Is Better Delighters
Legal Process Have an effective process to remove risk from open source software that increases the cycle time. Have an effective process that doesnt add more time to current time. Have a total integrated process such as to effectively analyze software and streamline entire process and reduce cycle time.
Must Be More Is Better Delighters
Database At the minimum, legal can maintain and develop a spreadsheet for each product. Database should have both legal and developers access. Database that integrate both developer and legal to speed up communication process and information exchange.
17
Measure Phase
18
Gantt Chart Measure stage
19
Pareto Chart
20
ABC Legal Open Source Software Analysis of
Timeline
21
Balance Scorecard
Internal Business Perspective Learning and Growth Perspective
Learning and Growth Perspective Financial Perspective
22
Internal Business Perspective
Goals Measure Target Initiatives
Reduce the number of products that have problematic open source components Actual number of released products with problematic O.S. components vs. plan Zero products Step-1 Determine which have open source software
Develop a efficient legal investigation process to reduce product launch delays Compare the current cycle time of 6-8 hours with the past 20 minutes Step-1 Identify the current process bottleneck
Develop and maintain a database of past, present, and future software components to use as a means for centralized exchange Compare the past and present time it takes to acquire and communicate product information. 15-20 minutes Step-1 Develop a database of all past, present, proposed future product versions and their software components
Reduce the rework required to remedy products with problematic open source code Compare the of rework or addition version release with the current of version releases due to problematic open source software 0 Step-1 Making a determination of problematic open source software
23
Learning and Growth Perspective
Goals Measure Target Initiatives
Have software developers recognize problematic open source software using open source scanning software Compare the number of problematic open source software components found in products 30 of all software submitted to Legal have problematic open source code Technology to support business development
Obtain upper management buy-in through educating and communicating with of the risk of O.S. use The number of commitments from upper management 100 Management response Step-1 Develop a policy document to be circulated throughout upper management
Perform legal investigation of the use of products with open source components without impacts the time a product is delivered to market Compare the time a product goes through the complete development process (write code, legal, delivery) with past Delta of cycle time Train workforce
24
Customer Perspective
Goals Measure Target Initiatives
Have on time delivery of non-problematic software products Compare the time it takes to deliver software non-analyzed software with O.S. components that has vs. software that has not been through the legal process Meet customer delivery date Step-1 Measure the current time
Customer satisfaction with all of the components used in the product Compare the number of customer complaints due to problematic O.S. components Measure the number of customer request for product information 0 complaints Develop a database of the components in the products.
Customer retention Compare the number of customer before and after the new Legal analysis process Retain all current Customer Step-1 Develop a survey of customer satisfaction
25
Financial Perspective
Goals Measure Target Initiatives
Reduce the cost of rework required on problematic products that have been released Compare the cost to developing a patch for a released a product. Compare the cost of delaying the release of a product due to problematic open source that has problematic open source components 0 dollars Reduce operating cost
Reduce the risk of law suits against the company and our Customers due to viral software Compare the number of law suits future law suits with the present number 0 Suits brought against us or our Customer Incorporate Blackduck software
26
Analyze Phase
27
Gantt Chart Analyze stage
28
PEOPLE
Developers download SW without checking
Free
Proven
Theres no customer feedback
Senior management doesnt know the risk
Convenient
Its a new phenomenon
No one has ever told them
They dont know theres OS in the product
No many sues in the field
Its a new phenomenon
The company has never been sued
The company is not asking for feedback
Potentially hazardous OS is being released
Is a new field
29
Current process allows the release of potentially
hazardous software
METHODS
Risk is not previously understood
Its a new phenomenon
Lenghty legal analysis
No one told them
Order of events
Lack of license database
Developers send insufficient information
The company doesnt want to slow down development
Developers dont know what information Legal needs
It costs money
Developers send wrong information
It costs time
Legal previously wasnt involved
Its a new phenomenon
There are no instructions
The risk was not understood
Potentially hazardous OS is being released
30
COMMUNICATIONS
Lack of information recording
Theres no database
Theres no protocol
Lack of centralized information
No record keeping
They didnt know is a problem
Its only for internal use
Its time consuming
Theres no need for interdepartmental
communication
Potentially hazardous OS is being released
31
RESOURCES
It adds cost to the product
Its not a priority
Employees arent trained
The company is using unsanitazied open software
Senior management lacks of
It delays the product
Prioritize costs over risks
Theres no analyzis of the licenses
Understanding risk
They dont know how
Its profit driven
They dont know Risk Management Software
The cost is unjustified
Potentially hazardous OS is being released
32
Opportunity Cost

• Upper Management Buy-in is critical
• SCO vs. IBM
• IBM is being sued for 5 billion due to OS
  licensing issues
• SCO vs. DaimlerChrysler
• Chrysler violated certification compliance of OS
  being used for an undisclosed sum
• Blackbuck Compliance Management Software
• Code Analysis
• License database
• Reporting and Track

33
Opportunity Cost
Competitors who are using Blackduck Software Competitors who are using Blackduck Software
Samsung Dafca
Siemens Fuego
IMLogic EPAM
PTC MarketSoft
Revivio Ping Indentity
Kayak Pivot3
Laplink SAS
OpenCountry Tira Wireless
34
Opportunity Cost

