Sie sind auf Seite 1von 53

INF RMATIQUE

Nr./No. 2 – April/Avril 2002

INFORMATIK
Revue des organisations suisses d’informatique

Zeitschrift der schweizerischen Informatikorganisationen

eXtreme
Programming
Herausgeber • Editeur
SVI/FSI Schweizerischer Verband der Informatikorganisationen
Fédération suisse des organisations d’informatique eXtreme Programming
Postfach, 8037 Zürich Guest Editor: Luis Fernández
vertreten durch • représenté par
Prof. Dr. Klaus R. Dittrich, Prof. Dr. Niklaus Ragaz,
Prof. Dr. Carl August Zehnder Joint issue with NOVÁTICA and UPGRADE
Redaktion • Rédaction
François Louis Nicolet
Schwandenholzstr. 286, 8046 Zürich 2 Editorial: INFORMATIK / INFORMATIQUE 1994 – 2002
Tel. 01 371 73 42, Ffax 01 371 23 00, E-Mail <nicolet@acm.org>
– Carl August Zehnder
Beirat • Comité consultatif
Prof Dr. Boi Faltings (EPFL Lausanne), Prof. Dr. Stefan Klein 4 Presentation – Luis Fernández, guest editor
(Universität Koblenz-Landau), Dr. Ernst Lebsanft (Synlogic AG,
Binningen), Prof. Dr. Rudolf Marty (Itopia, Zürich), Prof. Dr. 5 A new method of Software Development: eXtreme Programming
Moira C. Norrie (ETH Zürich), Prof. Dr. Hans-Jörg Schek (ETH
Zürich), Dr. Hans Stienen (Synspace, Binningen), Helmut – César F. Acebal and Juan M. Cueva Lovelle
Thoma (IBM Global Services Basel), Dr. Reinhold Thurner
(Herrliberg), Rudolf Weber (Mummert + Partner AG Zürich) 10 The Need for Speed: Automating Acceptance Testing in an XP
English Editors: Mike Andersson, Richard Butchart, David Environment – Lisa Crispin, Tip House and Darol Wade
Cash, Arthur Cook, Tracey Darch, Laura Davies, Nick Dunn,
Rodney Fennemore, Hilary M. Green, Roger Harris, Michael 17 Qualitative Studies of XP in a Medium Sized Business
Hird, Jim Holder, Alasdair MacLeod, Pat Moody, Adam David
Moss, Phil Parkin, Brian Robson – Robert Gittins, Sian Hope and Ifor Williams
Layout: Pascale Schürmann 22 XP and Software Engineering: An Opinion – Luis Fernández Sanz
Druck, Versand • Impression, expédition
Stulz AG, 8942 Oberrieden
25 XP in Complex Project Settings: Some Extensions – Martin
Inseratenverwaltung • Régie des annonces
Lippert, Stefan Roock, Henning Wolf and Heinz Züllighoven
Jean Frey Fachmedien, Postf., 8021 Zürich 4 Useful references – Collected by Luis Fernández Sanz
Telefon 01 448 86 34, Telefax 01 448 89 38
E-Mail <jiri.touzimsky@jean-frey.ch>
Jahrgang • Année de parution: 9. Jahr • 9ème année Mosaic
Erscheinungsweise: Jährlich 6 mal
Parution: 6 fois par an 29 Informatik und Recht: Forensics – Ursula Sury
Auflage • Tirage: 5’000 Exempl. 30 Europäische Harmonisierung der Studienabschlüsse: Neuer Bachelor und Master in
Wirtschaftsinformatik an der Universität Fribourg – Andreas Meier
Die Zeitschrift sowie alle in ihr enthaltenen Beiträge und
Abbildungen sind urheberrechtlich geschützt. 31 Architekten der Informationsgesellschaft – Interwiew mit Andreas Meier
La revue ainsi que toutes les contributions et figures qu’elle
contient sont protégées par la loi sur les droits d’auteur. 32 IT-Security darf nichts kosten! – Björn Kanebog
Bezugsmöglichkeiten, Abonnements
35 IFIP NEWS
Possibilités d’obtention, abonnements 35 The European IST Prize
Die Zeitschrift INFORMATIK/INFORMATIQUE ist offizielles
Organ der folgenden Informatikorganisationen 37 Turing Day – First Call for Participation
La revue INFORMATIK/INFORMATIQUE est l’organe officiel 36 Einladung für das Symposium e-government
des organisations d’informatique suivantes
SI Schweizer Informatiker Gesellschaft
Société Suisse des Informaticiens Schweizer Informatiker Gesellschaft • Société Suisse des Informaticiens
Schwandenholzstr. 286, 8046 Zürich
admin@s-i.ch, Tel. 01 371 73 42, Fax 01 371 23 00 38 Informatik/Informatique geht – Informatik Spektrum kommt!
http://www.s-i.ch/
38 Informatik/Informatique disparaît – Informatik Spektrum apparaît!
SwissICT Schweizerischer Verband der Informations- und
Kommunikationstechnologie (früher SVD und WIF) 39 Drei Fragen an Hermann Engesser, Chefredaktor, Informatik-Spektrum
info@swissict.ch, Tel. 056 222 65 00 39 Trois questions posées à Hermann Engesser, Rédacteur en chef, Informatik-Spektrum
http://www.swissict.ch/
43 DBTA Databases Theory and Application • 43 JUGS Java News • 43 SAUG Swiss APL
ch/open Swiss Open Systems User Group
Postfach 2322, 8033 Zürich User Group • 43 Security Veranstaltungen
info@ch-open.ch, http://www.ch-open.ch/
INFORMATIK/INFORMATIQUE kann von den Mitgliedern fol- Swiss ICT
gender Informatikverbände über ihren Verband bezogen werden
Les membres des associations suivantes peuvent obtenir la re- 42 Portrait Markus Fischer Mitglied des Vorstandes und des Strategie-Ausschusses
vue INFORMATIK/INFORMATIQUE auprès de leur association
SwissICT
GRI Groupement Romand pour l’Informatique,
Case postale 90, 1000 Lausanne 21 45 Veranstaltungskalender
GST Gesellschaft zur Förderung der Software-Technologie, 43 SwissICT-Salärumfrage 2002 – Hans-Peter Uehli
Kreuzfeldweg 9, 4562 Biberist 44 Managing Speed and Complexity – Symposium
SIK Schweizer Informatik-Konferenz 44 Einladung zur Generalversammlung
Postfach 645, 4003 Basel
45 Rückblick und Ausblick auf die Verbandstätigkeiten von SwissICT – Hans-Peter Uehli
Jahresabonnement / Abonnement annuel CHF 80.–
Einzelnummer / Numéro isolé CHF 15.– 46 Alter Wein in neuen Schläuchen? Was steckt hinter der Metapher E-Marketplace oder die
SVI/FSI, Postfach, 8037 Zürich neuen Brückenbauer – Thomas C. Flatt
ISSN 1420-6579 47 Assessing Readiness for (Software) Process Improvement – Hans Sassenburg
 Visit our site http://www.svifsi.ch/revue 50 Software Process Improvement: the new ‘silver bullet’? – Hans Sassenburg

INFORMATIK • INFORMATIQUE 2/2002 1


Editorial

INFORMATIK / INFORMATIQUE 1994 – 2002


ein Leuchtpunkt zwischen un flambeau entre
Chancen und Zwängen chances et contraintes
Die Idee, für die schweizerischen Informatikfachleute eine Depuis les années huitante on a discuté au sein de l’associa-
eigenständige Fachzeitschrift zu gründen und diese den (allzu) tion faîtière SVI/FSI l’idée de créer une revue spécialisée auto-
vielen bereits existierenden Informatikverbänden als Verband- nome pour les informaticiens en Suisse et de l’offrir comme
sorgan anzubieten, wurde im Dachverband SVI/FSI seit den organe associatif aux (trop) nombreuses associations d’infor-
Achtziger Jahren diskutiert. Auch hatten uns bereits Verlage zu matique. Des maisons d’éditions nous avait déjà offert des
diesem Thema angesprochen und finanziell günstige solutions financièrement avantageuses, mais il s’agissait de
Lösungen offeriert, allerdings nur für inseratelastige “Compu- magazines dominées d’annonces et de contributions rédac-
terheftli”, wo sogar die Textbeiträge teilweise von Public Re- tionnelles provenant essentiellement d’agences de publicité.
lations Agenturen stammen. Genau dies wollten aber die Fach- C’est précisément ce que nos associations professionnelles ne
verbände für ihre Mitglieder nicht; sie suchten eine gehaltvolle voulaient pas pour leurs membres ; elles cherchaient une pu-
Fachzeitschrift, die nicht kurzlebiges Produktewissen, son- blication spécialisée substantielle donnant non des connais-
dern das in der Informatik so grundlegende Konzeptwissen sances éphémères de produits mais les connaissances concep-
vermitteln sollte und dies in einem der Schweizer Leserschaft tuelles si fondamentales en informatique, dans les langues des
zuträglichen Sprachenmix (deutsch, französisch, englisch). lecteurs suisses (allemand, français, anglais).
Eine solche Zeitschrift existierte nicht und musste somit erst Une telle revue n’existait pas et il fallait donc la créer. Une
geschaffen werden. Eine zufällige Häufung kritischer Ent- accumulation fortuite de développements critiques à la fin de
wicklungen Ende 1993 machte die dafür nötigen Synergien 1993 a libéré les synergies nécessaires :
frei: • A la SI (Société Suisse des Informaticiens) avec ses quel-
• In der SI (Schweizer Informatiker Gesellschaft) mit ihren ques 2000 membres, le bulletin d’information SI-Informa-
etwa 2000 Mitgliedern stand das bisherige Mitteilungsblatt tion allait cesser parce que les capacités volontariat s’épui-
SI-Information vor dem Aus, da die ehrenamtlichen Kapa- saient.
zitäten erschöpft waren. • WIF (Wirtschaftsinformatik-Fachverband, intégré mainte-
• Der WIF (Wirtschaftsinformatik-Fachverband – inzwi- nant dans l’association SwissICT) avec 1800 membres
schen im SwissICT aufgegangen) mit 1800 Mitgliedern trat quittait la Société suisse des employés de commerce et per-
damals aus dem SKV aus und verlor damit dessen wö- dait ainsi son organe hebdomadaire, qui d’ailleurs ne tou-
chentliches, aber nicht informatikbezogenes Organ. chait pas à l’informatique.
• Der Dachverband SVI/FSI suchte (nach einem 1992 miss- • L’association faîtière SVI/FSI cherchait (après un essai de
lungenen Verbandsfusionsprojekt) nach geeigneten Mög- fusion échoué en 1992) des occasions appropriées d’assis-
lichkeiten zur Unterstützung seiner Mitgliedorganisatio- ter ses organisations membres : une revue spécialisée suisse
nen: eine schweizerische Fachzeitschrift wäre dazu ideal. serait idéale.
Die damaligen Präsidenten (Helmut Thoma SI, Walter Wüst Les présidents d’alors (Helmut Thoma SI, Walter Wüst WIF,
WIF, Carl August Zehnder SVI/FSI) erkannten und nutzen die Carl August Zehnder SVI/FSI) ont profité de cette occasion.
Chance und schufen in wenigen Wochen die organisatorische En quelques semaines la base d’organisation et économique
und wirtschaftliche Basis für ein Unternehmen, das schon da- pour une entreprise qui comptait déjà à l’époque un budget an-
mals mit einem Jahresbudget von 180’000 Franken rechnete. nuel de 180 000 francs fut créé. Mais ce n’était possible que
Möglich war das allerdings nur, weil sich der frühere Redaktor grâce à l’ancien rédacteur de SI-Information, François Louis
der SI-Information, François Louis Nicolet, damals beruflich Nicolet qui cherchait une nouvelle orientation professionnelle
neu orientieren wollte und seine Fachkompetenz in Informatik et offrit au nouveau projet sa compétence en informatique et
und Journalismus kombiniert mit seinem Enthusiasmus für en journalisme ainsi que son enthousiasme pour les besoins
Anliegen der Informatikverbände gleich in das neue Projekt des associations d’informatique. Dès le début FLN fut l’âme,
einbringen konnte. FLN war von Beginn weg Seele, Motor le moteur et le réalisateur de la nouvelle revue et il l’est resté
und Realisator der neuen Zeitschrift und er blieb es bis zum jusqu’à présent.
heutigen Tag.

2 INFORMATIK • INFORMATIQUE 2/2002


Die INFORMATIK hatte dank SI und WIF von Beginn weg Avec la SI et la SVI/FSI INFORMATIK/INFORMATIQUE dé-
eine Auflage von 4000, die innert acht Jahren allerdings nur buta avec un tirage de 4000. Il n’a pu être augmenté au cours
auf gut 5000 gesteigert werden konnte, trotz teilweiser oder de huit ans qu’à quelque 5000 malgré la participation partielle
zeitweiser Übernahme durch andere Mitgliedorganisationen et temporaire d’autres organisations affiliées à la SVI/FSI (no-
des SVI/FSI (namentlich GRI, SVD/SwissICT, GST, /ch/ tamment GRI, SVD, SwissICT, GST, /ch/open). Le commen-
open). Einfach war der Start nicht, und auch die folgenden cement n’a pas été facile et les années suivantes ont apporté
Jahre brachten immer wieder schwierige Momente. Erinnert des moments difficiles. Rappelons ici la parution « boiteuse »
sei an dieser Stelle etwa an das “hinkende” Erscheinen (1995–1999) parce que WIF, pour des raisons financières, ne
(1995–1999), da der WIF damals aus finanziellen Gründen nur prenait que quatre des six éditions annuelles. La section des
vier der sechs jährlichen Ausgaben für seine Mitglieder zu annonces ne nous a pas non plus épargné des incertitudes : il
übernehmen bereit war. Ständige Unsicherheit brachte auch est difficile d’acquérir des annonces pour une revue associati-
der Inserateteil, da Inserate in einer Verbandszeitschrift nicht ve. Quelques rares donateurs ont aidé substantiellement au dé-
so einfach zu gewinnen sind – einige wenige Gönner haben but, puis les « amis de l’informatique suisse », un groupe agis-
hier am Anfang wesentlich geholfen, später war es eine im sant à l’arrière-plan, ont contribué à l’acquisition d’annonces.
Hintergrund wirkende Gruppe von “Freunden der Schweizer Malgré tous ces problèmes le contenu et la présentation de
Informatik”, die immer wieder zur Inserateakquisition beige- la revue n’ont cessé de se développer. En comparant les pre-
tragen haben. mières éditions à celles de 2002 on s’en rend compte à l’« habit
Trotz dieser Probleme entwickelte sich die Zeitschrift aber rouge » et à bien des détails à l’intérieur. Pour le contrôle de
sowohl inhaltlich, wie auch äusserlich ständig weiter. Wer eine qualité des articles, le rédacteur à pu compter sur l’aide du co-
alte Nummer mit einer von 2002 vergleicht, sieht das am roten mité consultatif rédactionnel auquel appartiennent professeurs
Kleid, aber auch an vielen Einzelheiten im Innern. Zur Quali- et praticiens. L’imprimerie Stulz AG à Oberrieden a pris soin
tätssicherung beim Inhalt konnte der Redaktor auf die Unter- de l’impression et de l’expédition, et c’est à l’agence Jean Frey
stützung des redaktionellen Beirats zählen, dem Professoren AG de Zurich que nous devons l’acquisition des annonces.
und Praktiker gleichermassen angehörten. Zuverlässige Unter- S’ajoutent l’assistance, en grande partie bénévole, de traduc-
stützung erhielt die INFORMATIK von der Druckerei (Stulz AG, teurs, traductrices, correcteurs et correctrices et de la
Oberrieden) und vom Inserateverwalter (Jean Frey Fachme- responsable de la conception graphique et la mise en page.
dien, Zürich) sowie von weiteren Helfern im Bereich Überset- Derrière tout cela il y avait, du début jusqu’à la fin, la main for-
zung, Korrektur, Layout. Hinter allem aber stand von Anfang te, sûre et qualifiée de notre rédacteur F.L. Nicolet. En ce mo-
bis Ende die kräftige, zuverlässige und qualifizierte Hand ment d’adieu, nous remercions très cordialement tous ces col-
unseres Redaktors F.L. Nicolet. Ihm zuerst, aber auch allen laborateurs. Car, pour des raisons de ressources humaines,
anderen Beteiligten, sei in diesem Moment des Abschieds économiques et structurelles, nous ne pouvons plus garantir la
ganz herzlich gedankt. Denn die Weiterführung einer inhalt- continuation d’une revue d’informatique spécifiquement Suis-
lich anspruchsvollen, aber allein auf die Schweiz bezogenen se répondant à de hautes exigences professionnelles. INFOR-
Informatikfachzeitschrift konnte aus personellen, wirtschaftli- MATIK/INFORMATIQUE a fini son temps.
chen und strukturellen Gründen nicht mehr gesichert werden Carl August Zehnder
– die Zeit der INFORMATIK/INFORMATIQUE ist damit abgelau- Président SVI/FSI
fen.
Carl August Zehnder
Präsident SVI/FSI

Siehe auch: Voir aussi :


Mitteilungen der Schweizer Informatiker Gesellschaft, Communications de la Société Suisse des Informaticiens,
Seite 38 page 38
Mitteilungen der SwissICT, Seite 43 Communications de la SwissICT, page 43

INFORMATIK • INFORMATIQUE 2/2002 3


eXtreme Programming

Presentation

Extreme Programming
Luis Fernández, guest editor

This issue is focused on XP (eXtreme programming), one of (thanks to both the negotiation of Michele Marchesi, co-chair-
the recent proposals in the software development field that has man of the Conference, and the collaboration of the authors).
achieved a really important media impact among software “Qualitative Studies of XP in a Medium Sized Business” is
practitioners. As a new way of improving the agility of software another paper from XP2001 (thanks again to Marchesi and the
projects, XP relies on several principles (automated testing, authors). The paper examines the benefits of a flexible manage-
pair development, etc.) that shorten the project life cycle ment approach to XP methodology. Presentation and discus-
between releases. But these principles are also devised to sion of results of an empirical study using qualitative research
obtain a general improvement of software quality and user techniques (questionnaires, direct observation, etc.) are includ-
satisfaction, avoiding problems due to delays and exceeding ed as part of a good review of situations that emerge when
budget. All these promises have raised a general interest in this people try to apply XP in a real organisation.
development philosophy. Trying to satisfy the curiosity of our “XP and software engineering” presents my own analysis of
readers, we have decided to publish an interesting set of paper XP. From the perspective of somebody who has to approach
intended to contribute to a deeper understanding of XP, the pros extreme programming from the “outer world”, this paper is
and the cons. focused on several important improvement proposals. Of
“Extreme programming: a new software development course, the doubts of the author about the success of some
method” was presented in the Sixth Software Quality and Inno- principles of XP related to classical software engineering
vation Spanish Conference (2001) organised by the Software practices (e.g. configuration management vs common property
Quality Group of ATI. In this paper, a brief description of the of code) are also included.
main characteristics and principles of XP is included. This One of the main advantages of XP is the agility of the
contribution helps the reader to know the fundamentals of proposed software process and its direct application to small
Extreme Programming. projects with a high rate of requirements volatility. But, is XP
“The Need for Speed: Automating Acceptance Testing in an suitable for larger or more complex projects? To answer this
Extreme Programming Environment” (L.Crispin, T.House and question, M.Lippert, S. Roock, H. Wolf and H. Züllighoven
C.Wade) presents details of one of the more robust contribu- present an extension of the roles of client representatives and
tions of XP: automated testing. Instead of the usual unconcern- the creation of new document types to address the subsequent
ing in testing that can be observed in the traditional software project situation.
organisations, XP stresses the importance of a proper and effi- I hope this variety of contributions would satisfy the increas-
cient testing practice. As well as a brief review and discussion ing demand of information about XP of software practitioners
of XP testing principles (in a Q&A format), this paper presents (in general sense) and our readers as the persons who we detove
details about a practical experience using JUnit and other our work to.
“tools”. This paper was presented in the XP 2001 conference

Useful references R.Hightower and N.Lesiecki, Java Tools for eX- Web sites
treme Programming: Mastering Open Source Xprogramming, an Extreme Programming Re-
Tools Including Ant, JUnit, and Cactus, John source. http://www.xprogramming.com/
See also the references in the papers published in Wiley & Sons, 2001. eXtreme Programming: A gentle introduction.
this issue. K. Auer, R. Miller, eXtreme Programming Ap- http://www.extremeprogramming.org/
plied: Playing to Win, Addison-Wesley, PortlandPatternRepository and WikiWikiWeb:
2001. http://c2.com/cgi/wiki
Books M. Fowler, K.Beck, J. Brant, W. Opdyke and D. XP Developer: http://www.xpdeveloper.com/
K. Beck, eXtremme Programming. Embrace Orberts, Refactoring: Improving the Design JUnit and other XUnit testing frameworks.
change, Addison-Wesley, 2000. of Existing Code, Addison-Wesley, 1999. http://www.junit.org/
K.Beck & M.Fowler, Planning eXtreme Pro- eXtreme Programming.
gramming, Addison-Wesley, 2000. Conferences http://www.armaties.com/extreme.htm
R. Jeffries, A. Anderson, C. Hendrickson, K. Pair programming.
Beck, R.E. Jeffries, eXtreme Programming Third International Conference on eXtreme Pro-
gramming and Agile Processes in Software http://pairprogramming.com/
Installed, Addison-Wesley, 2000 XP123 – Exploring Extreme Programming.
G.Succi, M.Marchesi, eXtreme Programming Engineering, May 26–29, 2002, Alghero,
Sardinia, Italy. http://www.xp2002.org. http://xp123.com/
Examined, Addison-Wesley, 2001.
W.C.Wake, eXtreme Programming Explored, XP Agile Universe, August 4-7, 2002, Chicago,
Illinois, USA. http://www.xpuniverse.com. Collected by Luis Fernández Sanz
Addison-Wesley, 2001.

4 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

A new method of Software Development: eXtreme Programming


César F. Acebal and Juan M. Cueva Lovelle

What is eXtreme Programming – also known as XP? The aim of this article is to answer that question, and
to reveal the nature of this new method of software development to the uninitiated reader. Naturally the
length of any technical article does not permit more than a brief introduction to any new method or
technique, but we will try to be sufficiently informative so that you will all come away with some idea of the
basic underlying principles, and for anyone who might want to delve deeper into the subject, we will provide
suitable references.

