Messages from the Director

Cybersecurity has moved from an occasional-but-unnerving news item to a persistent, pervasive concern.  As the White House has made clear, “cybersecurity is one of the most important challenges we face as a Nation.  Advances in cybersecurity science and engineering are urgently needed to preserve the Internet’s social and economic benefits.”  Neither Southern California, nor our Nation, is where it needs to be to protect against trade secret and other theft, compromise of private information, threats to our critical infrastructure, and, most recently, attempts to influence democratic processes.  We believe that this is one of the grand technical and policy challenges of our time.

The ISR Research Forum held at UCI in late May of this year was highlighted by two keynote addresses, one by Dr. Eric Dashofy from The Aerospace Corporation and the other by Dr. Marija Mikic from Google, Inc. Though titled differently and addressing somewhat different concerns the two talks both fundamentally addressed how software can be, and is being, built in industry today. Software architecture was a common theme, but with two very different takes: Dashofy highlighted the limits imposed on principle-driven design by the ever-encroaching maw of frameworks; Mikic highlighted how up-front, clear, documented design coupled with an admirably comprehensive development process rules the day within Google. The ensuing discussion centered around what corporate and/or financial characteristics need to be in place before a “doing it right” approach is both feasible and cost-effective.

It used to be that only an absolute monarch like Louis XIV of France would have the temerity to say, “The state, it is I.”  Now everybody is in on the act.

“It’s like déjà vu all over again.”

Perhaps you saw the news headlines in late July that the Social Security Administration has spent close to $300 million to procure a system known as the Disability Case Processing System (DCPS). According to a letter to the SSA from the House Committee on Oversight and Government Reform, “The DCPS project was intended to improve case processing quality, enhance customer service, and reduce administrative costs among SSA and state disability determination services.” But unfortunately the letter goes on to say, “While the Committee supports modernizing antiquated technology, the DCPS project is costly and years behind schedule.” Because of problems with the procurement, McKinsey & Company was hired to investigate. Their report notes “the project has permanently been in `beta,’ meaning a pre-release version.” Indeed. According to the McKinsey report, now available in redacted form on the House Committee’s website, “For [the] past 5 years, Release 1.0 [is] consistently projected to be 24-32 months away.” The House letter and the redacted report never mention who the prime vendor on the procurement is, but it is easy to ascertain. Recalling my commentary in the previous issue of the ISR Connector noting some failures of a CMMI Level 5 organization at the heart of the healthcare.gov fiasco, you might think you know where this SSA story is going to end up. Well, not exactly. While the parent organization advertises in a slide deck from 2012 that it is “CMMI Level 5,” a closer study reveals that the sub-group within that parent organization that has been doing the work was assessed at level 3 in 2013.

Taylor imageSpoken to any software developers about HealthCare.gov?  Everyone that I’ve spoken with, of whatever political persuasion, cringes when the topic comes up.  It seems that every conceivable principle of software development was, and is being, violated.  In a perverse way it is the ultimate source of compelling illustrations of what not to do.  Whether the issues are requirements, design, testing, deployment, or management, HealthCare.gov is replete with anti-patterns.  From the oldest lessons captured in The Mythical Man-Month to the latest best practices in website architecture, HeathCare.gov seemingly has gone the opposite direction.

ISR Director Richard N. TaylorRetirement!  Or not!

If you had the pleasure of attending the most recent ISR Forum, on May 31st, you heard me announce that I am retiring from the University of California, effective July 1st.  You also heard me say that I am continuing as Director of ISR for the coming year.  

What gives?

Director Richard N. TaylorIn the parlance of the University of California system, the Institute for Software Research is an “Organized Research Unit,” or ORU.  All ORUs are reviewed at five-year intervals by the University to determine if they are still performing top-tier research and providing important services to the University and to the community at large.  ISR’s most recent review began last summer, with our preparation of a large summary-of-progress report, followed by scrutiny by anonymous reviewers external to the university, followed by still-further review by a committee within the university.  After all that work (whew!) I am happy to report that we were renewed for another five years! 

Director Richard N. Taylor

Social media thrives on immediacy.  Whether a tweet, a Facebook update, or a post to a Google+ stream, the focus is “what’s going on now.”  The seductive character of immediacy, or at least of social media, unfortunately often seems to foster shallow relationships and shallow thinking.  Students walking around campus today are often less aware of their surroundings, and of each other, for many seem glued to staring at their “smart”phones while listening to music.  I frequently receive requests to become “friends” with someone on Facebook whom I have never heard of; stories abound of people who have hundreds of Facebook friends, yet are lonely for meaningful human relationships.

Early in June I had the privilege of giving a talk at the Boeing site in Huntington Beach, as part of their Distinguished Researcher and Scholar Seminar series.  I always appreciate the opportunity of speaking at industry events, for it gives me an occasion to learn more about the challenges and issues facing high-tech companies and consequently hone the direction of my research.  In trying to decide what my seminar would be about, I decided to leverage a surprise I’d had earlier in the year.  In February I needed to be away from campus, and hence my classes, due to some conference-related travel.  For my graduate class on software architecture, I decided to ask Dr.