• Blackduck is offering a free 30 day trial

35
House of Quality
Relative Importance
Symbols Positive Strong Positive Medium Negative
Strong Negative Medium
Cost
Time
Accurate
Integration
Effective
User Friendly
Legal not a bottleneck
5
Developer responsible software content
4
Efficient Database
3
Easy to use open source scanning tools
2
Software product tracking system
1
36
Improve Phase
37
Gantt Chart Improve stage
38
Commitment Scale
    People or Groups   People or Groups   People or Groups   People or Groups
Level of Commitment Senior Management Development Release Department Marketing/Sales
Enthusiastic-Will work hard to make it happen ? ?   ?
Helpful-Will lend appropriate support ?
Hesitant-Holds some reservations, won't volunteer      
Indifferent-Won't help won't hurt     x x
Uncooperative-Will have to be prodded   x    
Opposed-Will openly state and act on opposition x      
Hostile-Will block at all costs        
39
Involvement Matrix
Reference Number Action or Involvement Which groups or individual should be Which groups or individual should be Which groups or individual should be Which groups or individual should be
Reference Number Action or Involvement Responsible for Involved In Consulted with regarding Informed about
1 Identifying Solutions ABC SW Team Team Sponsor Team Coach Team Coach
2 Selecting Solutions Team Sponsor ABC SW Team Development Team Senior Management
3 Planning and Implementation ABC SW Team Team Sponsor Team Coach  Senior Management
4 Handling potential problems Team Sponsor Team Sponsor Team Sponsor Team Sponsor
5 Implementing the solution Team Sponsor Team Sponsor Team Sponsor Team Sponsor
6 Monitoring Results Team Sponsor Team Sponsor Team Sponsor Team Sponsor
40
Communication Plan
Role Who Main Concerns Communication Notes
Team Leader Legal Senior Management acceptance Weekly updates and progress report to General Council and Development Management
Team Members 6 Developers One developer form each of six groups Pilot / new processes adversely affecting development cycle Weekly meetings
Sponsor General Council Adding value to company Upper Management interface as needed
Team Coaches ABC Improvement team Provide satisfactory service Weekly, or more often as needed, conference calls or meetings
Other Stakeholders Development Management Slow production and loss of staff dedicated to pilot Communication as needed with Legal and/or General Council
41
Development generates code using open source or
recycles code from previous programs
Plan/ DO Improvement Pilot Flow Process
Development scans previous software code with
Blackduck compliance management software to
identify and gather licenses of any open source
software
Developer compares the Blackduck report results
with the list of the approved OS licenses in the
OSL (Open Source License) database
Is the OS component being used in an approved
manner?
Is the OS component license listed in OSL
database?
YES
YES
No legal analysis of OS license required
NO
NO
Developer emails Legal the OS software
license/info and a description of intended use
A
42
A
Plan/ DO
Legal prioritizes Developers request and
performs legal analysis ASAP, or no later than
day end
Legal updates the OSL database with the new OS
license info for future Developers use
Is the OS software and its intended use okay?
Legal returns email to Developer that the
software and its intended use is not problematic
YES
NO
Legal returns email to Developer with explanation
that OS software, or its intended use, is
problematic.
Development / Upper Management makes executive
decision on using the OS component
43
Check/ Action
Check Action
IT IT
IT performs an audit on the system to ensure that the Blackduck software is up to date with the latest Blackduck software license information Contact Blackduck to request the latest database information upgrade Yearly compliance training
Developer Developer
Developer performs 100 software inspection using Blackduck Developer performs 100 database comparison of Blackduck report with the OSL database for both match up and usage Management performs random software audit for Blackduck compliance Yearly compliance training
44
Check/ Action
Check Action
Developer Developer
Developer reports 100 of all unidentified OS license information Discuss the importance of 100 compliance with the Legal Analysis of open source software process with employees
Legal Legal
100 of all OS Developer analysis inquires are reviewed for language and usage 100 of all Legal analysis inquires are responded to with results no later than day end 100 of new OS licenses are added to the OSL database Development Management address problem with Legal
45
Control Phase
46
Gantt Chart Control stage
47
Standard Operations Combination Chart
Standard Operations Combination Chart Standard Operations Combination Chart Standard Operations Combination Chart Standard Operations Combination Chart Standard Operations Combination Chart Developer Developer Developer Developer                    
  Process OS Legal Analysis  Date         Legal Legal Legal Legal                    
   Product ID Time Time Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time Operation Cycle Time
Step Operation Description Manual Auto Wait 30 30 60 60 90 90 150 150 210 210 270 270 330 330
1 Developer generates code Varies Varies Varies                            
2 Create Blackduck Filter  5                                
3 Run software module through Blackduck    5                              
4 Generate license report   10                              
5 Compare the report to OS license database  20                                
6 Notify Legal of OS use    10                              
7 Legal performs analysis 20                                
8 Legal responds to Developer's inquiry    5 240                            
9 Legal updates OS database    15                              
  Total  45  45  240                            
48
Monitoring of SOP

• In order to track the process in the Standard
  Operation Combination Chart, a proprietary ABC
  Software tracking tool, called TeamTrack, will be
  used.
• TeamTrack is a business process automation tool
  that will be used to track the tasks and elapsed
  time throughout the OS Legal Analysis process.
• A TeamTrack log will be opened whenever
  Development begins a new software project.
• TeamTrack log will track and monitor the process
  and generate an activity report that will be used
  as a process control tool.

49
Quality Assurance

• Legal response time to OS analysis can be
  monitored using TeamTrack
• Developers compliance of SOP will be monitored
  through upper management random audits to ensure
  that Developers are having all OS components
  analyzed by Legal.

50
Conclusion

• Through the application of Six Sigma Tools and
  DMAIC Methodology, an improved pilot process was
  developed that ensures timely legal open source
  analysis of all ABC software.
• Through the implementation of this improved
  process, the risk associated with using OS will
  be mitigated.
• The Control plan put in place will ensure SOP
  compliance.

51
Any Questions?
Thanks for the new process. They deserve an A !