Keywords: eXtreme Programming, XP, Software Develop- • Iterations are radically shorter than is usual in other meth-
ment. ods, so that we can benefit from feedback as often as possi-
ble.
1 Introduction By way of summary, and to wrap up this section and to get
XP is a new software development discipline which, down to the nitty-gritty, I will leave you with this quote from
amid much fanfare, has recently joined the welter of methods, Beck’s aforementioned book.
techniques and methodologies that already exist.To be more “Everything in software changes. The requirements
precise: this is a lightweight method, as opposed to heavy- change. The design changes. The business changes.
weight methods like Métrica. Before we go on, we’d like to The technology changes. The team members change.
make a clarification: in this article we refer to XP as a “meth- The problem isn’t change, per se, because change is
od”, contrary to the official IT tendency to apply the term going to happen; the problem, rather, is the inability to
“methodology” (science of methods) to what are no more than cope with change when it comes.”
methods1 or even mere graphic notations.
It could be said that XP was born “officially” five years ago 2 The four variables
in a project developed by Kent Beck at Daimler Chrysler, after XP sets out four variables for any software project: cost,
he had worked for several years with Ward Cunningham in time, quality and scope.
search of a new approach to the problem of software develop-
ment which would make things simpler than the existing meth-
ods we were used to. For many people, XP is nothing more than
common sense. Why then does it arouse such controversy, and César Fernández Acebal received a degree in informatics
why do some people adore it while others heap scorn on it? As engineering from Oviedo University. He worked as a teacher in
Kent Beck suggests in his book [Beck 00], maybe it’s because Java and Web programming for students of higher professional
XP carries a series of common sense techniques and principles education. Afterwards, he worked as technical director in a web
site development company. He has combined these positions with
to extreme lengths. The most important of these techniques are:
a continuous educational activity related to Java, XML, Web
• Code is constantly reviewed, by means of pair programming development, etc. He is currently an IT architect of B2B 2000, an
(two people per machine) e-business company. His research interests include object-orient-
• Tests are made all the time, not only after every class (unit ed programming and software engineering and agile software
tests), but also by customers who need to check that the processes. He is a member of ATI, IEEE, Computer Society,
project is fulfilling their requirements (functional tests) ACM, etc. <acebal@ieee.org>
• Integration tests are always carried out before adding any Juan Manuel Cueva Lovelle is a mining engineer from
new class to the project, or after modifying any existing one Oviedo Mining Engineers Technical School in 1983 (Oviedo
(continuous integration), making use of testing frameworks, University). He has the Ph. D. from Technical University of Ma-
such as xUnit drid in 1990. From 1985 he is Professor at the Languages and
• We (re)design all the time (refactoring), always leaving code Computers Systems Area in Oviedo University. ACM and IEEE
voting member. His research interests include Object-Oriented
in the simplest possible state
technology, Language Processors, Human-Computer Interface,
Object-Oriented Databases, Web Engineering, Object-Oriented
1. Ricardo Devis Botella. C++. STL, Plantillas, Excepciones, Roles Languages Design, Object-Oriented Programming Methodology,
y Objetos (Templates, Exceptions, Roles and Objects). Paraninfo, XML, WAP, Modelling Software with UML and Geographical
1997. ISBN 84-283-2362-3 Information Systems. <cueva@lsi.uniovi.es>

INFORMATIK • INFORMATIQUE 2/2002 5


eXtreme Programming

It also specifies that of these four variables, only three of With regard to the project’s scope, it is a good idea to let this
them can be established by parties outside the project (custom- be the free variable, so that once the other three variables have
ers and project managers), while the value of the free variable been established, the development team should decide on the
will be established by the development team in accordance scope by means of:
with the other three values. What is new about this? It’s that • The estimation of the tasks to perform to satisfy the custom-
normally customers and project managers considered it their er’s requirements.
job to pre-establish the value of all the variables: “I want these • The implementation of the most important requirements
requirements fulfilled by the first of next month, and you have first, so that at any given time the project has as much func-
this team to work with. Oh, and you know that quality is the tionality as possible.
number one priority!”
Of course when this happens – and unfortunately it happens 3 The cost of change
quite often – quality is the first thing to go out of the window. Although we cannot go into any great depth on this
And this happens for a simple reason which is frequently subject here, we believe it is important to at least mention one
ignored: no one is able to work well when they are put under a of the most important and innovative suppositions that XP
lot of pressure. makes in contrast to most known methods. We are referring to
XP makes the four variables visible to everyone – program- the cost of change. It has always been considered a universal
mers, customers and project managers –, so that the initial truth that the cost of change in the development of a project
values can be juggled until the fourth value satisfies everybody increased exponentially in time, as shown in figure 1.
(naturally, with the possibility of choosing different variables XP claims that this curve is no longer valid, and that with a
to control). combination of good programming practices and technology it
Also the four variables do not in fact bear such a close rela- is possible to reverse the curve, as we show in figure 2.
tion with one another as people often like to think. There is a Naturally, not everyone agrees with this supposition (and in
well known saying that “nine women cannot make a baby in Ron Jeffries web site [Jeffries] you can read several opinions to
one month” which is applicable here. XP puts special stress on this effect). But in any event it is clear that if we decide to use
small development teams (ten or twelve people at most) which XP as a software development process we should accept that
naturally can be increased if necessary, but not before, or the this curve is valid.
result will generally be the opposite of what was intended. The basic idea here is that instead of changing for change’s
However, a number of project managers seem to be unaware of sake, we will design as simply as possible, to do only what is
this when they declare, puffed up with pride, that their project absolutely necessary at any given moment, since the very
involves 150 people, as if it were a mark of prestige, something simplicity of the code, together with our knowledge of refactor-
to add to their CV. It is good, however, to increase the cost of ing [Fowler 99] and, above all, the testing and continuous inte-
the project in matters such as faster machines, more specialists gration, all mean that changes can be carried out as often as
in certain areas or better offices for the development team. necessary.
With quality too, another strange phenomenon occurs: often,
increasing the quality means the project can be completed in 4 Practices
less time. The fact is that as soon as the development team gets But let’s get down to brass tacks. What does XP really
used to doing intensive tests (and we will be coming to this entail? What exactly are these practices we have been referring
point soon, as it’s the corner stone of XP) and coding standards to, which are able to bring about this change of mentality when
are being followed, gradually the project will start to progress it comes to developing software? Trusting that you, the reader,
much faster than it did before. The project’s quality will still will excuse the enforced brevity of our explanation we will now
remain 100% assured – thanks to the tests – which in turn will give a brief description of these practices.
instil greater confidence in the code and, therefore, great-
er ease in coping with change, without stress, and that
will make people programme much faster… and so on.
The other face of the coin is the temptation to sacrifice
the internal quality of the project – that which is
perceived by the programmers – to reduce the delivery
Cost of the Change

time of the project, trusting that the external quality –


that which the customers perceive – will not be affected
too greatly. However, this is a very short term bet, which
tends to be an invitation for disaster, since it ignores the
basic fact that everyone works better when they are
allowed to do a quality job. Ignoring this will cause the
team to get demoralised and, in the long term, the project Requirements Analysis Design Implementation Tests Production
will slow down, and much more time will be lost than
ever could have been hoped to be saved by cutting down Fig. 1: Cost of change in “traditional” software engineering
on quality.

6 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

document itself. On JUnit’s web site, you can find inter-


esting articles which explain how these tests should be
written.
Cost of the Change

Refactoring
This responds to the principle of simplicity and basi-
cally consists of leaving the existing code in the simplest
possible state, so that no functionality is lost nor gained,
and all tests continue to be carried out correctly. This
Requirements Analysis Design Implementation Tests Production will make us feel more comfortable with the code
already written and therefore less reluctant to modify it
Figure 2: Cost of change in XP when some feature has to be added or changed. In the
case of legacy systems, or projects taken over after they
have already been started, we would be bound to need to
Planning devote several weeks just to refactoring the code – which tends
XP sees planning as a permanent dialogue between the busi- to be a source of tension with the project managers involved
ness and technical parties involved in the project, in which the when they are told that the project is going to be held up for
former will decide the scope – what is really essential for the several days “just” to modify existing code, which works, with-
project –, the priority – what should be done first –, the compo- out adding any new functionality to it.
sition of the releases – what should be included in each one –
and the deadline for these releases. Pair programming
The technical people, for their part, are responsible for esti- All code will be developed in pairs – two people sharing a
mating the time needed to implement the functionalities which single monitor and keyboard. The person writing the code
the customer requires, for reporting on the consequences of should be thinking about the best way to implement a particular
decisions taken, for organising the work culture and, finally, for method, while his colleague will do the same, but from a more
carrying out a detailed planning of each release. strategic viewpoint:
• Are we going about this in the right way?
Small releases • What could go wrong here? What should we be checking in
The system first gets into production just a few months at the tests?
most before it is completely finished. Successive releases will • Is there any way to simplify the system?
be more frequent: at intervals of between a day and a month. Of course, the roles are interchangeable, so that at any
The customer and the development team will benefit from the moment the person observing could take over the keyboard to
feedback produced by a working system and this will be demonstrate some idea or simply to relieve his colleague.
reflected in successive releases. Similarly the composition of the pairs could change whenever
one of them were required by some other member of the team
Simple design to lend a hand with their code.
Instead of being hell bent on producing a design which
requires the gift of clairvoyance to develop, what XP advocates Collective property of the code
is, at any given moment, that we should design for the needs of Anyone can modify any part of the code, at any time. In fact,
the present. any one who spots an opportunity to simplify, by refactoring,
any class or any method, regardless of whether they have
Testing written them or not, should not hesitate to do so. This is not a
Any feature of a programme for which there is not an auto- problem in XP, thanks to the use of coding standards and the
mated test simply does not exist. This is undoubtedly the cor- assurance that testing gives us that everything is going to carry
nerstone on which XP is built. Other principles are liable to be on working well after a modification.
adapted to the characteristics of the project, the organisation,
the development team… But on this one point there is no argu- Continuous integration
ment: if we aren’t doing tests, we aren’t doing XP. We should Every few hours – or at the very least at the end of a day’s
be using some automated testing framework to do this, such as programming – the complete system is integrated. For this
JUnit [JUnit] or any of its versions for different languages. purpose there is what is known as an integration machine,
Not only that, but we will write the tests even before we write which a pair of programmers will go to whenever they have a
the class which is to be tested. This is an aid to following the class which has passed a unit test. If after adding the new class
principle of programming by intention, that is, writing code as together with its unit tests the complete system continues to
if the most expensive methods had already been written, and so function correctly, i.e. passes all the tests, the programmers will
we only had to send the corresponding message, in such a way consider this task as completed. Otherwise they will be
that the code will be a true reflection of its intention and will responsible for returning the system to a state in which all tests
function at 100%. If after a certain time they are unable to

INFORMATIK • INFORMATIQUE 2/2002 7


eXtreme Programming

5 Planning
Waterfall Iterative XP While XP is a code centred
method it is not just that. It is also
Analysis
above all a software project manage-
ment method, in spite of the criticism
Design
levelled by many people, perhaps
Time after a too hasty reading of an article
Implementation
such as this one. But for anyone who
has taken the trouble to read any of
Tests
the books explaining the process, it
will be clear that planning makes up a
Scope fundamental part of XP. The thing is
(a) (b) (c)
that, given that software develop-
ment, like almost everything in this
life, is a chaotic process, XP does not
Figure 3: Comparison of long development cycles: (a) the waterfall model (b) shorter attempt to find a non-existent deter-
iterative cycles, for example, the spiral model and (c) the mix of all these activities which minism but rather provides the means
XP employs throughout the whole software development process
necessary to cope with that complex-
ity, and accepts it, without trying to
force it into constraints of heavy-
discover what it is wrong, they will bin the code and start over weight or bureaucratic methods. We wholeheartedly recom-
again. mended you to read Antonio Escohotado’s gentle introduction
to chaos theory [Escohotado 99], which we believe has a lot to
40 hours a weeks do with the idea behind XP. In short, lightweight methods – and
If we really want to offer quality, and not merely a system XP numbers among them – are adaptive rather than predictive
that works – which we all know, in IT, is trivial2 – we will want [Fowler].
each member of our team to get up each morning rested and to
go home at 6 in the evening tired but with the satisfaction of a The life cycle
job well done, and that when Friday comes around he or she If, as has been demonstrated, long development cycles of
can look forward to two days’ rest to devote to things which traditional methods are unable to cope with change, perhaps
have nothing whatsoever to do with work. Naturally it doesn’t what we should do is make development cycles shorter. This is
have to be 40 hours, it could be anything between 35 and 45, another of XP’s central ideas. Let’s take a look at a chart which
but one thing is certain: nobody is capable of producing quality compares the waterfall model, the spiral model and XP:
work 60 hours a week.
6 Conclusions
Customer on site As we said at the beginning article, XP, just one year after
Another controversial XP rule: at least one real customer the publication of the first book on the subject, has caused a
should be permanently available to the development team to great furore among the software engineering community. The
answer any question the programmers may have for them, to results of the survey below, commissioned by IBM, evidences
establish priorities… If the customer argues that their time is the fact that opinions on the subject are divided [IBM 00]:
too valuable, we should realise that the project we have been Pair programming comes in for some especially strong criti-
given is so trivial that they do not consider it worthy of their cism, above all from project managers, though it is an opinion
attention, and that they don’t mind if it is based on suppositions which is doubtless shared by many programmers with an over-
made by programmers who know little or nothing of the cus- developed sense of ownership regarding code (“I did this, and
tomer’s real business. what’s more I am so good at programming and I have such a
command of the language’s idioms that only I can understand
Coding standards it”), but a lot is also said about the myth of the 40 hour week,
These are essential to the success of collective property of the that “all this business about tests is all very well if you have
code. This would be unthinkable without a coding based on plenty of time, but they are an unaffordable luxury under
standards which allow everyone to feel comfortable with code current market conditions”… and many other vigorous criti-
written by any other member of the team. cisms in a similar vein.
There are also people who say (and this criticism is perhaps
more founded than the previous ones) that XP only works with
2. Ricardo Devis Botella. Curso de Experto Universitario en Integra-
good people, that is, people like Kent Beck, who are able to
ción de Aplicaciones Internet mediante Java y XML. (University make a design which is good, simple and, at the same time –
Expert Course in the Integration of Internet Applications via Java and maybe precisely for that reason – easily extendable, right
and XML) University of Oviedo, 2000. from the outset.3

8 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

References
Lo he probado
[Beck 99]
I tried yit lo aborrezco
and I hate it 8%
Kent Beck. Embracing Change with eXtreme
Programming. Computer (magazine of the
Es una mala idea, no puede funcionar IEEE Computer Society).Vol. 32, No. 10.
It’s a bad idea,
nuncait’ll never work
16%
October 1999, pp. 70–77
[Beck 00]
Es un buena idea, pero
It’s a good idea,que
butno
it’llfuncionará
never work 25% Kent Beck. eXtreme Programming Explained:
Embrace Change. Addison Wesley Longman,
2000. ISBN 201-61641-6
Lo heI’ve
probado
tried ity me
andencanta
I love it 51% [Beck/Fowler]
Kent Beck, Martin Fowler. Planning eXtreme
Programming. Addison-Wesley.
0% 10% 20% 30% 40% 50% 60% ISBN 0201710919
[Escohotado 99]
Antonio Escohotado. Caos y orden (Chaos and
Figure 4: IBM survey (October 2000): What do you think about EXtreme order). Espasa Calpe, 1999. ISBN 84-239-
Programming?
9751-0. An interesting introduction to chaos
theory, which in our view describes the atti-
tude you need to approach software develop-
One of the things we are trying to say is that XP should not ment from an XP point of view.
[Fowler]
be misinterpreted due to the inevitable superficiality of articles Martín Fowler. The New Methodology. http://www.martinfowl-
such as the one you are reading. At the end of the day the crea- er.com/ articles/newMethodology.html
tor of this method is not some upstart, but one of the pioneers [Fowler 99]
in the use of software templates, creator of CRC files, author of Martin Fowler. Refactoring: Improving the Design of Existing
the HotDraw drawing editor framework, and the xUnit.testing Code. Addison-Wesley, 1999. ISBN 0201485672
[Jeffries et al. 00]
framework. Were it for no other reason, it would be worth at Ronald E. Jeffries et al. EXtreme Programming Installed. Addi-
least taking a look at this new and exciting software develop- son-Wesley, 2000. ISBN 0201708426
ment method. [IBM 00]
However, none of the practices advocated by XP are an http://www-106.ibm.com/developerworks/java/library/java-poll-
invention of the method; all of them existed before, and what results/xp.html. Java poll results: What are your thoughts on
EXtreme Programming? IBM survey, October 2000
XP has done is to put them all together and prove that they [IEEE CS]
work. http://www.computer.org/seweb/Dynabook/Index.htm. eXtreme
In any event, Beck’s first book is a breath of fresh air which Programming. Pros and Cons. What questions remain? The first
should be compulsory reading for any software engineer or “dynabook” from the IEEE Computer Society was devoted to XP,
software architect, to use the term preferred by our friend with a series of related articles.
[JUnit]
Ricardo Devis, whatever conclusions you may finally draw http://www.junit.org. JUnit, an automated testing framework for
about XP. At the very least, it’s great fun to read. Java, adapted from the framework of the same name for Small-
talk, and available in many other languages. These other versions,
under the generic name xUnit, are available at the Ron Jeffries’
web site [Jeffries], in the software section.
[Jeffries]
3. Raúl Izquierdo Castanedo. Comunicación privada. (Private com- http://www.xprogramming.com. One of the most complete XP
munication) portals, by Ron Jeffries.

INFORMATIK • INFORMATIQUE 2/2002 9


eXtreme Programming

The Need for Speed:


Automating Acceptance Testing in an XP Environment
Lisa Crispin, Tip House and Darol Wade

In “eXtreme Programming Explained”, Kent Beck compares eXtreme Programming (XP) to driving a car:
the driver needs to steer and make constant corrections to stay on the road. If the XP development team is
steering the car, the XP tester is navigating. Someone needs to plot the course, establish the landmarks, keep
track of the progress, and perhaps even ask for directions. Acceptance tests must go beyond functionality to
determine whether the packages meet goals such as specified performance levels. Automating end-to-end
testing from the customer point of view can seem as daunting as driving along the edge of a cliff with no
guard rail. At Tensegrent, a software engineering firm in Denver organized around XP practices, the
developers and the tester have worked together to design modularized, self-verifying tests that can be quickly
developed and easily maintained. This is accomplished through a combination of in-house and vendor-
supplied tools.

Keywords: Testing, Automated Testing, Acceptance Testing, all of XP, it requires courage, but it can – and should – be fun,
Test Scripts, Tester, Test Tools, Web Testing, GUI Testing. not scary.
The XP practices we follow at Tensegrent include:
Introduction • pair programming
The three XP books give detailed explanations of many • test first, then code
aspects of the development side of XP. The test engineer com- • do the simplest thing that works (NOT the coolest thing that
ing from a traditional software development environment may works!)
not find enough direction on how to effectively automate • 40-hour week
acceptance tests while keeping up with the fast pace of an XP • refactoring
project. In an XP team, developers are also likely to find them- • coding standards
selves automating acceptance tests – an area where they may • small releases
have little experience. Automating acceptance testing in an XP • play the planning game
project may feel like driving down a 12% grade in a VW bug We apply these same practices to testing – including pair
with a speeding semi in the rear-view mirror. Don’t worry – like testing.

Lisa Crispin has more than10 years experience in testing and to furthering access to world’s information, where he develops and
quality assurance, and is currently a Senior Consultant with Bold- supports test automation tools and document management systems
Tech Systems (http://www.boldtech.com), working as a tester on for the Web. Although his main interest has always been software
Extreme Programming (XP) teams. Her article “Extreme Rules of development, he also has a long-standing interest in software test-
the Road: How an XP Tester can Steer a Project Toward Success” ing, software measurement, and quality assurance, having presented
appeared in the July 2000 issue of STQE Magazine. Her presenta- papers on these subject at development, measurement and testing
tion “The Need for Speed: Automating Acceptance Tests in an conferences in the US and Europe. He has achieved Certified Qual-
Extreme Programming Environment” won Best Presentation at ity Analyst, Certified Software Quality Engineer, and Lead Ticket
Quality Week Europe in 2000. Her papers “Testing in the Fast Lane: Auditor certifications, and managed the independent test function at
Acceptance Test Automation in an Extreme Programming Environ- OCLC during their three year successful effort to become registered
ment” and “Is Quality Negotiable?” will be published in a collection to the ISO9000 standards. <house@oclc.org>
called Extreme Programming Perspectives from Addison-Wesley. Carol Wade, a technical writer for over twenty years, She has
She is co-writing a book Testing for Extreme Programming which worked primarily in the field of computer software, writing end-user
will be published by Addison-Wesley in October 2002. Her presen- documentation. For nine years, she worked for Los Alamos Nation-
tations and seminars in 2001 included “XP Days” in Zurich, XP al Laboratory, where she served as a writer and editor, and started a
Universe in Raleigh, and STAR West. <lisa.crispin@att.net> language translation service. Currently, she is the sole technical
Tip House is Chief Systems Analyst at the OCLC Online writer for Health Language, Inc., which has produced the first lan-
Computer Library Centre Inc., a non-profit organization dedicated guage engine for health care.

10 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

Do XP teams really need a dedicated tester? It’s hard for a is always easy. In my experience, it is fairly easy to get a
tester to answer this in an unbiased manner. In my experience, customer to come up with tests for the intended functionality of
even senior developers don’t have much testing experience, the system. What is more difficult, and requires a tester’s skill,
beyond unit and integration tests and perhaps load tests. They is to make sure the customer thinks about areas such as securi-
tend to write acceptance tests only for “happy paths” and don’t ty, error handling, stability, and performance under load.
think of the nasty evil steps that might break the system. At Other differences between traditional and XP development
Tensegrent, we had one project wrapping up while another one are more subtle. It’s really a matter of degree. XP projects move
was starting, so a decision was made to do the first two-week fast even when compared with the pace at the Web startup
iteration of the new project with a developer serving as a part- where I used to work. It’s the fast lane on the Autobahn. A new
time tester. By their own admission, without an experienced iteration of the software, implementing new customer “sto-
tester to push them, the developers got 90% of all the stories ries”, is released every one to three weeks. My goal is always
done by the end of the iteration. To the customer, this looked to get acceptance test cases defined within the first day or two
like nothing at all was done, and they were very unhappy. It of an iteration, as these are the only written “specifications”
took some work to win back the customer’s trust. available. For our projects, the acceptance test definitions have
been a joint effort of the team.
How is Testing in XP Different? From a tester’s point of view, the developer to tester ratio in
How does acceptance testing in an XP environment deviate XP looks about as comfortable as driving through the desert in
from traditional software testing? First of all, let’s look at an un-air-conditioned Jeep. According to Kent Beck, there
acceptance testing. Acceptance tests prove that the application should be one tester for each eight-developer team. At Tenseg-
works as the customer wishes. Acceptance tests give custom- rent, the ratio gets even higher.
ers, managers and developers confidence that the whole prod-
uct is progressing in the right direction. Acceptance tests check Eeek! Are you sure protective gear isn’t required?
each increment in the XP cycle to verify that business value is Fear not! XP builds in checks and balances that enable a
present. Acceptance tests, the responsibility of the tester and small percentage of test specialists to do an adequate job of
the customer, are end-to-end tests from the customer perspec- controlling quality.
tive, not trying to test every possible path through the code (the • Because the developers write so many unit tests, which they
unit tests take care of that), but demonstrating the business must write before they begin coding – the tester doesn’t need
value of the application. Acceptance tests may also include to verify every possible path through the code.
load, stress and performance tests to demonstrate that the • The developers are responsible for integration testing and
stability of the system meets customer requirements. must run every unit test each time they check in code. Inte-
gration problems are manifested before acceptance tests are
Should I strap on a helmet and arm the air bags? run.
Testing in an XP environment feels like a drive through twist- • The customer gives input to the acceptance tests and pro-
ing mountain roads at first. When I first read eXtreme Program- vides test data.
ming Explained, the very idea of testing without any formal • The entire development team, not just the tester, is responsi-
written specifications seemed a bit too extreme. It’s been ble for automating acceptance tests. Developers also help
difficult learning all the different ways I can contribute to the the tester produce reports of test results so that everyone
team’s success. My roles can be confusing and conflicting – feels confident about the way the project is progressing.
I’m part of the development team, but I need a more objective A caveat – if developers aren’t diligent in writing and run-
viewpoint. I’m a customer advocate, making sure the customer ning unit tests and integrating often, you’re going to have to
gets what she pays for. At the same time, I need to protect the hire more testers. A couple of iterations into our first project at
developers from a customer who wants more than they paid for. Tensegrent, I told my boss I thought we’d have to hire more
While XP is definitely a new way to drive, the road isn’t as testers, there was no way I could keep up! The problem was
unfamiliar as some might think. For example, many people new simply that the developers hadn’t gotten the hang of “test
to XP think that XP projects produce very little documentation. before code” yet. Once they did a thorough job of unit and
This hasn’t been our experience. For one thing, the acceptance integration testing, my job became much more manageable.
tests themselves become the main documentation of the cus- The roles of the players on an XP team are quite blurred
tomer requirements. They can be quite detailed and extensive. compared with those in a traditional software development
As an XP project progresses, many other documents may be process. Thus our Tensegrent XP (“XP”) philosophy is
produced: installation instructions, UML documents, Javadocs, “specialization is for insects”. Here are some of the tasks I
developer setup documents, the list goes on. The difference perform as a tester:
between these and the documents in many traditional projects • Help the customer write stories
is, the XP project documents are up to date and accurate • Help break stories into tasks and estimate time needed to
Question: How do you write acceptance test cases without complete them
documents? • Help clarify issues for design
Answer: You don’t need documents, because you have a • Team with the customer to write acceptance tests
customer there to tell you what she is looking for. Not that this

INFORMATIK • INFORMATIQUE 2/2002 11


eXtreme Programming

• Pair with the developers to develop test tools, automated test we felt much more confident about areas that had previously
scripts, and/or test data. been difficult for us to understand, such as the planning game,
Question: The whole concept of pair programming sounds automated unit testing and acceptance testing.
weird enough. How can a tester pair with a programmer? Don’t stop there. Talk to XP experts. Look at the Wiki pages
Answer: I’m not a Java programmer and our developers don’t and sign up for the egroups. If no XP user group has been
know the WebART scripting language, but we still pair pro- formed in your city, start one.
gram. The partner who is not doing the actual typing contrib-
utes by thinking strategically, spotting typos and bad habits, Automating Acceptance Tests
and even serving as a sounding board for the coder. This is a
fabulous way for developers and testers to understand and work What can you automate?
together better. It also gives the tester much more insight into According to Ron Jeffries, author of XP Installed, successful
the system being coded. acceptance tests are, among other things, customer-owned and
I was reluctant to pair test at first. If the developers wrote the automatic. However, customer-owned does not necessarily
test scripts, would I be able to understand them and maintain mean customer-written. In fact, as Kent Beck points out in
them? The developers weren’t anxious to pair with me for test- Extreme Programming Explained, customers typically can’t
ing, either. They felt too busy to spare time for acceptance test- write functional tests by themselves, which is why an XP team
ing. Then we had a project where I needed very complicated has a dedicated tester: to translate the customers ideas into
test data loaded into a Poet database for testing a security automatic tests.
model. By pairing with a developer, I finished in at least half the Even with a dedicated tester, though, the “automatic” criteri-
time it would have taken to do it alone, and did a better job. on has given us some trouble. We automate whenever it makes
Now developers take turns on “test support” to produce test sense, but like most things, it is a trade-off. When you have to
scripts and data needed for automation, sometimes also to help climb a steep dirt road every day, a four-wheel drive vehicle is
define test cases if I’m having trouble understanding a story. a necessity, but it’s overkill if you’re just cruising around the
Once you’ve mustered the courage to switch to the XP fast block.
lane, it feels fun and safe. For example, we haven’t found a cost-effective way to auto-
mate Javascript testing (so, we just avoid using Javascript). And
How do I Educate Myself About XP? we’re also struggling with how to automate non-Web GUI test-
Just as you wouldn’t attempt to drive a Formula One car ing in an acceptable timeframe.
without preparing yourself with training and practice, the XP It costs time and money to automate tests and to maintain
team needs good training to start off on the right road and stay them once you’ve got ‘em. Recently we had a contract for three
on it. two-week iterations with four developers and myself to devel-
Start by reading the XP books. The first written about XP is op some components of a system for a customer. While the
Extreme Programming Explained, by Kent Beck. The other two system involved a user interface, the design of the UI itself was
are also essential: Extreme Programming Installed, by Ron to be done later, outside of our project. We developed a very
Jeffries, Ann Anderson, and Chet Hendrickson; and Planning basic interface to be able to test the system. The system
Extreme Programming, by Kent Beck and Martin Fowler. involved multiple servers, interfaces, monitors and a database.
You can get an overview and extra insight into XP and simi- Full test automation would have been a big effort. It didn’t
lar lightweight disciplines from the many XP-related websites, make sense to spend the customer’s tight resources on scripts
including: that had a short life span. Still, I automated the more tedious
http://www.xprogramming.com parts of the testing so I could get the tests done in time. In
http://www.extremeprogramming.org addition, I needed scripts for load testing. About 40% of the
http://c2.com/cgi/wiki?ExtremeProgrammingRoadmap testing ended up automated. For a longer project, I would
http://www.martinfowler.com prefer to automate more.
When we at Tensegrent had assembled our first team of eight
developers and a tester, we got together and went through Principles of XP Functional Test Automation
Extreme Programming Explained and Extreme Programming To get more automation, you have to make automation pay
Installed as a group, discussing each XP principle, recording off in the short term, and this means spending less time devel-
our questions (many of them on testing) and deciding how we oping and maintaining the automated tests. Here are the princi-
thought we would implement each principle. This took several ples we are using to accomplish this:
hours but put us all on common ground and made us feel more • Drive the test automation design with a “Smoke Test”, a
secure in our understanding of the concepts. broad but shallow verification of all the critical functionality.
Once your team has read and discussed the XP literature, it’s • Design the tests like software, so that the automated tests do
time to get professional training. We hired Bob Martin of not contain any duplicate code and have the fewest possible
ObjectMentor, a consulting company with much XP expertise, modules.
for two days of intense training (see www.objectmentor.com • Separate the test data from the test code, so that you can
for more information). After Bob answered all our questions, deepen test coverage by just adding additional test data.

12 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

• Make the test modules self-verifying to tell you if they technologies than we might have had later with a client
passed or failed of course, but also to incorporate the unit project.
tests for the module. • Mutual understanding. The team tasked with producing an
• Verify only the function of concern for a particular test, not acceptance test driver consisted of only four members and
every function that may have to be performed to set up the me, so I was called on to pair program. This exercise gave
test. me insight into how tough it is to write unit tests, write code
• Verify the minimum criteria for success. “Minimum” and refactor the code. The developers gave a lot of thought
doesn’t mean “insufficient”. If it weren’t good enough, it to acceptance testing and we had long discussions about
wouldn’t be the minimum. Demonstrate the business value what the best practices would be. This is a great foundation
end-to-end, but don’t do more than the customer needs to for any XP team.
determine success.
• Continually refactor the automated tests, by combining, Tools
splitting, or adding modules, or changing module interfaces To keep the XP car humming, XP testers need a good tool-
or behaviour whenever it is necessary to avoid duplication, box: one containing tools designed specifically for speed,
or to make it easier to add new test cases flexibility and low overhead.
• Pair program the tests, with another tester or a programmer. I’ve asked several XP gurus, including Kent Beck, Ward
• Design the software for testability, such as building hooks Cunningham and Bob Martin, the following question: “What
into the application to help automate acceptance tests. Push commercial tools do you use to automate acceptance testing?”
as much functionality as possible to the backend, because it Their answers were uniform: “Grow your own”. Our team
is much easier to automate tests against a backend than extensively researched this area. Our experience has been that
through a user interface. I sit in on the developers’ iteration we are able to use a third-party tool for Web application test
planning and quick whiteboard design sessions. If I perceive automation, but we need homegrown tools for other purposes.
business logic getting into the front end, for example in For unit testing, we use a framework called jUnit, which is
Javascript, I challenge the wisdom of such a move. available free from http://www.junit.org. It does an outstanding
job with unit tests. Even though I am not a Java programmer, I
An XP Automated Test Design can run the tests with jUnit’s TestRunner and can even under-
Appendix A gives an example of a lightweight test design stand the test code well enough to add tests of my own. It’s
illustrating the application of the principles we have been using possible to do some functional tests with jUnit. Some XP teams
successfully at Tensegrent. I’m using WebART (see the Tools use this tool for automating acceptance tests, but it can’t test the
section below) to create and run the scripts. However, this user interface. We didn’t find it to be a good choice for end-to-
design approach should work with any method of automation end acceptance testing.
that permits modularization of scripts. The appendix gives
details on downloading both the sample scripts and WebART. Tools for Creating Acceptance Tests
Some XP pros such as Ward Cunningham advocate the use
Who automates the acceptance tests? of spreadsheets for driving acceptance tests. We want to make
Some sports appear to be individual, when in actuality, they it easy for the customer to write the tests, and most are comfort-
involve a team. Winners of the Tour de France get all the glory, able with entering data in a spreadsheet. Spreadsheets can be
but their victory represents a team effort. Similarly, the XP exported to text format, so that you and/or your development
team may have only one tester, but the entire team contributes team can write scripts or programs to read the spreadsheet data
to automating acceptance tests. If tools are needed to help with and feed it into the objects in the application. In the case of
acceptance testing in an XP project, write stories for those tools financial applications, the calculations and formulas your
and include them in the planning game with all the other customer puts into the spreadsheet communicate to the devel-
stories. You'll probably need to budget at least a couple of opers how the code they produce should work.
weeks for creating test tools for a moderately size project. At Tensegrent, we provide a couple of ways for documenting
In the early days of Tensegrent, we initiated a project for the acceptance test cases. Usually we use a simple spreadsheet
specific purpose of developing automated test tools. This had format, separating the test case data itself from the description
several advantages, in addition actually producing the tools: of the test case steps, actions and expected results. We’ve also
• Practice with XP writing stories, playing the planning game, experimented with entering test cases in XML format which is
estimating. This gave us confidence in our XP skills that used by an in-house test driver. We’re continuing to experiment
served us future projects. with the XML idea, but the spreadsheet format has worked
• Practice with development technologies. Developers could well. See Appendix B for a sample acceptance test spreadsheet
experiment with different approaches and get experience template.
with new tools. For example, the developers investigated in Appendix C shows a partial excerpt of a sample XML file
advance the advantages of using a dom versus a sax parser used for acceptance test cases. The test case consists of a
on the XML files containing customer test data. Doing this description of the test, data and expected output, steps with
in advance gave us more time to experiment and research actions to be performed and expected results.

INFORMATIK • INFORMATIQUE 2/2002 13


eXtreme Programming

Automated Testing for Web Applications integration. We decided to start by developing our own tool,
Test automation is relatively straightforward for Web appli- “TestFactor-e”, that will help customers and testers run manual
cations. The challenge is creating the automated scripts quickly tests consistently. It will also record the results. We plan to
enough to keep pace with the rapid iterations in an XP project. enhance this tool to feed the test data and actions directly into
This is always toughest in the early iterations. There are times application backends in order to automate the tests. As we have
that I feel like the slow old car blocking the fast lane. For that only been developing web applications, this effort is on the
extra burst of speed, I use WebART (http://www.oclc.org/ back burner.
webart), an inexpensive HTTP-based tool with a powerful No matter what the system being tested, it takes time to get
scripting language. WebART enables me to create modularized up to speed with automation. I plan to do manual testing in the
test scripts, creating many reusable parts in a short enough first iteration. At the start of the second iteration, I can start
timeframe to keep up with the pace of development. Javascript automating, using the method described in Appendix A. There
testing presents a bigger obstacle. We test it manually and care- are times I run into a roadblock which sets me back a day or
fully control our Javascript libraries to minimize changes and two. The solution to that is to find someone to pair with me. As
thus the required retesting. Meanwhile, we continue to research the tester in an XP project, you may feel lonely at times, but
ways of automating Javascript testing. remember, you aren’t ever alone!
Our developers wrote a tool to convert test data provided by
the customers in spreadsheet or XML format into a format that Reports
can be read by WebART test scripts so that we can automate Getting feedback is one of the four XP values. Beck says that
Web application testing. Even small efforts like this can help concrete feedback about the current state of the system is price-
you gain that competitive edge in the speedy XP environment. less. If you’re on a long road trip, you check for road signs and
landmarks that tell you how far along your route you’ve come.
Automated Testing for GUI Applications If you realize you’re running behind, you skip the next stop for
Test automation for non-HTTP GUI applications has been coffee or push the speed a bit. If you’re ahead of schedule, you
more of an uphill climb. You can travel faster in a helicopter might detour to a more scenic road. The XP team needs a
than a mountain bike, but it takes a long time to learn to fly a constant flow of information to steer the project, making
helicopter; they cost a lot more than a bicycle and you may not corrections to stay in the lane. The team’s continual small
find a place to land. Similarly, the commercial GUI automated adjustments keep the project on course, on time and on budget.
test tools we’ve seen require a lot of resources to learn and Unit tests give programmers minute-by-minute feedback.
implement. They’re budget breakers for a small shop such as Acceptance test results provide feedback about the “Big
ours. We searched far and wide but could not come up with a Picture” for the customer and the development team.
WebART equivalent in the GUI test world. JDK 1.3 comes with Reports don’t need to be fancy, just easy to read at a glance.
a robot that lets you automate testing of GUI events with Java, A graph showing the number of acceptance tests written, the
but it’s based on the actual position of components on the number currently running and the number currently succeeding
screen. Scripts based on screen content and location are inflex- should be prominently posted on the wall. You can find exam-
ible and expensive to maintain. We need tests that give the ples of these in the XP books. Our development team wrote
developers confidence to change the application, knowing that tools to read result logs from both automated tests and manual
the tests will find any problems they introduce. Tests that need tests run with “TestFactor-e”. These tools produce easy-to-read
updating after each application change could cause us to lose detail and summary reports in HTML and chart format.
the race. With all this feedback, you’ll confidently deliver high-quality
We felt that the most important criteria for acceptance tests is software in time to beat your competition. You’ll meet the
that they be repeatable, because they have to be run for each challenges of 21st century software development!

Appendix A: Lightweight Test Design

XP Automated Test Design The Sample Application


The sample scripts used to illustrate the test design are Our sample application is a telephone directory lookup web-
written with a test tool called WebART (http://www.oclc.org/ site, http://www.qwestdex.com. This is certainly not intended
webart/). Any test tool that permits modularization and param- as an endorsement of Qwest and we have no connection with
eterization of the scripts should support this design. To down- them, it was just a handy public application with characteristics
load a soft copy of the sample scripts, go to http://www.oclc. that allow us to illustrate the tests.
org/webart/samples/ and click on the “qwmain Sample Scripts”
link. The Smoke Test
We will consider the critical functionality to be logging into
the site and finding the businesses within a certain city and

14 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

Action Minimum Passing Criteria


Go to Starting
Go to login page Page contains the login form Login Url
Login Valid login name and password brings up Login
profile page Page
Search for valid category in Valid search retrieves table of businesses
specified city Login User Id &
Password
Logout Page contains link to login page and
home page Profile
Page

Table 1 Go to
Search

category. Pretend that this is the most important story in the Search
first iteration. Table 1 shows the basic scenario we want to test. Page
Category &
Search
The Test Design City
We know that there will be more functionality to test in sub-
sequent iterations, but we will use the simplest design we can Results
Page
think of to accomplish these tests without duplication. Then we
will refactor as necessary to accommodate the additional tests. Logout
The modules will be Go to Login, Login, Go to Search,
Search, and Logout. In figure 1 is a diagram showing how the
Fig. 1: The test design
modules are parameterized.

Separating the test data from the code


The items on the right side of the diagram represent test data: Creating the Scripts
the URL of the login page, the user id and password to use to Creating the first set of scripts is the hard work. Once you
login, and the category and city to search. The test data is have a working set of modules, you can reuse entire modules in
segregated into a test case file, which is read in by the test when some cases or turn them into templates in other cases. Here are
it executes. In figure 2 is sample content of that file to run a the steps I use (preferably as part of a pair) to create test scripts:
single test case. 1. Capture a session for the scenario I want to test. See
“capqwest” in the sample scripts as an example.
Verification 2. Copy “qwmain”, “zsqwlogin” and the other supporting
The main modules use a set of primitive validation modules modules that I already have to new names. Strip out the code
to check for the specific conditions required in a system that was specific to that application.
response and determine a pass or fail condition. The validation 3. Paste in the code specific to the scenario I want to test, copy-
modules in turn call utility modules to record the results. ing from the captured script into the newly created “tem-
This example uses the following three validation modules: plates”. Use XP principles here: work in small increments,
• vtext validates that a response contains specified text. for the make sure your scripts work before you go on. For example,
text string. first see if you can get the login to work. Then add the
• vlink validates that a page contains a specific link. search. Then add the logic for switching depending on the
• vform validates that a page contains a specified HTML form. pass/fail outcome. Remember to do the simplest thing that
works and add complexity only as you need it.
Utility Modules
There are also two utility modules which are used by the
main modules:
• trace – Displays execution tracing information in the smoketest
WebART execution window, for debugging the tests. [
:iter1:
• log – Records validation outcomes in a log file. Url <url=http://qwestdex.com>
The “zslog” module in the sample scripts writes test results UseridPassword <uid=bob&psw=bob>
out in XML format. An in-house tool from Tensegrent called CatCity <cat=banks&city=dallas>
]
TestFactor-e builds an HTML page from this log file showing
the results with colour-coding for pass, not run and fail. See Fig. 2: Sample content of the file to run a test case
Appendix B for an example.

INFORMATIK • INFORMATIQUE 2/2002 15


eXtreme Programming

Appendix B: Partial Excerpt of XML Template for Acceptance Test Cases

<?xml version=“1.0" encoding=“UTF-8” standalone=“no” ?> <interest-rate>0.5</interest-rate>


<term-of-loan>1200</term-of-loan>
<!DOCTYPE at-test SYSTEM “at-test.dtd” [ </input>
<!ELEMENT input ANY > <output>
<!ELEMENT loan-amount ANY > <monthly-payment>A big, fat wad of dough!</monthly-payment>
<!ELEMENT interest-rate ANY > </output>
<!ELEMENT term-of-loan ANY > </at-struct>
<!ELEMENT output ANY > </at-data-sets>
<!ELEMENT monthly-payment ANY > <at-plan>
]>
<at-step name=“populate-loan-amount”>
<at-test name=“calc-monthly-payment” version=“1.0" severity=“CRITICAL”> <at-action>
<at-project>mortgage-calc</at-project> <at-text>Enter “{0}” in the “Loan Amount field”.</at-text>
<at-value dset=“values” select=“/input[2]/loan-amount”/>
<at-description> </at-action>
Enter loan amount, interest rate, term of loan (in months) <at-expect>
to calculate monthly payment. <at-text>Cursor moved to “Interest Rate” field for input.</at-text>
</at-description> </at-expect>
</at-step>
<at-data-sets> </at-plan>
<at-struct id=“values”>
<input> </at-test>
<loan-amount>1000000000.00</loan-amount>

Appendix C: Sample Acceptance Test Spreadsheet

16 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

Qualitative Studies of XP in a Medium Sized Business


Robert Gittins, Sian Hope and Ifor Williams

Qualitative Research Methods are used to discover the effects of applying eXtreme Programming (XP) in a
software development business environment. Problems dominating staff development, productivity and
efficiency are parts of a complex human dimension uncovered in this approach. The interpretation and
development of XP’s “Rules and Practices” are reported, as well as the interlaced communication and
human issues affecting the implementation of XP in a medium sized business. The paper considers the
difficulties of applying XP in a changing software requirements environment, and reports on early
deployment successes, failures and discoveries, and describes how management and staff adapted during
this period of change. The paper examines the benefits of a flexible management approach to XP
methodology, and records the experiences of both management and staff, as initial practices matured and
new practices emerged.

Keywords: Extreme Programming, Qualitative methods, ment system. [Cockburn/Williams 02] investigate “The cost
Software Methodology. benefits of pair programming”. [Sharp et al. 00] describe a
“cross-pollination”’ approach, to a deeper understanding of
1 Related Work implicit values and beliefs.
Previous qualitative research [Seaman 99], [Sharp et al. XP developed recently from [Beck 00] and [Beck/Fowler
99], [Cockburn/Williams 02], has concentrated on non-judg- 00], and more recently in [Jeffries et al. 00]. [Williams/Kessler
mental reporting, with the intent of provoking discussion with- 00] study lone and paired programmers, and [Williams et al.
in the culture being studied by providing observations and 00] the cost effectiveness of pairing.
evidence, collaborators deciding for themselves whether any
changes were required. This fieldwork study follows the format 2 The Study
of [Gittins/Bass 02], whereby the researcher is immersed for a Secure Trading, the focus of this paper, is a medium sized
period in the software developer team; thereby the active software company committed to implementing XP, and
researcher becomes instrumental in the development and comprises a team of nine developers. Secure Trading decided
improvement of XP. [Seaman 99] describes an empirical study to implement XP in a progressive manner, conscious of mini-
that addresses the issue of communication among members of mising disruption to the business process. Reference material
a software development organization. [Sharp et al. 99] use from other companies, not specifically named in this paper, will
combined ethnography and discourse analysis, to discover only be used in general terms to highlight some typical prob-
implicit assumptions, values and beliefs in a software manage- lems facing established, and highly traditional companies,

Robert Gittins is final year PhD student at the Ada Lovelace Lab- approaches are sought, which provide a bridge between theory and
oratory, University of Wales, BangorGwynedd. His research ex- practice and which are aimed at producing engineering methods,
plores the interfaces between the disciplinary experts who collabo- tools and metrics for all phases of software development.
rate to develop approaches to developing commercial software <sian@informatics.bangor.ac.uk>
development solutions, especially for distributed systems. Commu- Ifor Williams. After obtaining a degree in Computer Engineering
nication between these disciplinary domains, and the cooperative from the University of Manchester Ifor went on to gain a PhD for
solution of conflicting design problems, are the key areas of his in- research into computer architectures suitable for the efficient execu-
vestigation. His research goal is to contribute strategies, methods or tion of object-oriented applications. This work resulted in the design
algorithms for novel software tools to support the design process. of a machine (MUSHROOM) incorporating support for dynamic bind-
<r.g.gittins@informatics.bangor.ac.uk> ing, object-based virtual memory, efficient garbage collection and
Sian Hope is a senior lecturer at the School of Informatics, Uni- targeted as a high-performance Smalltalk platform. Later he spent
versity of Wales, Bangor. Research interests are focused on contrib- some time developing software for the medical diagnostics industry
uting to enhancement of the discipline of Software Engineering by using prescribed conventional development processes before join-
researching into practically applicable development methods which ing the rapidly changing.com world where XP proved to be invalu-
are firmly grounded on scientifically sound concepts. Fundamental able. <ifor.williams@securetrading.com>

INFORMATIK • INFORMATIQUE 2/2002 17


eXtreme Programming

sensitive to their developer environment, and to the cost of 3.3 Questionnaires


disruption that change would incur on staff and production. In an extensive questionnaire consideration was given to the
Secure Trading, had recently moved to larger offices. When “Rules and Practices” of XP. Questions targeted the software
research started, their involvement with XP consisted of some development process, XP practices, and both managerial and
intermittent attempts at “pairing” developers. Their move behavioural effectiveness. Behavioural questions were based
presented opportunities for improving “pairing” proficiency, upon Herzberg’s “Hygiene and Motivation Factors” [Herzberg
and the selective adoption of XP practices. 74]. Ample provision was provided for open comments on each
of the topics, and a developer floor plan provided for a respond-
3 Qualitative Research Work ent to suggest improvements to the work area. Repeating the
This research adopts some of the techniques historically questionnaire at three monthly intervals will help research and
developed in the Social Sciences [Gittins 02], ethnography, management by matching the maturing XP practices, as they
qualitative interviews and discourse analyses, an understand- progress, against developer responses.
ing of “grounded theory” was particularly important. Grounded
theory can provide help in situations where little is known 4 Rules and Practices
about a topic or problem area, or to generate new ideas in
settings that have become static or stale. Developed by Barney 4.1 Pair Programming
Glaser and Anselm Strauss [Glaser/Strauss 67] in the 60s, (See [Beck 00], [Beck/Fowler 00]) XP advances what has
grounded theory deals with the generation of theory from data. been reported for some time [Cockburn/Williams 02],
Researchers start with an area of interest, collect data, and [Williams/Kessler 00], [Williams et al. 00]; Two programmers
allow relevant ideas to develop. Rigid pre-conceived ideas are working together generate an increased volume of superior
seen to prevent the development of research. To capture rele- code, compared with the same two programmers working
vant data, qualitative research techniques are employed separately. Secure Trading management, discussed the imple-
[Gittins/Bass 02] that include the immersion of the researcher mentation of “Pairing” with the development team, who unan-
within the developer environment, qualitative data analyses, imously agreed to “buy-in” to the practice. The first question-
guided interviews, and questionnaires. naire showed some of the team were unhappy with pairing.
28% of developers preferred to work independently, 57%
3.1 Qualitative Data didn’t think they could work with everyone, and 57% stated
Qualitative evaluation allows the researcher to study selec- that pair programmers should spend on average 50% of their
tive issues in detail, without the pre-determined constraints of time alone. XP practices recommend no more than 25% of a
“categorised” analyses. The researcher is instrumental in the conditional 40-hour week be paired. Two developers summed
gathering of data from open-ended questions. Direct quotations up the team’s early attitude to pair programming: “I feel that
are the basic source of raw materials, revealing the respond- pair programming can be very taxing at times, although I can
ent’s depth of concern. This contrasts with the statistical see the benefits of doing it some of the time.”
features of quantitative methods, recognised by their encum- “Not everyone makes an ideal pair. It only really works if the
brance of predetermined procedures. pair is reasonably evenly matched. If one person is quiet, and
doesn’t contribute, their presence is wasted. Also, if a person is
3.2 Qualitative Interviews really disorganised and doesn’t work in a cooperative way, the
[Patton] suggests three basic approaches to collecting quali- frustration can (disturb) the other participant!”
tative data through interviews that are open-ended. The three Developers estimated that they spent approximately 30% of
approaches are distinguished by the extent to which the ques- their time pairing, with partner changes occurring only upon
tions are standardised and predetermined, each approach hav- task completion, changes being agreed and established ad hoc.
ing strengths and weaknesses, dependant upon the purpose of Frequent partner swapping, and partner mixing, commands
the interview: great merit in XP. Pairing practices matured with the introduc-
1) “Informal conversational” interviews, are a spontaneous tion of a team “Coach” and later a “Tracker” [Beck 00]. Main-
flow of questions where the subject may not realise that the tenance tasks were another problem which routinely disrupted
questions are being monitored. 2) The “General interview pairing. Here control was reviewed and tasks better ordered to
guide” approach, adopted extensively for this study, predeter- minimise this problem. In time, the impact of pairing activity
mines a set of issues to be explored. 3) The “Standardised upon developers will translate into evidence, returned in the
open-ended interview” pursues the subject through a set of periodic questionnaire reviews, and in the timeliness and
fixed questions that may be used on a number of occasions, quality of code produced.
with different subjects.
In a series of interviews, data was collected using “Informal 4.2 Planning Games
conversation” and verbatim transcripts taken from “General (See [Jeffries et al. 00]) Planning games were introduced
guided interviews”. soon after pairing practices were established. The “customer”
duly chooses between having more stories, requiring more
time; against a shorter release, with less scope. Customers are
not permitted to estimate story or task duration in XP and

18 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

developers are not permitted to choose story and task priority. tained ownership, estimation, as well as iteration and priority,
Where a story is too complex or uncertain to estimate, a which were displayed in columned format. On completion, the
“Spike” is created. Spike solutions provide answers to complex owner added the actual task duration. The information served
and risky stories. Secure Trading succeeded well in developing to improve personal proficiency in estimation and in providing
Planning games, utilising “Spike solutions” by logging a feedback towards establishing project “velocity” data, for fu-
“spike” as a fully referenced story to quickly attack the prob- ture Planning Game meetings.
lem, reducing a complex, inestimable story to a simple, and Stand-up meetings promote communication throughout the
easily understood, group of stories. Results were very effective; team. Secure Trading introduced this practice from day one. At
“spike solutions” proved easy to develop and derived estimates ten o’clock every morning, a meeting allowed everyone to
for completion proved consistently accurate. It was common briefly state (standing promotes brevity) their work for the day,
practice to have the essential elements of both iteration and and discuss problems arising from the previous days activity.
release Planning games combined into one meeting. This prac- Anyone was free to comment, offer advice or volunteer co-
tice worked for them in the context of the jobs they were plan- operation. The benefits of adopting stand-up meetings were far-
ning. reaching and seen by developers and management as an effec-
tive way to broadcast activities, share knowledge and encour-
4.3 Client On-site age collaboration amongst and between team members and
(See [Beck 00]) Secure Trading rarely had this luxury. When management. Secure Trading meetings tended to degrade when
required the “Client” role was undertaken by a client’s repre- reports migrated to topics of yesterday’s activity, rather than
sentative, co-opted from the Customer services department by those planned for the day. This activity persists and may remain
staff who had worked closely with the client and were able to or need to be resolved and modified as their particular brand of
accept that responsibility. Developer Manager: “The inclusion XP develops.
of a representative from Customer services has proven to be
hugely beneficial, providing immediate feedback of the 4.5 Simple Design
system’s successes and failures on a day-to-day basis.” Beck [Beck 00] summarises simple design in “Say every-
thing once and only once.” However a comment by one devel-
4.4 Communication oper interviewed revealed a common concern, “Sometimes, it
(See [Beck 00]) A great deal of attention is necessary in is a bit too simplistic, and issues seem to be avoided”. XP states
providing an XP environment in keeping with the practices to that it is important to produce a simple system quickly, and that
support XP. Key factors in communication are: the use of white “Small Releases” are necessary to gain feedback from the
boards, positioning and sharing of desk facilities to facilitate client. Secure Trading didn’t see themselves in a position to
pair programmers, “stand-up” meetings, developers “buying- implement this practice so early in their XP programme. XP
in” to the concepts of the “rules and practices” of XP, and allows companies to cherry-pick those practices they regard
“collective code ownership”. Interviews and questionnaires re- suitable for implementation, in the order they see fit.
vealed many areas of concern among developers. For example,
86% of developers disagreed that meetings were well organ- 4.6 Tests
ized; “Agreements at meetings are not set in concrete” and, Unit tests are written in XP before main code and give an
“Confidence is lost with meeting procedures, when agreed early and clear understanding of what the program must do.
action or tasks are later allowed to be interpreted freely by dif- This provides a more realistic scenario, as opposed to “after-
ferent parties.” Management were quick to address these con- the-code testing,” that could, for many reasons, neatly match
cerns by concentrating on the development of XP story card completed code. Time is saved both at the start of coding, and
practices. Developers were encouraged to agree, and finalise again at the end of development. Latent resistance to early unit
with the client, the task description and duration estimates at testing became manifest, when the perceived closeness of a
timely Planning Game meetings. Story cards were fully refer- deadline loomed. This activity is perhaps the hardest to imple-
enced and signed by the accepting developer, thereby becom- ment and requires commitment from developers. An early
ing the responsibility of the initiating developer until comple- questionnaire revealed that 71% of Secure Trading developers
tion. Only the responsible creator of a Card was authorized to regarded unit-testing practices in general to be “very poor”.
amend it. Developer Manager on early introduction of unit testing: “If
The use and placement of White boards is said to be an you already have a large complex system, it is difficult to deter-
essential supporting means of good communication in XP mine to what extent testing infrastructure is to be retrospective-
practices [Beck 00]. Mobile whiteboards were introduced by ly applied. This is the most difficult aspect in our experience.
Secure Trading soon after pair programming practices gained Starting from scratch it is much easier to make stories and code
momentum and used to record the story details agreed at testable.”
Planning Game meetings. At one point, story cards were
physically stuck to the boards in prioritised order with adjacent 4.7 Refactoring
notes written on the board. This proved unpopular and devel- (See [Fowler 99]). “The process of improving the code’s
oped into cards being retained but not stuck on the white board. structure while preserving its function.” The use and reuse of
Stories were written on the boards. Referenced stories con- old code is deemed costly, often because developers are afraid

INFORMATIK • INFORMATIQUE 2/2002 19


eXtreme Programming

they will break the software. XP indicates that refactoring allowed the research team to visit developer offices. Tension
throughout the project life cycle saves time and improves was evidently high. In these companies, “Risks” [Beck 00] are
quality. Refactoring reinforces simplicity by its action in keep- high, quality is compromised, communication difficult, and
ing code clean and reducing complexity. Secure Trading had control largely ineffective. There are other considerations when
not developed refactoring activities in line with XP at that time. starting from scratch; The Secure Trading developer manager
Many developers expressed concern with refactoring, more reflecting upon attempts at implementing XP in his early
commonly reported by traditional companies: “… with more projects stated: “One of the key “discoveries” has been the rel-
people, we could spend more time refactoring and improving ative ease to which XP has been employed on an all-new
the quality of our existing code base.” The questionnaire project, and the difficulty in applying XP retrospectively on an
revealed that 45% of developers considered refactoring sporad- established system.”
ic or very poor.
6 Conclusions
4.8 Collective Code Ownership A combination of qualitative and quantitative methods
(See [Beck 00], [Beck/Fowler 00]). This concept states has helped identify uncertainties in applying XP practices in a
“Every programmer improves any code anywhere in the system medium sized software development company. How particular-
at any time if they see the opportunity.” Collective code owner- ly one company interpreted and developed their brand of XP,
ship has many merits: It prevents complex code entering the moulded from their successes and failures. Successes in such
system, developed from the practice that anyone can look at areas as the use and development of “spike solutions”, and
code and simplify it. It may sound contentious, but XP Test Customer role-play within “Planning Game” activity, and from
procedures should prevent poor code entering the system. failures, as in developer reluctance to “buying-in” to “collec-
Collective Code Ownership also spreads knowledge of the tive code ownership”, and the difficulties of implementing the
system around the team. Secure Trading experienced growing practice of “simple design”, and in the use of “metaphors”.
pains in developing this principle, revealed by the comments of Partial success was seen in “Pair programming”, that having
two developers: “I have conflicting interests in collective code posed early problems, showed improvement in maturity. Future
ownership. I think it is very good when it works, but there are work will monitor the complex factors in the development of
times when some code I have written seems to just get worse XP within small and growing companies at various levels of
when others have been working on it.” maturity. By acknowledging the characteristic unsharp bound-
“I like the idea of collective code ownership, but in practice aries of qualitative data sets, future work will investigate the
I feel that I own, am responsible for, some bits of code.” From use of fuzzy logic for data analyses.
the traditional perspective of individual ownership, it will be
important to record how attitudes change, as XP practices Acknowledgement
mature. This paper acknowledges the funding and support of the EPSRC
(Award No. 99300131).
4.9 Metaphor
References
A metaphor in XP is a simple shared story to encompass and
[Beck 00]
explain what the application is “like”, communicating a mental K. Beck: “Extreme Programming Explained: Embrace change”.
image, so that everyone involved can grasp the essence of the Addison Wesley. 2000
project in a term universally understood. This may seem to be [Beck/Fowler 00]
a relatively easy, or lightweight, activity to adopt. However, the K. Beck and M. Fowler: “Planning Extreme Programming”. Ad-
dison Wesley 2000.
value of this practice was not immediately evident to develop-
[Cockburn/Williams 02]
ers, early difficulties developing and applying suitable meta- A. Cockburn and L. Williams: “The cost benefits of pairprogram-
phors were experienced and this practice was reluctantly aban- ming”.
doned for future consideration. http://members.aol.com/humansandt/papers/
pairprogrammingcostbene/pairprogrammingcostbene.htm.
[Fowler 99]
5 Companies Starting from Scratch
M. Fowler: “Refactoring: Improving the design of existing code”,
Long established and traditional companies, considering Addison Wesley. July 1999.
adopting XP, have, unlike Secure Trading, many more difficul- [Gittins 02]
ties to overcome. They mostly comprise traditional teams of R. G. Gittins: “Qualitative Research: An investigation into meth-
developers, who are comfortably established, working in small ods and concepts in qualitative research”. Technical Paper: via
http://www.sesi.informatics.bangor.ac.uk/english/home/
offices, in prohibitively cloistered environments. Management
research/technical-reports/sesi-020.htm
is often aware that legacy software in circulation is in the “own- [Gittins/Bass 02]
ership” of one or two heroic developers, at the cutting edge of R. G. Gittins and M. J. Bass: “Qualitative Research Fieldwork:
their business. Some teams were reported as badly under-per- An empirical study of software development in a small company,
forming and in some circumstances management had resorted using guided interview techniques”, Technical Paper: via http://
www.sesi.informatics.bangor.ac.uk/english/home/research/
to consultants to resolve their problems with no significant
technical-reports/sesi-021.htm
success reported. Often with great reluctance, management

20 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

[Glaser/Strauss 67] [Sharp et al. 99]


B. G. Glaser and A. L. Strauss: “The discovery of grounded the- H. Sharp, M. Woodman, F. Hovenden and H. Robinson: “The role
ory: strategies of qualitative research” Chicago: Aldine Publica- of ‘culture’ in successful software process improvement.”
tions. 1967 EUROMICRO:1999 Vol.2, p17.
[Herzberg 74] [Sharp et al. 00]
F. Herzberg: “Work and the Nature of Man”, Granada Publica- IEEE Computer Society. H. Sharp, H. Robinson and M. Wood-
tions Ltd.1974 man: “Software Engineering: Community and Culture”. IEEE
[Jeffries et al. 00] Software, Vol. 17, No.1, Jan /Feb2000
R. Jeffries, A. Anderson and C. Hendrickson: “Extreme Program- [Williams/Kessler 00]
ming Installed”. Addison Wesley 2000. L. A. Williams and R. R. Kessler: “All I Really Wanted to Know
[Patton] About Pair Programming I Learned in Kindergarten”. Communi-
M. Q. Patton: “Qualitative Evaluation and Research Methods” cations of the ACM. May 2000 Vol.43, No5.
(2nd Edit.). SAGE Publications [Williams et al. 00]
[Seaman 99] L. A. Williams, R. R. Kessler, W. Cunningham and R. Jeffries:
C. B. Seaman: “Qualitative methods in empirical studies of soft- “Strengthening the Case for PairProgramming”. IEEE Software,
ware engineering”, IEEE Transactions on Software Engineering, Vol. 17, No. 4: July/August,2000,pp19–25.
Vol.25 (4):557–572 Jul/Aug 99.

INFORMATIK • INFORMATIQUE 2/2002 21


eXtreme Programming

XP and Software Engineering: An Opinion


Luis Fernández Sanz

In this article, the author makes some reflections on certain specific aspects of eXtreme Programming as
described in Kent Beck’s book “eXtreme Programming explained. Embrace change”. The analysis presented
here is in relation to principles and techniques of software engineering.

Keywords: eXtreme Programming, XP, Software Engineer-


ing Luis Fernández Sanz received a degree in informatics engi-
neering from Technical University of Madrid in 1989 and a Ph. D.
degree in informatics from University of the Basque Country in
1 First contact
1997 (as well as an extraordinary mention for his doctoral thesis).
The first time I came across the term EXtreme Program- He is currently head of the department of programming and soft-
ming, my mind was immediately overrun with images of those ware engineering at Universidad Europea-CEES (Madrid). From
well known extreme sports: people who love danger and who 1992, he is the coordinator of the software engineering section of
spend their time skiing down impossible mountainsides, mak- Novática. He is author or coauthor of several books about soft-
ing bungee jumps, etc.1 Of course the expression was deliber- ware engineering and software measurement, as well as papers in
ately coined by Kent Beck to benefit from the fashion for this international journals and conferences. He is member of the Soft-
kind of sport in order to make a bigger splash on the IT scene. ware Quality Group of ATI and he has acted as chair of the VI
Perhaps the idea was also to suggest a world of “winners”, peo- Spanish Conference on Software Quality and Innovation organ-
ple who flirted with danger, who were always “cool” (another ised by ATI. He is a member of ATI and the Computer Society of
“in” word) whatever they did and who turned their back on con- the IEEE. <lufern@dpris.esi.uem.es>
vention. Regrettably, however, I discovered it was something
altogether simpler and less glamorous than the risk and adven-
ture of extreme sports2 but, fortunately, I did recognise the tre- erably something trendy) and who need constant attention to
mendous appeal of a new approach to software development. compensate for their inferiority complex, piped up that he knew
Curiosity naturally led me to seek out references on XP what XP was and waxed lyrical about how wonderful it all
where I could learn some more about it. Coincidentally, and at was3, subjectivity got the better of me.
the same time, I began to hear opinions from experienced But there is one thing I just cannot help doing: I can’t help
people; people who could never be accused of being narrow trying to find out for myself about the things which arouse my
minded. While some of them were drawn to this idea (although curiosity, and I will not take anyone else’s opinion as gospel. In
somewhat sceptical about its potential for becoming a common my quest for information about XP it was not hard for me to
practice), others pointed out in no uncertain terms the “mad- find various web sites (see the brief list at the end of this article)
ness” of expecting to achieve quality in software developed which contained a copious selection of documentation, links
using XP practices. I have been in this field long enough to and resources on the subject of eXtreme Programming. Of
experience several passing fads which claimed to be the cure of course, I had Beck’s classic book [Beck 00] in which he
all the ills besetting software development (of which there are explains the essence of XP. I even discovered the existence of
plenty), and high hopes were placed in all of them (mainly by monographic international congresses on XP with several
their mentors and supporters, sometimes with obvious com- editions already held. However something was worrying me. I
mercial interests at heart) in terms of their scope and life span. could see the same signs that I had seen before in some of the
There were many such trends and most passed away, although previous fads: a lot of words (albeit reasonable and attractive
it’s only fair to admit that some did make a contribution to cur- ones), a certain implicit assumption that XP is a dogma of faith
rent good practices. Which is why something told me that I (nobody doubted that its principles were properly justified)
could be looking at just another passing fad wrapped up in im- and, especially, a shortage of really reliable data and real life
pressive sounding terms. Even when a colleague, the type who experiences. In fact, a simple search involving direct consulta-
like to loudly proclaim any nonsense they have just learnt (pref- tions with famous “extremes” in the international arena always
resulted in the same response: at best some academic experi-
1. This “confession” may not seem so surprising when you read
McCormick’s article [McCormick 01]. 3. It goes without saying that he planned to reap all the benefits of
2. The truth is that, in terms of physical appearance, there is seldom XP straight away as his idea was to implement it immediately (as
any possible comparison between IT people and the extreme I write, I have had no reports that he has done anything, just like
sports community. on so many other occasions).

22 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

ments somewhat divorced for any professional reality, some fying the design (without making any extra effort with an eye
experience, but few projects (though there were some) with to the future), performing automated tests and accumulating a
specific data and much less any formal experiments. However, lot of practice in the modification of designs so as to lose the
my intention is not to put XP practitioners down in any way fear of making changes. In fact, a phrase has been coined which
with this: it is sadly only too common a state of affairs in the uses an analogy to sum up XP’s philosophy: “Driving is not
software world in any field4. However Chrysler’s famous C3 about getting the car going in the right direction. Driving is
project in which Beck applied XP practices for the first time is about constantly paying attention”. In this case, the driver is the
much talked about. customer with whom we should have a constant interaction. To
My main problem when it comes to expressing an opinion achieve this the customers’ directors have to be convinced that,
about XP is that I don’t have any first hand references: I have if they can’t free a person to attend to the developers constantly,
had no opportunity to apply XP in a project nor have I managed maybe their bet on the system under construction is not worth
to find colleagues in Spain who are practising it in a profession- making.
al environment. It’s true there are companies like IBM who From my point of view, it is especially satisfying that soft-
have given support to specific aspects of XP (for example, with ware tests (always the most hated and neglected part of a devel-
JUnit) and who have documentation on it. Other major compa- opment) are being given more importance and, it is also worth
nies like Sun give it some kind of exposure in their technical underlining that productivity in this area (and in others such as
documents, almost certainly because their marketing people coding) depend on the introduction of automated environ-
don’t want to miss out on the advertising draw it has (at least in ments. In my experience, generally speaking there tends to be
terms of the name and the frequency with which it crops up in practically no use of support tools in automated tests by organ-
publications). isations developing conventional software6. However, I am not
Anyway, after a careful reading of Beck’s book [Beck 00] sure if XP’s strategy concerning changes and design will
and with the inspiration of various documents taken from web always be appropriate. What I do like is the fact that emphasis
sites on XP and the occasional interesting article like Mc- is put on simplicity achieved through good design, since I
Cormick’s [McCormick 01], I would like to share some of my believe that all too often developers opt for code which “more
reflections with the readers. or less works” and take little time to consider what might be the
simplest and most understandable code to implement a func-
2 Reflections on XP from a Software Engineering tionality.
viewpoint XP also promotes certain interesting values of human team
One of the bases of XP is the technical promise which Beck and project management (as well as some technical aspects):
makes at the beginning of his book [Beck 00]. The problem lies communication, simplicity, feedback with the customer and
in the changes which have to be made in a software develop- courage when tackling the problems and challenges thrown up
ment. XP aims to minimise changes by concentrating only on by design. But, above all, what it proposes is a life cycle or
those changes which simplify code (which should be as simple process which is “lightweight” (as McCormick says [McCor-
as possible5) or which will facilitate the rest of the code. mick 01]) or agile. This fast process, which is a successor to the
Consequently, it is important to design without having to RAD concept and evolutionary prototyping, involves very fast
complicate the design in an attempt to cater for possible future iterations (releasing versions, builds or whatever we want to
expansions or increased functionality or performance. From call them) run at very frequent intervals: one a day or even
my point of view, this concern about change is laudable, though every few hours. This requires the tests to be very agile and
I am not so sure that it is always a good idea to ignore future highly organised, which is only possible if they can benefit
extensions for the sake of simplifying the design as much as from efficient and well organised automation.
possible. In this respect, the reasoning behind the approach to Each XP iteration involves:
projects is based on three variables: the scope of the project, the • A coding phase: code is the essential building block and the
quality and the cost. Beck’s rationale lays emphasis on the primordial aim of XP as a concise and precise communica-
maximum reduction of the scope of the project (that is, concen- tion vehicle, regardless of whether we work with visual
trating only on functionality and the features which are strictly environments or text editors or code generators.
necessary) to gain advantages in the other two variables. • An indispensable automated test phase. Personally I find it
Once the ground rules have been established for action, a very satisfying to see how in XP tests are not a torture but
great deal of what the developers do should be aimed at simpli- rather something which is more fun than programming.
They also help to lengthen software’s life span since they are
4. At the end of the day, I am influenced by my work on software an aid to efficient change management. The danger lies in
measurement which led up to my doctoral thesis (as well as an lowering the stringency level of the tests without establish-
extraordinary mention for my doctoral thesis), and to the publi- ing a clear tolerable error rate. One direct consequence of
shing of the first book in Spain on this subject, with the collabora-
tion of the outstanding researcher and professor Javier Dolado
(my thesis director), together with other eminent researchers from 6. In several surveys when giving training courses on software tests,
Spain and Great Britain, [Dolado/Fernández 00]. a significant percentage of the attendees admitted a very poor
5. Although as Einstein once said, “it should be as simple as possible level of automation and support environments, and also of test
but no simpler”. organisation and procedure.

INFORMATIK • INFORMATIQUE 2/2002 23


eXtreme Programming

this is the incorporation of test measurements: of code cov- somewhat rigid processes, the intellectual contributions made
erage and the like. This is a cause of some satisfaction for me by CMM [Paulk et al. 93], SPICE [ISO 98], etc. have been
given the current dearth of software development organisa- fundamental in bringing about a clear awareness that it is
tions which implement software measurement. necessary to organise the way we work, and that chaos can only
• A phase of active listening with the customer. As I said end in tears. It is vital that we do not lose what we have
earlier, this requires the almost full time dedication of one of achieved: the awareness (although the we may sometimes fail
the customer’s employees to manage and check customer to put it into practice) that a development process which is well
requirements. designed and well suited to the problem is fundamental if we
• A design phase to simplify and correct anything which isn’t want to prevent our projects from failing.
appropriate. Finally, although XP lays stress on effective communication,
While this simple review does not aim to match the detailed I can see a problem in the fact that it always insists on face to
descriptions to be found in other articles in this issue, perhaps face conversation. While a constant and face to face exchange
it may serve to comment on certain features of XP in relation of opinions on a project is a rare commodity in most conven-
to software engineering philosophy. However, there are a tional projects, it is nonetheless true that documentation is also
number of general considerations concerning XP’s applicabili- an important asset in the control of the project. In XP I under-
ty which I would like to include. stand that its orientation towards small projects with volatile
requirements encourages agility in personal verbal communi-
3 Some of my general reflections about XP cation. However, what happens in the case of personnel turno-
In Beck’s book he advocates multi-disciplinarity in IT ver? Or with problems of absences due to sickness or for other
personal. He proposes that we should forget distinctions reasons? It is true that XP’s idea of collective ownership of
between analysts, programmers and test personnel since XP’s code (everyone can know and change any part of an applica-
application requires development personnel to play various tion) means greater ease in handling personnel turnover but I
roles and be equipped to carry them out efficiently: everyone believe that we should never pass up the chance to have good
should take part in analysis, design, programming and tests. documentation so as to be able to understand and maintain an
From my point of view, this idea is very attractive to say the application. Later we can try to remember the content and
least. The rigid division of work often leads to a loss of effec- format of the documentation we think will be suitable for a
tiveness and efficiency in software development, regardless of project or an application (or we can even use automated docu-
any efforts made to improve teamwork. mentation tools). But, at the end of the day, documentation is
However, there is currently a very serious lack of profession- necessary, as well as code (the real instrument of communica-
als in information technologies, and for software development tion for exponents of XP).
in particular, in spite of the effect of the economic downturn on In this article, I hope I have been able to convey, to the limits
employment. In fact, there are studies by organisations such as of my knowledge of it (and having never attempted to apply it
Forrester Research [Forrester 01] which are already predicting in real projects), the idea that I have of XP. Naturally I am open
a recovery of the IT business for 2003, based on forecasts of ex- to any comments on my opinions.
penses made by corporate managers.
It would, however, be easier to get trained personnel to turn References
their hand to the agile processes of XP if a serious attempt were [Beck 00]
K. Beck, eXtreme Programming explained. Embrace change,
made to introduce the qualification or profession of software
Addison-Wesley, 2000.
engineer [Dolado 00], instead of just having a qualification in [Dolado 00]
computer science or, of course, just revamping other qualifica- J. J. Dolado, “El cuerpo de conocimiento de la Ingeniería del soft-
tions centred exclusively on the knowledge of programming ware” (Body of software engineering knowledge), Novática, no.
languages without a solid grounding in analysis, design and 148, November-December, 2000, pp56–59.
[Dolado/Fernández 00]
software testing. By this I do not mean that those who don’t
J. J. Dolado and L. Fernández (eds.), “Medición para la gestión
have a solid training in software engineering cannot contribute en la ingeniería del software” (Measurement for software engi-
their intelligence towards the correct application of the XP neering management), Ra-Ma, 2000.
philosophy. Of course, it is possible to train and coach people [Forrester 01]
in the use of XP but I find it hard to believe that this training Forrester Research, “End Predicted for IT Sector Slump”, 2001.
[ISO 98]
could be successful with people who lack a solid grounding in
ISO, ISO/IEC TR 15504-1998. Information technology. Soft-
software development. ware process assessment. Parts 1–9, International Organization
Another of the fears I harbour regarding XP is that it will for Standardization, 1998.
provide a great excuse for those who like to work in the devel- [McCormick 01]
opment process in a state of pure chaos. XP, as its own expo- M. McCormick, “Programming extremism”, Communications of
the ACM, Vol. 44, no. 6 June, 2001, pp199–201.
nents say, does not consist of relinquishing the notion of a
[Paulk et al. 93]
controlled process but rather it is merely the adoption of a strat- M. Paulk et al., Capability maturity model for software. Version
egy of simplification and agility in development work. In spite 1.1. Technical Report CMU/SEI-93-TR024, Software Engineer-
of the fact that, on occasions, work on models to improve proc- ing Institute, February, 1993.
esses have fallen into the error of establishing heavyweight and

24 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

XP in Complex Project Settings: Some Extensions


Martin Lippert, Stefan Roock, Henning Wolf and Heinz Züllighoven

XP has one weakness when it comes to complex application domains or difficult situations at the customer’s
organization: the customer role does not reflect the different interests, skills and forces with which we are
confronted in development projects. We propose splitting the customer role into a user and a client role. The
user role is concerned with domain knowledge; the client role defines the strategic or business goals of a
development project and controls its financial resources. It is the developers’ task to integrate users and
clients into a project that builds a system according to the users’ requirements, while at the same time attain
the goals set by the client. We present document types from the Tools & Materials approach
[Lilienthal/Züllighoven 97] which help developers to integrate users and clients into a software project. All
document types have been used successfully in a number of industrial projects together with the well-known
XP practices.

Keywords: XP, Management, Participation, User, Client, customer. This one role cannot address the different forces in a
Roles development project. The users of the future system know their
application domain in terms of tasks and concepts, but they
1 Context and Motivation rarely have an idea of what can be implemented using current
It was reported that one of the major problems of the C3 technologies. Moreover, it is often misleading to view the users
project was the mismatch between the goal donor and the gold of the future system as the goal donor. They are unfamiliar with
owner [Jeffries 00], [Fowler 00]. While the goal donor – the the strategic and business goals related to a project and, more
customer in the XP team – was satisfied with the project’s important, they do not control the money.
results, the gold owner – the management of the customer’s Therefore we make a distinction between the role of the user
organization – was not. It is our thesis that XP, in its current and the role of the client. The users have all the domain knowl-
form, fails to address the actual situation at the client’s organi- edge and therefore are the primary source for the application
zation in a suitable way. The main stakeholder, i.e. the users requirements. The client sets the goals of the development
and their management, are merged into a single role: the project from a business point of view. The client will only pay

Martin Lippert is a research assistant at the University of Ham- the book “Extreme Programming in Action”, which is due to be
burg and a professional software architect and consultant at APCON published by Wiley in July 2002. <roock@jwam.org>
Workplace Solutions. He has several years’ experience with XP Henning Wolf is software architect at APCON Workplace Solu-
techniques and XP project coaching for various domains and has tions in Hamburg.He is one of the original architects of the Java
given a number of talks, tutorials and demonstrations (e.g. ICSE, framework JWAM, supporting the Tools & Materials approach. His
XP, OOPSLA, ECOOP, HICSS, ICSTest and OOP). He is a member current interests are eXtreme Programming, architectures for multi-
of the XP 2002 program committee. Among his publications are ar- channelling applications and object-oriented technologies. Besides
ticles for “Extreme Programming Examined” and “Extreme Pro- publications on various software engineering topics he is co-author
gramming Perspectives” and he co-authored the book “Extreme of the book “Extreme Programming in Action”, which is due to be
Programming in Action”, which is due to be published by Wiley in published by Wiley in July 2002. <henning.wolf@itelligence.de>
July 2002. <lippert@acm.org> Heinz Züllighoven, graduated in Mathematics and German Lan-
Stefan Roock is software architect and consultant at APCON guage and Literature, holds a PhD in Computer Science. He is pro-
Workplace Solutions. He has solid project experiences with object- fessor at the Computer Science Department of the University of
oriented technologies, architectures and frameworks as well as with Hamburg and CEO of APCON Workplace Solutions Ltd. He is con-
XP. Among his current interests are evolution of frameworks and sulting industrial software development projects in the area of ob-
migration of applications, eXtreme Programming, large refactor- ject-oriented design, among which are several major banks. Heinz
ings and suitable organizational structures for cooperating XP Züllighoven is one of the leading authors of the object-oriented
teams. Stefan Roock has given a number of talks, tutorials and dem- Tools & Materials Approach. A Tools & Materials construction
onstrations (e.g. XP Conference, ECOOP, OOP and ICSTest) and handbook will be published by Morgan Kaufmann end of 2002.
co-organizes the XP 2002 workshop on testing techniques. Among Among his current research interests are object-oriented develop-
his publications are articles for “Extreme Programming Examined” ment strategies and the architecture of large industrial interactive
and “Extreme Programming Perspectives” and he is co-author of software systems. <zuelligh@informatik.uni-hamburg.de>

INFORMATIK • INFORMATIQUE 2/2002 25


eXtreme Programming

for a development project if these goals are met to a certain is therefore the first source of information when it comes to
degree. functional requirements.
We begin with a discussion of the roles in an XP project as The client role is not concerned with detailed domain knowl-
defined by Kent Beck. We then split up the customer role into edge or functional requirements. The client focuses on business
the user and the client role. These two roles change the situation needs, like reducing the organizational overhead of a depart-
of XP projects. While the user can be seen in a similar way to ment by 100,000 USD a year. Given this strategic background,
the XP customer, the client role requires more attention. We the client defines the goals of the software development project
address the new project situation by using two document types (“Reduce the organizational overhead of the loan department
geared to the client role: base lines and projects stages. We by 100,000 USD per year”) and supplies the money for the
show when and how to use these document types and discuss project. The client is thus the so-called goal donor and the gold
their relation to story cards and the Unified Process (UP). owner.
It is often not easy to reconcile the needs of users and clients
2 Roles in XP at the same time. What the users want may not be compatible
XP defines the following roles for a software develop- with the goals of the client. What we need, then, are dedicated
ment process [Beck 99]: instruments to deal with both roles.
• Programmer: The programmer writes source code for the
software system under development. This role is at the tech- 4 Story Cards and the Planning Game
nical heart of every XP project because it is responsible for We use story cards for the planning game, but we use
the main outcome of the project: the application system. them in a different way than in the “original” XP, and our
• Customer: The customer writes user stories which tell the planning game differs in some aspects, too. In our projects,
programmer what to program. “The programmer knows users or clients rarely write story cards themselves. They do not
how to program. The customer knows what to program” normally have the skills or the required “process knowledge” to
([Beck 99], pp. 142f). do so. Typically, we as developers write story cards based on
• Tester: The tester is responsible for helping customers select interviews with users and observations of their actual work
and write functional tests. On the other side, the tester runs situation. These story cards are reviewed by the users and the
all the tests again and again in order to create an updated client. The users must assess whether the implementation of the
picture of the project state. story cards will support them. They thus review the developers’
• Tracker: The tracker keeps track of all the numbers in a understanding of the application domain. The client decides
project. This role is familiar with the estimation reliability of which story cards to implement in the next development itera-
the team. Whoever plays this role knows the facts and tion, and with which priority. To avoid severe mismatches
records of the project and should be able to tell the team if between the interests of the users and client both parties are
they will finish the next iteration as planned or not. involved in the planning game. This means that users can artic-
• Coach: The coach is responsible for the development proc- ulate their interests and discuss with the client the priorities of
ess as a whole. The coach notices when the team is getting the story cards.
“off track” and puts it “back on track”. To do this, the coach Our experience here is clear: users and client will normally
must have a very profound knowledge and experience of XP. reach a compromise on their mutual interests. But whatever the
• Consultant: Whenever the XP team needs additional special outcome of the planning game is, the decision about what is to
knowledge they “hire” a consultant in possession of this be implemented next is made not by developers but by the
knowledge. The consultant transfers this knowledge to the client.
team members, enabling the team to solve the problem on If a project is complex, there will be an abundance of story
their own. cards. In this case it is difficult for users, clients and developers
• Big Boss: The big boss is the manager of the XP project and to get the overall picture from the story cards. For this type of
provides the resources for it. The big boss needs to have the project, we use two additional document types: project stages
general picture of the project, be familiar with the current and base lines. These are described in the next section.
project state and know if any interventions are needed to
ensure the project’s success. .
While XP addresses management of the software develop- Subgoal Realization When
ment aspects with the Big Boss role, it neglects the equivalent
Prototype with Web frontend Presentation of prototype for 31/3/00
of this role on the customer side. XP merges all customer roles is running users
into the customer role. We suggest splitting up the customer Prototype supports both Presentation of extended 16/5/00
role into two roles: user and client. Web and GUI frontend. prototype for users and client
First running system Pilot Web users use Web 30/8/00
3 The New User and Client Roles installed frontend.
The user is the domain expert which the XP team has to ... ... ...
support with the software system under development. The user

Figure 1: Example project stages

26 INFORMATIK • INFORMATIQUE 2/2002


eXtreme Programming

Who does what with What for How to check ing programs, exhibitions, project reviews and marketing
whom/ what presentations) being fixed when projects are established.
Roock Preparation of Interviews E-mail interview Unlike the increments produced during an XP iteration, the
interview guideline to team result of a project stage is not necessarily an installed system.
guideline
We always try to develop a system that can be installed and
Wolf, Lippert, Interview users First Interview protocols used as the result of every project stage, but we know that this
at pilot customer understanding of on the project server
application is not always feasible. In large projects or complex application
domain domains, developers need time to understand the application
... ... ... ... domain. During this period, developers may implement proto-
Roock Implement GUI Get feedback on Prototype types but rarely operative systems. We thus often have proto-
prototype the general acceptance tests are types as the result of early project stages. Another example here
handling from the OK; executable is the stepwise replacement of legacy systems. It is often appro-
users prototype is on
project server priate to integrate the new solution with the legacy system for
reasons of risk management. Project stages then produce sys-
Figure 2: Examples of base lines tems that can and will be used by users. But the project team
may also decide not to integrate the new solution with the leg-
acy system, perhaps because of the considerable effort required
5 Project Stages and Base Lines for legacy integration. In such cases, the project team will also
In projects with complex domains or large application produce installable increments, but it is clear that the incre-
systems, story cards may not be sufficient as a discussion basis ments will not be used in practice. Users are often reluctant to
for the planning game. In such cases, we need additional tech- use new systems until they offer at least the functionality of the
niques to get the overall picture – especially for the contingen- old system.
cies between the story cards. If one story cannot be developed Base lines are used to plan one project stage in detail. They
in the estimated period of time, it may be necessary to resched- do not focus on dates but rather define what has to be done, who
ule dependent stories. We may also need to divide the bulk of will do it and who will control the outcome in what way. Unlike
story cards in handy portions and make our planning more project stages, base lines are scheduled from the beginning to
transparent to the users and the client. We have therefore the end of the stage.
enhanced the planning game by selected document types of the In the base-lines table (for example, in Figure 2), we specify,
Tools & Material approach [Roock et al. 98]: base lines and who is responsible for what base line and what it is good for.
project stages. The last column contains a remark on how to check the result
We use project stages and base lines for project management of the base line. The base-lines table helps us to identify
and scheduling. A project stage defines which consistent and dependencies between different steps of the framework devel-
comprehensive components of the system should be available opment (see “What-for” column). The last three columns are
at what time covering which subgoal of the overall project. the most important ones for us. The first column is not that
Project stages are an important document type for communicat- important because everybody can, in principle, do everything
ing with users and clients. We use them to make development (as with story cards). However, it is important for us to know
progress more transparent by discussing the development plan how to check the results in order to get a good impression of the
and rescheduling it to meet users’ and client’s needs. Figure 2 project’s progress. The second and third columns contain indi-
shows an example of three project stages (taken from the cators for potential re-scheduling between the base lines and
JWAM framework development project). We specify at what also helps us to sort the story cards that are on a finer-grained
time we wish to reach which goal and what we have to do to level.
attain this goal. Typically, the project stages are scheduled The rows of the base-line table are often similar to story
backwards from the estimated project end to its beginning, cards, but base lines also include tasks to be done without story
most important external events and deadlines (vacations, train- cards. Examples are: organize a meeting, interview a user, etc.
The way project stages and base lines are actually used
depends on the type of development project
in hand. For small to medium-size projects,
we often use project stages, but no explicit
Extension level 5 Display (passive) Report System base lines. In these cases, we simply use the
Extension level 4 Model Computation story cards of the current project stage,
complementing them by additional task
Extension level 3 Model Control Measured Value Processing Material Tracking
cards. If the project is more complex (more
Extension level 2 Configuration Primary Data Handler Simulator Set Point Server developers, developers at different sites,
Extension level 1 Logging Telegram Handler etc.), we use explicit base lines in addition to
story cards. If the project is long-term we do
not define base lines for all project stages up
Figure 3: Example core system with extension levels front, but rather identify base lines for the

INFORMATIK • INFORMATIQUE 2/2002 27


eXtreme Programming

Protocol
impression of the whole system and can negotiate on the differ-
System Mill ent values and priorities (users’ needs, client’s goals, technical
Pacing constraints) in order to reach a compromise on the project’s
development schedule.
In addition, project stages are used to control the project’s
Plausibility Core System Control
progress and timelines relating to the overall plan.
(Signals) Demonstrator Station
Interface
7 Conclusion
We have discussed the roles in a XP project as defined by
Model Adaptation Kent Beck. Based on our experience, we split the XP customer
(Machine Learning) role into two roles: user and client. The user is the source of
application knowledge, while the client defines the project
Figure 4: Example core system with specialized systems
goals and supplies the money for the project. Both parties must
be integrated into the development project. We have shown
how this can be done with the help of modified story cards,
current and the next project stage. Since a project stage should projects stages, base lines and an adapted planning game.
not be longer than three months, we work on a detailed We do not suggest using all the presented new instruments
planning horizon of from three to six months. for every project. They should be used as part of an inventory
It is often a good idea to sketch the entire system as guideline or toolbox, together with the familiar techniques defined by XP.
for the project stages. We describe the concept of core system We then use the instruments required for the project in hand. If
and specialized systems in the next section in order to provide the project situation is not complex, we will not burden the
an application-oriented view of the system architecture. project with the additional roles and document types. But if the
application domain or the project is highly complex, the
6 System Architecture sketched extensions to XP will be worth while.
In line with the project stages, we divide the software Selection of the proper instruments from the toolbox may be
system into a core system with extension levels [Krabbel et al. difficult for the project team because we are not yet able to
96]. The core system is an operative part of the overall software provide detailed guidelines. Evaluating project experience to
system which addresses important domain-related needs. It is provide such guidelines for tool selection will be one of our
developed first and put into operation. Since the core system is future tasks.
usually still quite complex, it is subdivided into extension
levels which are built successively. An example of a core References
system with extension levels is shown in Figure 3 (taken from [Beck 99]
Kent Beck: eXtreme Programming Explained – Embrace
the domain of hot rolling mills). The upper extension levels use
Change. Addison-Wesley. 1999.
the functionality of the lower extension levels. This way, we get [Fowler 00]
an application-oriented structure that is useful for planning and Martin Fowler: The XP2000 conference.
scheduling. It is obvious that the lowest extension level must be <http://www.martinfowler.com/articles/xp2000.html>. 2000.
created first, followed by the next-higher one, and so on. [Jeffries 00]
Ron Jeffries: Extreme Programming – An Open Approach to
Specialized systems are separated from the core system.
Enterprise Development.
They add well-defined functionality. An example of a core <http://www.xprogramming.com/xpmag/>. 2000.
system with specialized systems is shown in Figure 4 (again [JWAM]
taken from the domain of hot rolling mills). The specialized The JWAM framework. <http://www.jwam.org/>
systems are drawn as circles. [Krabbel et al. 96]
A. Krabbel, S. Ratuski, I. Wetzel: Requirements Analysis of Joint
Since specialized systems only depend on the core and not
Tasks in Hospitals, Information systems Research seminar. In
vice versa, we can deliver an operative and useful core system Scandinavia: IRIS 19; proceedings, Lökeberg, Sweden, 10–13
very early on and get feedback from the users. In parallel, August, 1996. Bo Dahlbom et al. (eds.). – Gothenburg: Studies in
different software teams can build specialized systems. Adher- Informatics, Report 8, 1996. S. 733–750, 1996
ing to the one-way dependency of specialized systems, we [Lilienthal/Züllighoven 97]
C. Lilienthal and H. Züllighoven: Application-Oriented Usage
achieve a maximum of independence among the special
Quality, The Tools and Materials Approach, Interactions Maga-
systems. They can be created in any order or even in parallel. zine, CACM, October 1997
Obviously, the core system has to provide the basic functional- [Roock et al. 98]
ity for the whole system because it is the only way for the Roock, S., Wolf, H., Züllighoven, H., Frameworking, In: Niels
specialized systems to exchange information. The core system Jakob Buch, Jan Damsgaard, Lars Bo Eriksen, Jakob H. Iversen,
Peter Axel Nielsen (Eds.): IRIS 21 “Information Systems
will usually provide a set of basic communication mechanisms
Research in Collaboration with Industry”, Proceedings of the
allowing information transfer between different parts of the 21st Information Systems Research Seminar in Scandinavia,
overall system. 8–11 August 1998 at Saeby Soebad, Denmark, pp. 743–758,
The concept of core system and specialized systems can 1998
easily be used in the planning game. Users and client get an

28 INFORMATIK • INFORMATIQUE 2/2002


Mosaic

Informatik und Recht

Forensics

Ursula Sury

Begriffliches deren Verletzung mit Strafe ahnden. Dazu doch StGB Art. 110, 5. dass die Aufzeichnung
Ein neues Schlagwort ist aufgetaucht und gehören beispielsweise das unbefugte Ein- auf Bild- und Datenträgern der Schriftform
immer mehr in aller Munde: Forensics dringen in ein Datenverarbeitungssystem gleichgestellt ist, sofern sie demselben Zweck
Was ist damit gemeint? (StGB Art. 143bis), die Datenbeschädigung dient.
Forensics heisst “gerichtlich” oder “ge- (StGB Art. 144bis), der betrügerische Miss-
richtliches” und kommt vom lateinischen brauch einer Datenverarbeitungsanlage Forensics im Zivilrecht
Wort Forum, wahrscheinlich von Forum (StGB Art. 147), das Erschleichen einer Leis- Analoge Fragen wie im Strafrecht stellen
romanum. Das Forum romanum war nebst tung (auch einer Leistung, die eine Datenver- sich auch im Zivilrecht. So hat hier zwar nicht
Marktplatz auch der Platz, an dem Gericht arbeitungslage erbringt, StGB Art. 150), Her- der Staat, aber doch der Geschädigte dem
gehalten wurde. Heute gilt Forum als eine stellung und in Verkehr bringen von Schädiger nachzuweisen, dass er einen Scha-
(veraltete) Bezeichnung für Gerichtshof. Materialien zur unbefugten Entschlüsselung den zugefügt hat. Im ausservertraglichen Be-
Das Wort “forensisch” wird vor allem in codierter Angebote (StGB Art. 150b). reich, beispielsweise, wenn ein ehemaliger
Bezug auf spezifisches Expertenwissen ande- Bei diesen Straftatbeständen geschieht die Mitarbeiter oder die Konkurrenz mittels Ha-
rer Disziplinen, deren Kenntnisse für die Straftat im elektronischen Bereich, in Pro- cking Daten zerstört. Auch bei Vertragsverlet-
Urteilsfindung relevant sind, verwendet. So grammen, Datenbanken usw. Ob überhaupt zungen hat der Geschädigte dem ihn schädi-
spricht man von forensischer Medizin, der eine Straftat begangen wurde und ob diese, genden Vertragspartner zu beweisen, dass er
Gerichtsmedizin, die Fragen klärt, welches falls sie begangen wurde, dem Täter nachge- eine Vertragsverletzung begangen hat und er
die Todesursache ist, wann der Tod eingetre- wiesen werden kann, sind Fragen, mit wel- genau wegen dieser Vertragsverletzung zu
ten ist, ob die Leiche nach Todeseintritt noch chen sich Forensics beschäftigt. Dies ist eine Schaden gekommen ist. Mit der Digitalisie-
bewegt wurde, etc. Im Bereich der forensi- grosse Herausforderung für die Strafuntersu- rung unserer Gesellschaft, dem Abbilden und
schen Psychiatrie geht es um ähnliche Frage- chungsbehörde, denn selbstverständlich ist es Unterstützen unternehmerischer Prozesse mit
stellungen, wie, ob der Täter zur Zeit der Tat viel einfacher, festzustellen und auch nachzu- IT-Hilfsmitteln und dem Aufkommen von
zurechnungsfähig war, der Täter therapiefä- weisen, dass in ein Bijouteriegeschäft einge- B2B und B2C müssen immer mehr Sachver-
hig ist, usw. brochen wurde, als dass eine Datenbank ge- halte im elektronischen Bereich nachgewie-
Im Bereich der IT sind mit Forensics die hackt wurde. An dieser Stelle muss erwähnt sen werden, was verschiedene Vorkehrungen
Fragen verbunden, wie man Sachverhalte, die werden, dass gewisse der oben genannten technischer und organisatorischer Art be-
sich vorwiegend mittels elektronischer Hilfs- Straftatbestände nur dann erfüllt sein können, dingt.
mittel abspielen, nachvollziehen und vor Ge- wenn die Daten gegen unbefugten Zugriff
richt beweisen kann. Auch hier sind, wie bei besonders gesichert sind, so in StGB Art. 143, Fälschung oder Verfälschung?
forensischer Medizin oder forensischer Psy- 143bis und 147. Werden Sachverhalte mittels elektronischer
chiatrie, wieder nebst der Rechtswissenschaft Selbstverständlich gibt es auch viele andere Beweismittel, seien dies Urkunden oder
andere Disziplinen gefragt, wie insbesondere Straftatbestände, die mit elektronischen Hilfs-
die Technik oder die Betriebswirtschaftslehre, mitteln begangen werden können. Dazu gehö-
speziell Personalmanagement, Führung und ren beispielsweise Pornographie, Rassismus, Ursula Sury ist selbständige Rechtsan-
Organisation. In diesem Sinne kann man Nötigung, Erpressung, Urkundenfälschung wältin in Luzern und leitet den Fachhoch-
Forensics durchaus auch als einen Teilbereich etc. Hier ist das Schutzobjekt nicht ein IT-Ver- schul-Lehrgang Wirtschaftsinformatik an
der Hochschule für Wirtschaft HSW Lu-
der Security verstehen. mögenswert wie Daten, sondern es handelt zern der Fachhochschule Zentralschweiz
sich um traditionelle Straftatbestände, die und ist Dozentin für Informatikrecht an
Forensics im Strafrecht aber häufig mittels dieser neuen Medien be- verschiedenen Nachdiplomstudien, wel-
Im Strafrecht gibt es verschiedene Artikel, gangen werden. Was die Urkundenfälschung che am Institut für Wirtschaftsinformatik
der Hochschule durchgeführt werden.
welche Daten oder die Leistung, welche eine anbelangt, so muss noch erwähnt werden, Die Autorin ist hauptsächlich im Bereich
Datenverarbeitungsanlage erbringt, zum dass nach Strafgesetzbuch auch elektronische Informatikrecht, Datenschutz und Fran-
schützenswerten Rechtsgut erklären und Urkunden gefälscht werden können, sagt chising tätig.

INFORMATIK • INFORMATIQUE 2/2002 29


Mosaic

Augenscheinobjekte, nachgewiesen, stellt mitteln möglich sein, also mit forensischer Selbstbestimmung, welches mit Protokollie-
sich immer sofort die Frage der Echtheit. Im Technik und forensischen Managementfra- rungen von sämtlichen Bewegungen, Scan-
elektronischen Bereich sind Fälschungen gen. Im organisatorischen Bereich gehört ning von Adressen, der Aufbewahrung von
oder Verfälschungen mit relativ geringem dazu beispielsweise die sofortige Hinterle- Daten etc. häufig verletzt wird. Ein perfektes
Aufwand und ohne leichten Nachweis vorzu- gung des elektronischen Beweismittels bei Einhalten der Ansprüche von Forensics ver-
nehmen. Es ist schwieriger, einen auf Papier einem Notar, damit bewiesen werden kann, letzt somit den Datenschutz. Es gilt hier, einen
vorhandenen von Hand geschriebenen Vertrag dass zwischenzeitlich, d.h. seit der Hinterle- Mittelweg zu finden. Nach wie vor ist es
zu fälschen oder zu verfälschen, als ein nur gung, keine Manipulationen vorgenommen besser, mittels Prophylaxe im technischen
elektronisch vorhandenes Dokument. Der wurden resp. werden konnten. Für den Alltag Bereich und Averness möglichst viele Rechts-
Angeklagte im Strafrecht oder der Beklagte gehört sicher auch ein Backup-Verfahren mit verletzungen zu verhindern, damit es gar nie
im Zivilrecht wird denn auch sofort vorbrin- Auslagerung bei Dritten dazu, das hilft, die zu forensischen, also gerichtlichen Fragen
gen, dass Fälschungen vorliegen. Wer einen Chronologie von Abläufen zu beweisen. Im kommen kann.
Sachverhalt, sei dies im Strafprozess oder im technischen Bereich gehören die verschiede-
Zivilprozess, liquid beweisen will, muss also nen Verfahren der Protokollierung, beispiels- Fazit
nebst dem Beweis auch noch darlegen, dass weise von Logfiles, der Sichtbarmachung Forensics
dieser echt ist, also dass er nicht ge- oder ver- spezieller Speicherbereiche etc. dazu. • bedeutet gerichtliche Fragen der IT
fälscht wurde. Denn nur aufgrund so validier- • ist im Strafrecht und im Zivilrecht relevant
ter und somit valider Beweismitteln kann ein Illegale Sicherheiten • beschäftigt sich v.a. mit der Nachvollzieh-
Richter ein Urteil aussprechen. Mit der Ein- Unternehmungen, welche ein Maximum an barkeit und Beweisbarkeit von Sachverhal-
führung der digitalen Signatur und der hof- Vorkehrungen treffen, um die Nachvollzieh- ten
fentlich zukünftigen Standardisierung von barkeit und Beweisbarkeit von Sachverhalten Vergleichen Sie dazu auch in der Zeitschrift
Verschlüsselungstechniken sollte der Nach- in elektronischer Form sicherzustellen, laufen der schweizerischen Informatikorganisatio-
weis der Nichtverfälschbarkeit auch einfacher Gefahr, die gesetzlich geschützten Freiheiten nen “Aufbewahrung von Unterlagen in elek-
werden. ihrer Mitarbeiter, Kunden, Konkurrenten etc. tronischer Form?” U. Sury, 1/2001 sowie
Der Nachweis der Echtheit wird aber nur zu verletzen. Speziell geht es um den Daten- “Vertragsabschluss und digitale Signatur” U.
mit technischen und organisatorischen Hilfs- schutz, d.h. das Recht auf informationelle Sury, 2/2000.

Europäische Harmonisierung der Studienabschlüsse

Neuer Bachelor und Master in Wirtschaftsinformatik an der Universität Fribourg

Die Wirtschafts- und Sozialwissenschaftli- Rechtswissenschaftliche und die Wirtschafts- kommunikationsmanagement. Ein Novum
che Fakultät der Universität Fribourg stellt und Sozialwissenschaftliche Fakultät einige bildet die teambasierte Sprachausbildung in
ihre bisherigen Studiengänge auf das Bache- Studiengänge auf das Bachelor- und Master- Deutsch resp. Französisch sowie in Facheng-
lor- und Mastersystem um. Gleichzeitig wer- system um. Nach einem dreijährigen Studium lisch. Damit soll das Sprachvokabular und die
den ab Herbst 2002 zwei neue Abschlüsse wird neu der Bachelorabschluss angeboten, Sprachkompetenz für die Wirtschaftswissen-
angeboten, nämlich ein “Bachelor of Arts in bevor ein ein- bis zweijähriges Masterstudi- schaften vermittelt und die wissenschaftliche
Information Systems” und ein “Master of Arts um in Angriff genommen werden kann. Im Diskussion gefördert werden.
in Information Management”. Gegensatz zum Bachelorstudiengang ist der Das Masterstudium in Wirtschaftsinforma-
Mit der Unterzeichnung der Bologna- Master mehr auf die aktuelle Forschung aus- tik ist eine anspruchsvolle Vertiefungsrich-
Deklaration im Juni 1999 hat der Bund die gerichtet und soll unter anderem den Einstieg tung. Da an der Universität Fribourg die
politische Absicht bekundet, die Ziele der in ein Doktoratsstudium ermöglichen. Themen Informations- und Telekommunika-
europäischen Reform zur Einführung von An der Universität Fribourg sind zwei neu- tionsmanagement, Supply Chain Manage-
Bachelor- und Masterstudiengängen mitzu- artige Studiengänge in Wirtschaftsinformatik ment und Electronic Business einen hohen
tragen und in der Schweiz umzusetzen. Die konzipiert worden, ein “Bachelor of Arts in Stellenwert geniessen, bilden sie den Schwer-
wichtigsten Anliegen dieser Erklärung sind Information Systems” und ein “Master of Arts punkt im obligatorischen Teil. Der fakultative
die Harmonisierung der Studienstrukturen in in Information Management”: Teil kann aus dem breiten Angebot der Wirt-
Europa, die Verbesserung der Studienaner- Der Bachelorstudiengang vermittelt den schaftsinformatik, der Betriebs- und Volks-
kennung, die Intensivierung der Mobilität und Studierenden die Grundlagen in Wirtschafts- wirtschaft und der Informatik ausgewählt
die Förderung der europäischen Zusammen- informatik und Betriebswirtschaft, neben werden. Neben der Vertiefung der wissen-
arbeit in Fragen der Qualitätssicherung. Nicht quantitativen Fächern und Methodenwissen. schaftlichen Methoden müssen die Studieren-
zuletzt soll damit auch die Wettbewerbsfähig- Themenschwerpunkte in Wirtschaftsinforma- den auch ein dreimonatiges Praktikum absol-
keit der europäischen Universitäten im inter- tik sind auf dieser Stufe: Programmierspra- vieren. Dieses wird als Projekt konzipiert und
nationalen Umfeld erhalten bleiben resp. chen und Softwareentwicklung, Projektma- von einer Forschungseinheit begleitet.
verbessert werden. nagement, Informationssysteme im Web, Der Bachelor in Information Systems eröff-
An der Universität Fribourg stellen die Datenbanksysteme und Entscheidungsunter- net den Absolventen anspruchsvolle Tätigkei-
Mathematisch-Naturwissenschaftliche, die stützung, Sicherheit, Informations- und Tele- ten bei der Nutzung von Informations- und

30 INFORMATIK • INFORMATIQUE 2/2002


Mosaic

Kommunikationssystemen. Mit dem an- Die Wirtschaftsinformatik ist ein junges Zweisprachigkeit der Region Fribourg ist es
schliessenden Master in Information Manage- und dynamisches Fachgebiet, das sich mit möglich, Fächer sowohl in Deutsch wie in
ment wird die Informatikkompetenz mit einer dem raschen Wandel in der Informationstech- Französisch zu belegen und damit einen zwei-
Führungsqualifikation ergänzt und das wis- nologie und in den Wirtschaftswissenschaften sprachigen Bachelor oder Master zu erlangen.
senschaftliche Arbeiten im Team erprobt. Die weiterentwickelt. Acht Professoren der Wirt- Die Universität Fribourg ist die einzige in
Seminar- und Studienarbeiten sowie das obli- schaftsinformatik resp. der Informatik und Westeuropa, die einen solchen Doppelab-
gatorische Praktikum werden in enger Zu- über dreissig Assistierende helfen mit, die schluss anbieten kann.
sammenarbeit mit Firmen und Organisatio- Studiengänge attraktiv und das Betreuungs- Andreas Meier, Fribourg, 14.1.02
nen vergeben. verhältnis persönlich zu gestalten. Dank der

Architekten der Informationsgesellschaft

Interview mit Andreas Meier, Professor für Wirtschaftsinformatik und Vizedekan der Wirtschafts- und Sozial-
wissenschaftlichen Fakultät der Universität Fribourg.

Meier zeigt auf, weshalb ein Studium in Fachkompetenz in Wirtschaftsinformatik ver- Frage: Finden diplomierte Wirtschaftsinfor-
Wirtschafts-informatik an der Universität Fri- mitteln wir den Studierenden Methoden- und matiker attraktive Jobs in der Praxis?
bourg attraktiv ist. Dabei erwähnt er, dass der Sozialkompetenz. Andreas Meier: Bei den Studien-, Bache-
Übungsteil während des Studiums praxisbe- lor- und Masterprojekten arbeiten wir mit
zogen ist und dass das Masterstudium ein Frage: Können Sie an einem Beispiel illust- namhaften Firmen und Organisationen zu-
obligatorisches Praktikum beinhaltet. So fin- rieren, wie Sie die Studierenden über das sammen. Solche Arbeiten bilden ein Sprung-
den die Studierenden schon früh Kontakt zu Fachwissen hinaus fördern? brett in die Praxis. Zudem sind rechnerge-
einem möglichen Arbeitgeber. Andreas Meier: Zukunftsgerichtete Infor- stützte Informationssysteme heute im
matiklösungen können nur im Team entwi- Wirtschaftsleben nicht mehr wegzudenken.
Frage: Weshalb empfehlen Sie jungen Leuten ckelt werden. Deshalb organisieren wir den Ein Absolvent kann deshalb unter verschiede-
ein Studium in Wirtschaftsinformatik? Genügt Übungsteil vorwiegend in Gruppen, mit pra- nen Angeboten, teils verbunden mit einem
es nicht, wenn man den PC gebrauchen kann? xisbezogenen Fallstudien. Zudem müssen die Auslandaufenthalt, aussuchen.
Andreas Meier: Nein, im heutigen Wirt- Studierenden beim Masterstudium ein Prakti-
schaftsleben genügt das längst nicht mehr! Es kum auf dem Gebiet ihrer Vertiefungsrichtung Frage: Weshalb ist Fribourg für ein Studium
braucht qualifizierte Leute, die über den PC absolvieren. Im Grundlagenteil für Wirt- in Wirtschaftsinformatik geeignet?
hinaus verstehen, was die Anforderungen an schaftsinformatik beispielsweise realisieren Andreas Meier: Das Departement für Infor-
ein Informationssystem sind und wie ein sol- drei bis fünf Studenten einen Webauftritt für matik wurde bereits in den fünfziger Jahren
ches System für bessere Entscheidungen ein Fribourger Reisebüro. Diese mehrwöchi- gegründet und verfügt über eine grosse Tradi-
genutzt werden kann. Insbesondere kennen ge Arbeit umfasst die Recherche im Internet, tion. Acht Professoren mit ihren Forschungs-
die Wirtschaftsinformatiker und Wirtschafts- den Entwurf einer Website, die Implementie- gruppen arbeiten auf dem Gebiet Sicherheit
informatikerinnen das Potenzial des Internet, rung und das Einbinden von internationalen und Kryptographie, interaktive Systeme, Da-
sei es für firmeninterne Abläufe und für Datenbanken aus der Reisebranche. tenbanken, Internet und rechnergestütztes
firmenübergreifende Geschäftsprozesse. Lernen, Electronic Business und entschei-
Frage: Welchen Nutzen ziehen die Studieren- dungs-unterstützende Systeme. Als fakultäts-
Frage: Wie sieht das Wirtschaftsinformatik- den aus diesen teamorientierten Arbeiten? übergreifendes Departement pflegen wir in-
studium an der Universität in Fribourg aus? Andreas Meier: Neben der fachlichen Her- nerhalb und ausserhalb der Universität
Und welche Kompetenzen kann man sich ausforderung lernen sie frühzeitig, welches Kontakte. Und nicht zu vergessen: We speak
während des Bachelor- und Masterstudiums Potenzial in der Teamarbeit steckt. Natürlich German, French and Java!
aneignen? müssen dabei Konflikte in der Zusammenar- Über das Wirtschaftsinformatikstudium an
Andreas Meier: Im Bachelorstudium wer- beit überwunden werden. Damit das Projekt- der Universität Fribourg erhalten Sie nähere
den die Grundlagen der Betriebswirtschaft ziel nicht gefährdet wird, geben wir Unter- Auskünfte beim Departement für Informatik,
vermittelt, neben einer fundierten Einführung stützung bezüglich der Planung und Rue Faucigny 2, 1700 Fribourg, Tel. 026 300
in die Informatik. Das Masterstudium hat die Organisation von Gruppenarbeit. Projektma- 83 22, e-Mail iiuf-secr-rm@unifr.ch, Website
Schwerpunkte Informations- und Kommuni- nagement begreift man erst, wenn man im http://www.unifr.ch/economics.
kationsmanagement, Supply Chain Manage- Team eine herausfordernde Aufgabe angeht.
ment sowie Electronic Business. Neben

INFORMATIK • INFORMATIQUE 2/2002 31


Mosaic

IT-Security darf nichts kosten!

Björn Kanebog
In vielen Firmen in welchen die IT nicht denden Personen- und Sachen müssen ge- “Das US-Verteidigungsministerium hat
zum Kerngeschäft gehört wird das IT-Budget schützt werden. den öffentlichen Zugang zu ihren Websites am
vielfach sehr stark wenn nicht gar ganz Ebenso darf nicht vergessen werden, dass Montag (23.07.2001) zur Abwehr des Compu-
gekürzt. Der Bereich IT-Security darf dann jede Firma sehr daran interessiert sein muss, terviruses namens Code Red vorübergehend
schon gar nichts kosten. Oft installieren ihr Image zu erhöhen um damit u.a. den geschlossen. Oberstleutnant Catherine Ab-
Firmen ein Tool, z.B ein Antivirenprogramm Bekanntheitsgrad ihres Firmennamens ihrer bott erklärt, dass die Web-Sites erst wieder
und denken dass dann schon genug für Secu- Produkte und Dienstleistungen zu erhöhen; zugänglich sein werden, wenn keine Gefahr
rity gemacht wurde. An regelmässige Updates was schlussendlich in einem höheren Umsatz mehr durch den Virus besteht”.
der Signaturdateien oder Schulung der Mitar- für die Firmen resultieren soll. Einen “guten Angriffe auf das Image (Hacker knacken
beiter oder gar an ein Antivirenkonzept, wel- Namen” zu erreichen dauert sehr lange und Daten der Teilnehmer des WEF in Davos)
ches das Thema Viren und die korrekte Hand- kostet viel Aufwand. Ihn zu zerstören geht “Hacker haben vertrauliche Daten (Kredit-
habung dieser Thematik beschreibt wird in jedoch sehr schnell und kann mit wenig kartennummern, Passwörter, private Telefon-
den seltensten Fällen gedacht. Eben, IT-Secu- Aufwand erreicht werden. und Handy-Nummern von Teilnehmern des
rity darf nichts kosten. Bei den obgenannten zu schützenden Weltwirtschaftsforums (WEF) in Davos ge-
Auch wenn genügend Budget für IT-Secu- Firmenwerten spielt es also grundsätzlich knackt. Die Hacker hatten einen WEF-Server
rity vorhanden ist; so wird dieser Betrag dann keine Rolle ob eine Firma IT einsetzt oder geknackt, auf dem die vertraulichen Daten
meistens nur für irgendwelche Security-Tools nicht. Vor Jahrzehnten oder gar vor Jahrhun- der Teilnehmer des Treffens gespeichert
ausgegeben. In vielen Köpfen hält sich derten schon wurden die obgenannten Werte waren”.
hartnäckig der Glaube dass ein Tool (Antivi- angegriffen. Der Einsatz von IT und die
renprogramm, Firewall, etc.) alleine des Rät- Anbindung einer Firma ans Internet erhöhen Situation der Firmen bezüglich Security
sels Lösung ist. Die ganze Organisation, der die Möglichkeiten eines Angreifers erheblich. Geeignete und wirkungsvolle Schutzmass-
ganze Bereich IT-Security Management, die Ebenso werden die Angriffsversuche jetzt aus nahmen erfordern einen sehr hohen Aufwand
personellen und organisatorischen Aspekte grosser Distanz (über Kontinente) und auto- sowohl technisch, personell sowie auch orga-
werden oft gar nicht berücksichtigt. Nur, ohne matisierbar möglich. Musste früher jemand nisatorisch. Dazu wird auch sehr viel Know
die Mitarbeit der Menschen in einer Firma um eine Bank um ihr Geld zu erleichtern How benötigt. Eine Firma muss um
gibt es keine Security bewaffnet in das jeweilige Bankgebäude wirkungsvolle Schutzmassnahmen zu imple-
IT-Security wird in vielen Firmen so ge- eindringen; so könnte heutzutage ein “Bank- mentieren, zu unterhalten und auf dem neues-
handhabt als würden bei ihrem Firmengebäu- räuber” eine nicht IT-mässig gesicherte Bank ten Stand zu halten hochqualifizierte Securi-
de sämtliche Türen und Fenster 24 Stunden bequem von zu Hause um ihr Geld erleich- ty-Spezialisten beschäftigen. Security kann
während 365 Tagen offen gelassen und es tern. Beispiele von Angriffen auf die zu schüt- nicht mit einmaligem Installieren eines Tools
würde keinen interessieren ob und wer in das zenden Firmenwerte gibt es zuhauf: als erledigt betrachtet werden. Es braucht
Firmengebäude hinein oder herausgeht und Angriffe auf Informationen (ECHELON) vielmehr auch einen Paradigmawechsel in
was dort eigentlich gemacht wird. “In dem vorläufigen Bericht des nichtstän- einer Firma welcher bei der Firmenleitung
Wie sieht die allgemeine Lage aus? Durch digen Ausschusses des Europäischen Parla- anfangen muss und sich dann durch die ganze
die Anbindung an das Internet ergeben sich ments wird bestätigt, dass es das globale Firma hindurchzieht. Das IT-Sicherheits-
für den Kunden und für die jeweilige Firma Lauschsystem Echelon gibt, das von den Management ist in diesem Zusammenhang
diverse neue Möglichkeiten wie z.B. Online- Geheimdiensten der USA, Kanadas, Gross- mit einem nicht zu unterschätzenden Auf-
Shopping, Electronic Banking, Firmenport- britanniens, Australiens und Neuseelands wand verbunden.
rait und Produkteangebot im Internet, Pro- betrieben wird, aber wahrscheinlich nicht In der Presse konnte man vom Vorhaben
duktesupport im Internet etc. Vieles wird dank mehr unter diesem Namen läuft. Gesagt wird “Project Anlehnet lesen. Dieses Projekt
dem “Internet” schneller und komfortabler. allerdings auch, dass dessen Kapazitäten wurde aufgesetzt um u.a. die Anzahl der
Jede Medaille hat aber auch eine Kehrseite: überschätzt wurden, vor allem was das Abhö- Zugriffsversuche, Attacken und “exploits” auf
der Einsatz des “Internets” bringt nicht nur ren der Internetkommunikation angeht, und dieses Netzwerk mit seinen diversen Compu-
Vorteile und neue Möglichkeiten sondern dass man keinen Beweis für Wirtschaftsspio- tersystemen festzustellen. In diesem Netz-
bringt auch neue (elektronisch und automa- nage gefunden habe. Duncan Campbell, des-
tisch durchführbare) Gefahren wie Denial of sen Berichte die Diskussion über Echelon
Service (DoS), Daten-Diebstahl, -Modifikati- ausgelöst haben, weist allerdings in den jetzt
Angreifer:
on und Zerstörung mit sich. exklusiv von Telepolis veröffentlichten Doku-
Aber Firmenwerte müssen geschützt wer- menten darauf hin, dass es dafür unüberseh- Hacker
den. Grundsätzlich muss jede Firma ihre bare Hinweise gibt”. Sicherheit
Firmenwerte schützen; denn Informationen In den letzten Jahren wurden jedoch Hin- Viren
sind in allen Firmen ein sehr wertvolles Gut. weise auf diverse Patentanmeldungen der Cracker
Zu schützende Firmenwerte:
Darunter fallen z.B. Firmenstrategien, Ge- NSA veröffentlicht, die darauf schliessen • Information
schäftszahlen, Erfindungen, Kundeninforma- lassen, dass hier erheblich mehr getan wird, Konkurrenten • Environment
• Image
tionen etc. als allgemein befürchtet.
Etc.
Auch das Environment einer Firma, sprich Angriffe auf das Environment (Computer-
das Gebäude und auch alle sich darin befin- virus Code Red)
Bild 1

32 INFORMATIK • INFORMATIQUE 2/2002


Mosaic

werk waren weder wichtige Produktionssys- Informieren der Kundenmitarbeiter über die anzuwenden- Durchführen einer jährlichen Bestandsinventur und
teme, noch wurden Hacker dazu ermuntert den IT-Sicherheitsprozeduren, wie z.B. Anmeldeprozedu- -abstimmung für die vorhandenen Portable Storage Media
dieses Netzwerk anzugreifen. Die Anzahl und ren, Prozeduren für die Verwendung von Passwörtern und unter der Outsourcing-Provider IT-Sicherheitskontrolle.
den Einsatz von Anti-Virus-Programmen sowie Prozedu- Informieren des zuständigen Managements beim Kunden
die Art aller dieser unerlaubten Angriffe auf
ren zur Gewährleistung der Daten- und Gerätesicherheit. und beim Outsourcing-Provider, wenn dabei Fehler fest-
dieses Netzwerk zeigt, dass wenn wir im gestellt wurden.
Überprüfen der Änderungsempfehlungen des Outsour-
Internet präsent sind, sehr vielen Angriffs-
cers zu den IT-Sicherheitsrichtlinien, -standards und -pro- Bereinigung der bei der jährlichen Bestandsinventur der
Gefahren ausgesetzt sind. Speziell gilt dies zeduren des Kunden. Der Kunde entscheidet über die Portable Storage Media unter der Outsourcing-Provider
natürlich für Firmen welche wichtige Produk- Empfehlungen und vereinbart mit dem Outsourcing-Provi- IT-Sicherheitskontrolle festgestellten Diskrepanzen und
tionssysteme und Informationen in ihrem der das weitere Vorgehen. Information des Kunden.
Netzwerk haben. Die neuesten Aktivitäten Erarbeiten eines Kapitels “IT-Sicherheitsmassnahmen” im Implementieren von Massnahmen zur wirkungsvollen
wie z.B. der Wurm “Code Red” belegen das Betriebshandbuch. Beseitigung von Restdaten auf Portable Storage Media
wieder einmal sehr deutlich. Pflegen des Kapitels “IT-Sicherheitsmassnahmen” im vor deren Entsorgung oder deren Wiederverwendung,
Betriebshandbuch. ausgenommen der Wiederverwendung beim Kunden.
Outsourcing-Kompetenz Der Kunde stellt sicher, dass zu einem vom Sicherheitsbe-
Ein Outsourcing-Unternehmen kann den auftragten des Outsourcing-Providers festzulegenden Logische Zugriffskontrolle
obgenannten technischen, personellen und Zeitpunkt die von dem Outsourcing-Provider übernomme- Installieren und Pflegen der Zugriffskontrollsoftware,
organisatorischen Aufwand im Bereich Secu- nen Mitarbeiter über die erforderlichen Benutzer Berechti- sofern der Outsourcing-Provider dies für notwendig erach-
rity auf mehrere Kunden verteilen. Für die gungen verfügen. Der Outsourcing-Provider ist über alle tet.
Änderungen zu informieren. • Vorhandene Software
Einrichtung und Pflege werden nicht einzelne
Informieren des Outsourcing-Providers über geplante • Neue Software (inkl. Erweiterungen)
Mitarbeiter, sondern Teams eingesetzt. Mit
Änderungen der IT-Sicherheitsrichtlinien, -standards und Implementieren der Funktionen und Merkmale der
den Hardware- und Software- Lieferanten
-prozeduren des Kunden vor deren Implementierung. Zugriffskontrollsoftware, in Übereinstimmung mit den im
werden üblicherweise Wartungsverträge ge-
Überprüfung, ob die tatsächlich implementierten IT- Betriebshandbuch definierten IT-Standards und –prozedu-
schlossen. So kann den Kunden professionel- ren.
Sicherheitsmassnahmen mit den in diesem Dokument
le Sicherheit zu einem vergleichsweise güns- und dem Betriebshandbuch festgelegten IT-Sicherheits- Implementieren der Funktionen und Merkmale des unter-
tigen Preis angeboten werden. Der massnahmen übereinstimmen. stützten Betriebssystems, in Übereinstimmung mit den im
Sicherheitsstandard beim Outsourcing ist in Betriebshandbuch definierten IT-Standards und –prozedu-
der Regel deutlich höher, als einzelne Firmen Physische Sicherheit ren.
es sich sonst leisten könnten oder würden. Festlegung der Sicherheitseinstellungen für Betriebssys-
Bereitstellen physischer IT-Sicherheitsmassnahmen für
die Einrichtungen des Kunden. temressourcen (OSRs) im Betriebshandbuch.
IT-Sicherheitsmassnahmen im Implementieren der definierten Sicherheitseinstellungen
Bereitstellen physischer IT-Sicherheitsmassnahmen für
Outsourcing Einrichtungen des Outsourcing-Providers. für die Betriebssystemressourcen (OSRs) über die
Für den Kunden wird individuell vom Out- Zugriffskontrollsoftware.
Physische Beschränkung des Zugangs zu den unter dem
sourcing-Provider ein Lösungsvorschlag Outsourcing-Provider IT-Sicherheitskontrolle stehenden Detaillierte Bezeichnung und Übergabe folgender Kunde-
ausgearbeitet. Der Outsourcing-Provider soll- Datenverarbeitungsbereichen auf autorisierte Personen. ninformation an den Outsourcing-Provider:
te mit dem Kunden bei den folgenden IT- • in den Einrichtungen des Kunden • Kriterien des Kunden für die Klassifizierung und Kon-
trolle von Daten
Sicherheitsmassnahmen definieren ob diese • in den Einrichtungen des Outsourcing-Providers
• Datensicherheitsanforderungen und deren Handhabung
vom Kunden oder vom Outsourcing-Provider Regelmässige Überprüfung der physischen Zutrittskont- • Datenverschlüsselungsanforderungen
wahrgenommen werden sollen. Natürlich rollmassnahmen für die unter dem Outsourcing-Provider
IT-Sicherheitskontrolle stehenden Datenverarbeitungs- Sicherheitsanforderungen für den Zugriff auf die Applikati-
besteht auch die Möglichkeit sämtliche IT- onsressourcen über das Zugriffskontrollsystem.
bereiche sowie die Überprüfung von Zugangsprotokollen
Sicherheitsmassnahmen aus einer Hand zu • Definieren
auf ungewöhnliche Ereignisse
beziehen. • in den Einrichtungen des Kunden • Implementieren
Der Outsourcing-Provider sollte die fol- • in den Einrichtungen des Outsourcing-Providers Sicherheitsanforderungen für die Endbenutzerdaten auf
genden IT-Sicherheitsmassnahmen in seinem Physische Beschränkung des Zugangs auf autorisierte, im Servern über das Zugriffskontrollsystem.
Angebot haben und diese dem Kunden auch Betriebshandbuch namentlich festgehaltene Personen zu • Definieren
anbieten resp. den Kunden diesbezüglich unter dem Outsourcing-Provider IT-Sicherheitsverantwor- • Implementieren
beraten können: tung stehenden LAN-Servern und IT-Infrastruktur in den Bereitstellen und Unterstützen von einzusetzenden Ver-
Einrichtungen des Kunden. schlüsselungsprodukten gemäss Outsourcing-Vertrag
IT-Sicherheits-Management Physische Beschränkung des Zugangs auf autorisierte (Hardware und/oder Software).
Personen zu unter dem Outsourcing-Provider IT-Sicher- Verwaltung der kryptographischen Schlüssel und deren
Benennen eines Sicherheitsbeauftragten für das IT-
heitsverantwortung stehenden LAN-Servern und IT-Infra- Verteilung.
Sicherheits-Management.
struktur in den Einrichtungen des Outsourcing-Providers. Vor der Übernahme der IT-Sicherheitsverantwortung
Übergabe der aktuellen IT-Sicherheitsrichtlinien, -stan-
Implementieren von Massnahmen zum Schutz der von durch den Outsourcing-Provider, Durchführung einer
dards und -prozeduren sowie allfälliger Prüfunterlagen
dem Outsourcing-Provider kontrollierten Druckausgaben Übernahmeinventur der Benutzer Berechtigungen für die
an den Outsourcing-Provider
gegen unbefugten Zugriff. folgenden Ressourcen.
Weiterführung der implementierten Aktivitäten soweit in • OS, DB und SAP-Basis
Bereitstellen von gesicherten Bereichen für Portable Sto-
der vom Kunden übergebenen Dokumentation betreffend • Applikation
rage Media unter der Outsourcing-Provider IT-Sicherheits-
IT-Sicherheitsrichtlinien, -standards und -prozeduren • LAN
kontrolle.
beschrieben. Dies gilt bis zu einer allfällig vereinbarten
Vor der Übernahme der IT-Sicherheitsverantwortung Definition von Benutzer Identifikationen sowie Benutzer
Abänderung und deren Implementierung zum vereinbar-
durch den Outsourcing-Provider, Durchführung einer Berechtigungen für Mitarbeiter des Kunden.
ten Zeitpunkt.
Übernahmeinventur für alle unter dem Outsourcing-Provi- • OS, DB und SAP-Basis
Überprüfen der erhaltenen IT-Sicherheitsrichtlinien, -stan- • Applikation
der IT-Sicherheitskontrolle stehenden Portable Storage
dards und -prozeduren und Empfehlen von Veränderun- • LAN
Media.
gen.

INFORMATIK • INFORMATIQUE 2/2002 33


Mosaic

Einrichten, Ändern, Inaktivieren und Entfernen von Benut- Vierteljährliches Überprüfen der hochautorisierten Benut- Durchführung der Virenschutz-Selbstprüfungen für alle
zeridentifikationen sowie der zugehörigen Benutzerbe- zeridentifikationen und Entfernen der nicht mehr bewillig- Endbenutzermaschinen und Portable Storage Media.
rechigungen für Mitarbeiter des Kunden. ten Benutzerberechtigungen. Reagieren auf Virenangriffe und Einleiten von Fehlerbehe-
• OS, DB und SAP-Basis • OS, DB und SAP-Basis bungsmassnahmen zur Eliminierung festgestellter Viren
• Applikation • Applikation auf Endbenutzermaschinen.
• LAN • LAN
Definition von Benutzeridentifikationen sowie zugehörigen Überprüfen der hochautorisierten Benutzeridentifikationen
Datennetz (WAN)
Benutzerberechtigungen für die Mitarbeiter des Out- und Übernahme der Kontrolle dieser hochautorisierten
sourcing-Providers. Benutzeridentifikationen. Festlegung und Implementierung der IT-Sicherheitsmass-
• OS, DB und SAP-Basis • OS, DB und SAP-Basis nahmen für Firewalls und Gateways für Verbindungen zu
• Applikation • Applikation anderen Netzen, ausgehend von:
• LAN • LAN • einem vom Outsourcing-Provider betriebenen Netz
• einem vom Kunden betriebenen Netz
Einrichten, Ändern, Inaktivieren und Entfernen von Benut- Implementieren und Verwalten von IT-Sicherheitsmass-
zeridentifikationen sowie der zugehörigen Benutzerbe- nahmen für die Subsysteme und Applikationen, die nicht Verwalten und Warten aller Firewalls und Gateways für
rechtigungen für die Mitarbeiter des Outsourcing- durch das Zugriffskontrollsystem geschützt sind (z.B. DB, Verbindungen zu anderen Netzen, ausgehend von:
Providers. Transaktionsserver, Domain Names Server, etc.). • einem vom Outsourcing-Provider betriebenen Netz
• OS, DB und SAP-Basis • OS, DB und SAP-Basis • einem vom Kunden betriebenen Netz
• Applikation • Applikation Identifizieren und Überprüfen aller Einwahlservices und
• LAN Sicherheits-/Integritätsfehlerkorrekturen (Fixes auf den im Gateways zu anderen Unternehmen.
Übergeben einer Liste der vorhandenen Benutzeridentifi- Rahmen der vertraglichen Vereinbarung unterstützten • unterder IT-Sicherheitsverantwortung des Outsourcing-
kationen der Kundenmitarbeiter zur jährlichen Überprü- Systemen) werden über einen Änderungskontrollprozess Providers
fung. (Change Management) behandelt. • unter der IT-Sicherheitsverantwortung des Kunden
• OS, DB und SAP-Basis Regelmässiges Durchführen der Systemsicherheitsüber- Verwalten und Warten der IT-Sicherheitsmassnahmen für
• Applikation prüfung (Security Health Checking). die Verbindungen zu anderen Unternehmen via Gateway-
• LAN • Zugriffskontrolleinstellungen und Einwahlservices.
Jährliche Überprüfung aller Benutzeridentifikationen des • Hochautorisierte Benutzeridentifikationen mit ihren • unter der IT-Sicherheitsverantwortung des Outsourcing-
Kunden. Auftrag an den Outsourcing-Provider welche Benutzerberechtigungen Providers
Benutzeridentifikationen zu löschen sind. • Schutz der Betriebssystemressourcen (OSRs) • unter der IT-Sicherheitsverantwortung des Kunden
• OS, DB und SAP-Basis • Betriebsbereitschaft der Antivirusprogrammen auf den Hinzufügen, Ändern und Löschen der Benutzerberechti-
• Applikation jeweiligen Serverplattformen gungen auf die Einwahlservices.
• LAN Erfassen der Aufzeichnungen (Logs). Aufbewahren dieser • unter der IT-Sicherheitsverantwortung des Outsourcing-
Durchführung des Löschauftrags. Aufzeichnungen während einer vertraglich vereinbarten Providers
• OS, DB und SAP-Basis Frist. Bereitstellen von Berichten gemäss separatem Auf- • unter der IT-Sicherheitsverantwortung des Kunden
• Applikation trag und gegen Entschädigung. Zugriffe von und zu SAP-Support-System wie z.B. auf/von
• LAN Informieren des Kunden über die vom Outsourcing-Provi- SAP-Site Waldorff (OSS).
Jährliche Überprüfung der Benutzerberechtigungen aller der festgestellten Sicherheitsschwachstellen und allfällige • Verwalten und Aufrechterhalten der IT-Sicherheitsmass-
Mitarbeiter des Outsourcing-Providers zugewiesenen Risiken. Soweit möglich Unterbreiten von Empfehlungen nahmen
Benutzeridentifikationen, die zur Serviceunterstützung zur Fehlerbehebung. • Hinzufügen, Ändern und Löschen der Benutzerberechti-
benötigt werden und Entfernen der nicht mehr benötigten gungen
Der Kunde bestätigt innert drei Arbeitstagen durch schrift-
Benutzeridentifikationen. liche Gegenzeichnung den Empfang der vom Out-
• OS, DB und SAP-Basis sourcing-Provider berichteten Sicherheitsschwachstellen,
• Applikation Risiken und Empfehlungen.
• LAN
Besprechen, Vorschlagen und soweit möglich Durchfüh-
Definieren von Prozessen und Kriterien für das Administ- ren geeigneter Fehlerbehebungsmassnahmen zur Beseiti-
rieren der Passwörter. gung der vom Outsourcing-Provider erkannten
• OS, DB und SAP-Basis Sicherheitsverletzungen.
• Applikation • OS, DB und SAP-Basis
• LAN • Applikation
Setzen und Zurücksetzen von Passwörtern für die den • LAN
Mitarbeitern des Outsourcing-Providers zugewiesenen
Benutzeridentifikationen und deren Übergabe an autori-
Kunden-Netzinfrastruktur
sierte Mitarbieter des Outsourcing-Providers. (zusätzlich zur logischen Sicherheit)
• OS, DB und SAP-Basis
• Applikation Kontrollieren und Unterhalt der hochautorisierten Benut-
• LAN zeridentifikationen des Netzbetriebssystems (Server, Rou-
ter, etc.).
Setzen und Zurücksetzen von Passwörtern für die den • unter der IT-Sicherheitsverantwortung vom Out-
Kundenmitarbeitern zugewiesenen Benutzeridentifikatio- sourcing-Provider steht
nen und deren Übergabe an autorisierte Kundenmitarbei- • nicht unter der IT-Sicherheitsverantwortung vom Out-
ter. sourcing steht
• OS, DB und SAP-Basis
• Applikation Ressourcen (Hardware und Software) die sich auf Endbe-
• LAN nutzermaschinen befinden.
• Identifizieren und Definieren der IT-Sicherheitsmass-
Prüfen und Genehmigen von Anträgen für hochautori- nahmen
sierte Benutzeridentifikationen. • Implementieren der festgelegten IT-Sicherheitsmass-
• OS, DB und SAP-Basis nahmen
• Applikation
• LAN Kontinuierliches Aktualisieren des Virenschutzes auf End-
benutzermaschinen.

34 INFORMATIK • INFORMATIQUE 2/2002


Mosaic

Swiss Federation of Information Processing Societies

IFIP NEWS

received recently the ACM “Outstanding who has served successfully for many years in
Our sincere congratulations to Prof Ada Community Contribution Award” for this position.
Alfred Strohmeier, current delegate of his important contributions to Ada technol- Applications for nominations are invited by
SVI/FSI to the IFIP Technical Committee ogy and utilisation and especially his E-mail or mail before April 15, 2002, with a
2 (Software – Theory and Practice), who efforts for the promotion of object oriented short cv, interests in the field, and other perti-
received recently the ACM Outstanding technology and his contributions as expert nent information to SARIT, c/o: P-A.Bobillier
Ada Community Contribution Award for towards the revision of the Ada language who can provide a more detailed description
his important contributions to Ada tech- and his leadership in the definition of the of TC representatives activities.
nology and utilisation and especially his Ada Semantic Interface Specification (bobilliep@freesurf.ch), 128 route de
efforts for the promotion of object orient- (ASIS). Soral, 1233 Bernex.
ed technology and his contributions as IFIP TC 11 has the following aims: to
expert towards the revision of the Ada Technical Committee Membership increase the reliability and general confidence
language and his leadership in the defini- The names of the Swiss TC representatives in information processing, as well as to act as
tion of the Ada Semantic Interface Spec- have been published in INFORMATIK, No 1, a forum for security managers and other
ification (ASIS). February 2002 and are always listet in http:// professionally active in the field of informa-
www.svifsi.ch/ifip-2.html. tion processing security. Its scope includes the
Please note the following additions to this establishment of a frame of reference for
Recognition list: security common to organisations, profes-
Two Swiss colleagues have received recent- • Dr. Esther Myriam Gelle, Head of the sionals and the public and the promotion of
ly international awards and deserve our recog- Information Management Research Group security and protection as essential parts of
nition. at ABB Corporatee Research, has been ap- information processing systems.
Our sincere congratulations to: pointed new Swiss Delegate to the IFIP TC TC 11 has seven Working Groups in which
• Prof. Kurt Bauknecht, IFIP Past-president, 5 (Computer Applications in Technology). several Swiss specialists are active. Their
who has been elected IFIP Honorary Mem- We congratulate Mrs Gelle for this appoint- names can be found at http://www.i-s.ch.
ber by the IFIP General Assembly in recog- ment and wish her full success in this new For more information on IFIP, its Technical
nition to his restless efforts and successes activity. Committees and Working Groups, see: http://
as IFIP President, Chairman of the IFIP www.ifip.org
Technical Assembly and within the GA. Invitation for Nominations for TC 11:
• Prof Alfred Strohmeier, current delegate of One position is currently to be filled: TC 11
SVI/FSI to the IFIP Technical Committee 2 Security and Protection in IP Information
(Software – Theory and Practice), who Processing Systems to replace Beat Lehmann

SATW Schweizerische Akademie der Technischen Wissenschaften


Academie suisse des sciences techniques
Accademia svizzera delle scienze tecniche
Swiss Academy of Engineering Sciences

The European IST Prize


The European IST Prize is organised by the ry, Iceland, Israel, Latvia, Liechtenstein, 18 months prior to the opening of the yearly
European Council of Applied Sciences and Lithuania, Norway, Poland, Romania, Slova- competition (normally on 1st January).
Engineering (Euro-CASE), with the sponsor- kia and Slovenia. The selection criteria include technical
ship and support of the Information Society Awards will be given to outstanding contri- excellence, innovative content, strategic busi-
Technologies Programme of the European butions under the theme “novel products with ness planning, potential for improving com-
Commission. high information technology content and petitiveness, potential market value, capacity
The European Information Society Tech- evident market potential”. Excellence is to generate employment by opening new mar-
nologies Prize (EISTP) is open to any organi- sought in converting innovative ideas and kets or starting up new enterprises, contribu-
sation (enterprise, laboratory, university or R&D results into marketable products. Prod- tion towards extending the acceptance and the
other institution) based in the European ucts should be at least at demonstrable proto- understanding of information technology by
Union or in the Associated States or in Swit- type stage and if already marketed should not society, and anticipated social benefits.
zerland. Associated States include Bulgaria, have been introduced in the market more than Application for the 2003 European IST
Cyprus, the Czech Republic, Estonia, Hunga- Prize is only acceptable via the application

INFORMATIK • INFORMATIQUE 2/2002 35


Mosaic

form that can be obtained from the download The Executive Jury, composed of European panies and their products will be widely
page www.it-prize.org. Details are given in executives from Industry and University, promoted, and the Winners will be invited to
the leaflet on the European IST Prize and on nominated by Euro-CASE, will then select up join the “European IST Prize Winners Club”.
this European IST Prize Web site. The appli- to three Grand Prize Winners. All information submitted is treated as
cation form, with enclosures, should be arrive Each of the Winners will receive a Prize of confidential. The evaluation is confidential.
by surface mail to Euro-CASE at the latest on € 5,000 and the European IST Prize Winner The organisers will not disclose the judge-
15 May 2002. Certificate. Each Grand Prize Winner will ments and opinions given by the individual
All applications received by Euro-CASE receive a Grand Prize of € 200,000 and the independent experts or the members of the
will be assessed by independent experts European IST Prize Trophy. The Grand Prize Executive Jury.
nominated by EuroCASE. The evaluations Winners will be announced at the European The decisions of the Executive Jury are
are confidential. Up to 20 Winners will be IST Prize Awards Ceremony, concurrently final. If not a sufficient number of applications
selected. The Winners will be individually with the 2002 European IST Event in Copen- submitted reach a standard which is consid-
contacted in advance by the organisers in hagen on 4-6 November 2002. ered as adequate, the organisers reserve the
order to prepare their presentations to the Visibility of individuals and teams behind right to reduce the number of Winners or not
European IST Prize Exhibition and the contributions selected as Winners will be to award Grand Prizes.
Awards Ceremony. ensured through personal invitation to the
The result of the selection of the up to 20 European IST Prize Awards Ceremony and
Winners will be communicated by letter to all the European IST Prize Winners Exhibition
applicants by the end of September 2002. during the IST 2002 Event. The Winner com-

e-Government Symposium

Einladung für das Symposium e-government

13. Juni 2002, Kongresshaus Biel

Das Symposium wird von verschiedenen men aus dem IT-und /oder Consulting- auch die Schweizerischen Informatikverbän-
Partnern aus Bund, Kanton, Gemeinde und Bereich. Als Key note Speaker referiert Prof. de und Organisationen, die wir ebenfalls
Privatwirtschaft unterstützt und finanziell Dr. Beat Schmid, Medien- und Kommunikati- gezielt einladen möchten.
getragen; Die Bundes-Seite vertreten Refe- ons-Institut der Uni St. Gallen. Wir erwarten Interforum ist ein Verein, der sich auf die
renten des Bundesamtes für Kommunikation 100-200 qualifizierte Teilnehmer aus den Organisation hochstehender Veranstaltungen
BAKOM, des Informatikstrategieorgans erwähnten Bereichen und Branchen. spezialisiert hat. Auf unserer Website <http://
Bund ISB, der Stadt Biel, des Kantons Neuen- In einer ersten Vorinformation und Einla- www.interforum-bern.ch/> finden Sie andere
burg und die privatwirtschaftliche Seite, dung werden wir in den nächsten Tagen lan- von uns erfolgreich durchgeführte Events.
Redner von Hewlett-Packard, Kudelsky, desweit die Kantone, Städte und Gemeinden Auskunft und Anmeldung: pr@bischof.ch
Wisekey, SAP, der Ruf Gruppe, Mummert in einem Mailing anschrieben. Eine weitere
&Partner und diversen kleineren Unterneh- Ziel- und Interessensgruppe sind natürlich

36 INFORMATIK • INFORMATIQUE 2/2002


Mosaic

First Call for Participation

Turing Day
Computing science 90 years from the birth of Alan M. Turing.
Friday, 28 June 2002, Swiss Federal Institute of Technology Lausanne (EPFL)
http://lslwww.epfl.ch/turingday

Purpose: Turing to Tarski to von Neumann to Crick Students (incl. PhD students)
Alan Mathison Turing, born on June 23, and Watson” CHF 80.- / $ 45 / € 55
1912, is considered one of the most creative Tony Sale Others CHF 200.- / $ 120 / € 135
thinkers of the 20th century. His interests, “What did Turing do at Bletchley Park?”
from computing to the mind through informa- Jonathan Swinton Registration:
tion science and biology, span many of the “Watching the Daisies Grow: Turing and Please use the fax registration form on the
emerging themes of the 21st century. Fibonacci Phyllotaxis” Turing Day web-site:
On June 28, 2002, we commemorate the Gianluca Tempesti http://lslwww.epfl.ch/turingday
90th anniversary of Alan Mathison Turings “The Turing Machine Redux: A Bio-
birthday in the form of a one-day workshop Inspired Implementation” Contact:
held at the Swiss Federal Institute of Technol- Christof Teuscher Christof Teuscher
ogy in Lausanne. The goal of this special day “Connectionism, Turing, and the Brain” Direct line: +41 21 693 67 14
is to remember Alan Turing and to revisit his Fax: +41 21 693 37 05
contributions to computing science. The Special Events: e-Mail: christof@teuscher.ch
workshop will consist of a series of invited • Display and demonstration of an original Sponsors:
talks given by internationally-renowned Enigma machine • Bolos Computer Museum, http://www.bolo.ch
experts in the field. • Exhibition of historical computers (Bolos • The Cogito Foundation, http://www.cogitofoun-
dation.ch
Computer Museum) • Elsevier Science, http://www.elsevier.nl
Invited Speakers: • Demonstration of Turings neural networks • Swiss Federal Institute of Technology Lausanne
B. Jack Copeland on the BioWall (EPFL), http://www.epfl.ch
• Logic Systems Laboratory (LSL), Swiss Federal
“Artificial Intelligence and the Turing Test” • Demonstration of a self-replicating univer- Institute of Technology Lausanne (EPFL), http:/
Martin Davis sal Turing machine /lslwww.epfl.ch
• Dr. Charles Maillefer, Buchillon, Switzerland
“The Church-Turing Thesis: Has it been • Digital Brainstorming, Pour-Cent Culturel
Superseded?” Fees: Migros, http://www.digitalbrainstorming.ch
Andrew Hodges The registration fee includes participation • School of Computer and Communication Sci-
ences, Swiss Federal Institute of Technology
“What would Alan Turing have done after in the workshop, lunch, and coffee breaks. Lausanne (EPFL), http://icwww.epfl.ch
1954?” Students EPFL free (without lunch)
Douglas R. Hofstadter Staff EPFL (incl. PhD students) We are looking forward to seeing you in
“The Strange Loop – from Epimenides to CHF 80.- / $ 45 / € 55 beautiful Lausanne!
Cantor to Russell to Richard to Goedel to

INFORMATIK • INFORMATIQUE 2/2002 37


Schweizer Informatiker Gesellschaft • Société Suisse des Informaticiens

Schweizer Informatiker Gesellschaft Präsident • Président: Prof. Klaus Dittrich


Sekretariat • Secrétariat: Tel. 01 371 73 42
Société Suisse des Informaticiens
SI Società Svizzera degli Informatici
Swiss Informaticians Society
Schwandenholzstr. 286
8046 Zürich
Fax 01 371 23 00
E-mail: admin@s-i.ch
http://www.s-i.ch/

Editorial

Informatik/Informatique geht – Informatik/Informatique disparaît –


Informatik Spektrum kommt! Informatik Spektrum apparaît!

Liebe Mitglieder der SI, Chers membres de la SI,

Es freut mich sehr, dass ich Ihnen rechtzeitig zum Abschied von Juste à temps pour l’adieu, j’ai le plaisir de vous annoncer la succes-
unserer INFORMATIK/INFORMATIQUE die hochkarätige Nachfolge an- sion prestigieuse de notre INFORMATIK/INFORMATIQUE. A partir de
kündigen kann. Ab Heft 3/2002 werden wir nämlich das in Deutsch- l’édition 3/2002 nous sortirons la fameuse revue Informatik Spektrum,
land seit 25 Jahren höchst erfolgreiche Informatik Spektrum gemein- ensemble avec la GI, notre société soeur allemande et vous enverrons
sam mit der GI, unserer deutschen Schwestergesellschaft, herausgeben comme d’habitude tous les deux mois. Vous y trouverez aussi des con-
und Ihnen wie gewohnt zweimonatlich zustellen. Selbstverständlich tributions techniques de tout genre de la Suisse – il ne tient qu’à vous
sollen dort auch Fachbeiträge aller Art aus der Schweiz erscheinen – de les écrire. De plus, nous aurons quelques pages à disposition pour
es liegt an Ihnen, solche zu schreiben. Weiterhin stehen uns einige Sei- les nouvelles de la SI et de ses groupes, et le conseil éditorial sera
ten je Heft für die Nachrichten der SI und ihrer Fachgruppen zur Ver- augmenté de quelques membres de notre pays. Informatik Spektrum a
fügung, und der Herausgeberbeirat wird sukzessive um einige Mitglie- aussi ses pages WWW sur lesquelles tout est disponible sous forme
der unseres Landes erweitert werden. Auch das Informatik Spektrum « électronique ».
hat seine WWW-Seite, auf der alles “elektronisch” vorhanden ist. Pour nos membres francophones, nous avons l’intention de traduire
Für unsere ausschliesslich französisch sprechenden Mitglieder be- des résumés et même des articles entiers et de les mettre à disposition
stehen Pläne, Zusammenfassungen bzw. ganze Artikel zu übersetzen sur le Web. Sur « nos » pages de l’édition imprimée nos langues natio-
und im WWW zur Verfügung zu stellen. Auf “unseren” Seiten in der nales sont possibles comme jusqu’à présent.
Druckausgabe sind wie bisher alle gängigen Sprachen möglich. Formez-vous votre propre opinion de la nouvelle revue; je suis sûr
Bitte bilden Sie sich ab Juni Ihr eigenes Bild unserer neuen Zeit- que vous serez satisfait.
schrift; ich bin sicher, Sie werden zufrieden sein. Prof. Klaus Dittrich
Prof. Klaus Dittrich Président SI
Präsident SI

Dans le numéro 6/2001 d’Informatik/Informatique, nous avions


In Informatik/Informatique 6/2001 brachten wir die schlechte Nach- communiqué la mauvaise nouvelle de la cessation de la publication de
richt: Informatik/Informatique wird eingestellt. Heute bringen wir die cette brochure. Aujourd’hui, nous communiquons la bonne : les mem-
gute Nachricht: die Mitglieder der SI erhalten weiterhin eine Fachzeit- bres de la SI continueront de recevoir une revue de haut niveau, Infor-
schrift von hohem Niveau. Deren Redaktor stelle ich Ihnen hier vor: matik-Spektrum. Voici le profil de son rédacteur :
Hermann Engesser, rédacteur d’Informatik Spektrum, travaille
Hermann Engesser, Redaktor von Informatik Spektrum, ist seit depuis sept ans pour la maison d’édition Springer où il exerce les fonc-
sieben Jahren beim Springer-Verlag und leitet dort den Programm- tions de directeur du programme « ouvrages sur l’informatique et les
bereich Informatik/Computerfachbuch. Damit ist er Chefredakteur des ordinateurs ». Deux autres revues, « Informatik – Forschung und Ent-
Informatik-Spektrums. Zwei weitere Zeitschriften, Informatik – For- wicklung » (IFE) et « Software and System Modeling » (SoSyM), la
schung und Entwicklung (IFE) und die gerade gegründete Software deuxième venant d’être créée, relèvent de sa compétence. Dans le
and System Modeling (SoSyM) werden von ihm betreut. Im Springer programme de Springer concernant les livres, il est responsable des
Buchprogramm ist er für die Informatiklehrbücher und für die manuels d’informatique et des ouvrages spécialisés sur la pratique de
Computerfachbücher verantwortlich. Vor zwei Jahren hat er die bei- l’ordinateur. Il y a deux ans, il a lancé les deux séries « Xpert.press »
den Reihen Xpert.press für professionelle IT-Entwickler und -Anwen- pour développeurs et utilisateurs professionnels de logiciels et « X.Me-
der und X.Media.press für Mediengestalter gestartet. dia.press »pour concepteurs de média.
François Louis Nicolet François Louis Nicolet
bisher Redaktor Informatik/Informatique jusqu’ici rédacteur d’Informatik/Informatique

38 INFORMATIK • INFORMATIQUE 2/2002


Schweizer Informatiker Gesellschaft • Société Suisse des Informaticiens

Drei Fragen an Hermann Engesser, Trois questions posées à Hermann Engesser,


Chefredaktor, Informatik-Spektrum Rédacteur en chef, Informatik-Spektrum

Was ist die Aufgabe des Redakteurs für das Informatik-Spektrum? Quelles sont les tâches du rédacteur d’Informatik-Spektrum ?
70 Seiten. Der Redakteur hat die Aufgabe, die 70 Seiten des 70 pages. Le rédacteur a pour tâche de remplir les 70 pages de la bro-
nächsten Heftes zu füllen. Diese Aufgabe stellt sich sechsmal im Jahr. chure à paraître et ceci six fois dans l’année. Le rédacteur n’est pas seul
Der Redakteur löst diese Aufgabe nicht allein sondern in Zusammen- à s’acquitter de cette tâche ; il le fait en collaboration avec les éditeurs,
arbeit mit den Herausgeberinnen und Herausgebern, mit Autoren, mit des auteurs et le bureau de la Gesellschaft für Informatik, des employés
der Geschäftsstelle der Gesellschaft für Informatik, Verlagsmitarbei- de la maison d’édition et, ce qui n’est pas de la moindre importance,
terinnen und -mitarbeitern und last but not least zusammen mit den les lecteurs et lectrices de la revue.
Leserinnen und Lesern des Heftes. Dans Informatik-Spektrum, revue spécialisée de la Gesellschaft für
Beim Informatik-Spektrum, einer Fachzeitschrift für die Gesell- Informatik tirée à plus de 20 000 exemplaires, l’on trouve avant tout
schaft für Informatik mit einer Auflage von über 20’000 Exemplaren des informations d’actualité, d’utilité pratique, concernant des progrès
stehen aktuelle, praktisch verwertbare Informationen über einschlä- techniques et scientifiques réalisés dans ce domaine dans la théorie et
gige technische und wissenschaftliche Fortschritte in Theorie und son application. Depuis sa création il y a 25 ans avec un tirage d’à
Anwendung im Vordergrund. Seit dem Start der Zeitschrift vor 25 peine 2000 exemplaires, les tâches que s’est données cette revue sont
Jahren mit einer Auflage von knapp 2000 Exemplaren hat sich der restées identiques, même si le caractère de la revue a changé. Précisé-
Charakter der Zeitschrift zwar verändert, die genannte Aufgabenstel- ment l’informatique et les STI sont des domaines professionnels aux-
lung ist geblieben. Gerade Informatik und IT sind Berufsfelder mit den quels on peut accéder par les moyens les plus divers et dans lesquels
unterschiedlichsten Zugängen und Ausprägungen. on peut se distinguer de différentes façons.
Neben dem Informatik-Studium gibt es zahlreiche andere Ausbil- A part les études en informatique, il existe de nombreux autres
dungswege für den Einstieg oder den Umstieg zu diesem Beruf, der ja moyens de formation pour accéder à cette profession ou y arriver après
in Wissenschaft und Industrie wiederum verschiedene Berufsbilder en avoir exercé une autre. Cette profession, qui englobe différentes for-
kennt, die – als sei dies nicht genug – einer hohen Veränderungsrate mes d’activité dans le domaine de la science et de l’industrie, est livrée
ausgesetzt sind. Unsere Konzeption besteht darin, die Leserwünsche à un taux élevé de changements. Notre concept est de tenir compte des
durch entsprechende Rubriken im Heft zu berücksichtigen. Den souhaits des lecteurs en insérant dans notre brochure les rubriques
Rahmen bilden die Hauptbeiträge, fundierte Darstellungen zu wissen- appropriées. L’encadrement en est constitué par les articles principaux,
schaftlichen und technischen Entwicklungen, für die fachliche Orien- de solides exposés sur des développements scientifiques et techniques
tierung, sowie fachgesellschaftliche Mitteilungen und eine Veranstal- pour la partie informative, ainsi que par des communications de la
tungsübersicht, für das Society Organizing. Die gesellschaftlichen société d’informatique elle-même et un aperçu des manifestations
Folgen technischer und wissenschaftlicher Entwicklungen sind häufig prévues, pour le côté associatif Society Organizing. Les conséquences
umstritten. Unterschiedliche Positionen kommen in der Rubrik Zur pour la société des développements scientifiques et techniques sont
Diskussion gestellt zu Wort. Ausführliche Diskussionsbeiträge gab es souvent contestées. Les différentes positions peuvent s’exprimer dans
hier in den letzten Heften etwa zu den Themen Open Source und la rubrique Zur Diskussion gestellt (Matière à discussion). Dans les
Software-Patentierung. Im Aktuellen Schlagwort wird jeweils ein derniers cahiers, il y a bien eu des articles détaillés donnant lieu à
aktuelles Thema oder eine neue Begriffsbilung kompakt definiert. In discussion sur les thèmes Open Source et logiciel et brevet. Dans la
der Student’s Corner schreiben Studierende über Ausbildung, Praktika rubrique Aktuelles Schlagwort (A l’ordre du jour), sont définis de
und Projekte. In den Historischen Notizen liest man Interessantes und manière compacte, soit un thème d’actualité, soit une nouvelle inter-
Überraschendes aus der Historie dieser jungen Wissenschaft, deren prétation. Dans la rubrique Student’s Corner, écrivent des étudiants sur
Geschichtsbildung gerade erst begonnen zu haben scheint. Gunter la formation, des stages et des programmes. Dans les Notes histori-
Duecks Kolumne ist zu einem festen Bestandteil des Forums gewor- ques, l’on peut lire des choses intéressantes et surprenantes relevées
den, in dem man ferner Berichtenswertes im Umfeld der Informatik dans les étapes de cette science nouvelle dont l’histoire semble n’en
findet. Wenn Sie das alles zusammenbinden, von der Planung des être qu’à ses débuts. La colonne de Gunter Dueck est devenue partie
Heftes, von der Akquisition der Artikel über die Organisation des Be- intégrante du Forum du fait qu’il continuera d’y rapporter des sujets
gutachtungsprozesses in Zusammenarbeit mit dem Hauptherausgeber importants dans le domaine de l’informatique. Si vous rassemblez tous
und dem Herausgebergremium, über die Redaktion der Beiträge bis ces éléments, de la planification de la revue, de l’acquisition des arti-
zur Produktion des Hefts, dann haben Sie ein gutes Bild von der Auf- cles, en passant par l’organisation du processus d’examen en collabo-
gabe des Redakteurs. Wie gesagt, 70 Seiten. ration avec l’éditeur principal et le comité des éditeurs et par la rédac-
tion des articles proposés, jusqu’à la production de la brochure, vous
Als Leser von Informatik-Spektrum schätze ich, dass die Beiträge aurez alors une image parfaite des tâches d’un rédacteur. Comme dit,
von hohem fachlichen Niveau, verständlich und lesenswert sind. Was 70 pages.
ist Ihr Geheimrezept?
Das Ziel einer guten Zeitschrift, einer guten Zeitung oder eines En tant que lecteur d’Informatik-Spektrum, j’apprécie le fait que ses
guten Buches ist, dass der Leser mit dem Autor anhand des Lesestoffs articles témoignent d’une haute qualification, sont compréhensibles
in einen Diskurs tritt. Bei einer Fachzeitschrift ist die Profession der et méritent d’être lus. Quel est votre secret ?
Leser Voraussetzung. Damit können Autoren bei der Konzeption Ihrer Le but d’une bonne revue, d’un bon quotidien ou d’un bon livre est
Artikel ihre fachliche Expertise ausreizen. Verständlich zu schreiben, d’établir, par le biais de son contenu, un dialogue avec le lecteur. Lors-
scheint mir am schwierigsten. Die französische Mathematiker-Gruppe qu’il s’agit d’une revue spécialisée, la profession du lecteur est une
N. Bourbaki versuchte früher bei ihren Seminaren, Verständlichkeit condition primordiale. Les auteurs peuvent ainsi, par la manière de
dadurch zu erreichen, dass jeder Teilnehmer nicht über sein eigenes concevoir leurs articles, aller jusqu’au bout de leur compétence. Ce qui
Forschungsthema vortragen durfte, sondern nur über das eines ande- me semble le plus difficile, c’est d’écrire d’une manière compréhensi-

INFORMATIK • INFORMATIQUE 2/2002 39


Schweizer Informatiker Gesellschaft • Société Suisse des Informaticiens

ren. Durch den Wechsel der Perspektive wird Verständlichkeit auf ble. Le groupe de mathématiciens français N. Bourbaki a essayé dans
hohem Niveau erreicht. le passé, lors de ses séminaires, de parvenir à la compréhension en
Bei einem Informatik-Fachartikel scheint mir dies deshalb noch demandant à chaque participant de ne pas parler de son propre thème
schwieriger zu sein, weil es mehr Parameter der Verständlichkeit gibt. de recherche, mais de celui d’un autre. Le changement de perspective
Neben der theoretischen Fundierung des Dargestellten und der Klar- apporte une compréhension de haut niveau.
heit der Folgerungen kommen hier etwa Praxisrelevanz oder Einfluss S’agissant d’un article spécialisé concernant l’informatique, ceci me
auf andere, oft außerhalb der Informatik liegende Gebiete zum tragen. paraît encore plus difficile puisqu’il existe dans ce domaine davantage
Verständlichkeit für den Experten wie für den Nicht-Experten auf dem de paramètres de compréhension. Le sujet exposé ne doit pas seule-
jeweiligen Fachgebiet versuchen wir dadurch zu erreichen, dass wir ment avoir de solides fondements en théorie et les déductions en être
jeweils einen Vertreter dieser beiden Gruppen um ein Gutachten bitten. claires ; l’importance de la pratique ou l’influence sur d’autres domai-
Es ist für mich erstaunlich, wieviele konstruktive Anregungen die nes souvent extérieurs à l’informatique comptent également pour
Peers haben und die Chance, diese Anregungen im druckfertigen Arti- beaucoup. Nous essayons de parvenir à faire comprendre un texte par
kel zu realisieren, wird von vielen Autoren gerne genutzt, die diesen un expert autant que par une personne qui ne l’est pas dans cette spé-
Perspektivwechsel ja gelegentlich auch in Ihrem Artikel notieren. cialité en demandant, selon le cas, son avis à un représentant de ces
Bei den Meeren haben die Wellen an der Oberfläche eher geringen deux groupes de personnes. Je trouve surprenantes les suggestions
Einfluss auf das Klima. Trotzdem erfreuen Sie den Beobachter. Doch constructives des Peers et de nombreux auteurs saisissent la chance de
es sind die tieferen Strömungen, denen das Wettergeschehen lang- réaliser celles-ci dans un article prêt à l’impression. Il arrive aussi qu’à
fristig folgt. Ähnlich ist es mit einer zweimonatlich erscheinenden l’occasion, ces auteurs relèvent dans leur article ce changement de
Fachzeitschrift. Lesenswerte Artikel mit Tagesaktualität werden Sie perspective.
hier vergeblich suchen. Es geht um die tieferen Strömungen. Doch Celui qui observe la mer se réjouira de regarder les vagues qui se
gerade in der Informatik sind diese Entwicklungen und Ihre Folgen für meuvent à la surface bien que celles-ci n’aient que peu d’influence sur
Mensch, Technik, Philosophie und Gesellschaft von einer solchen Bri- le climat. Ce sont, en fait, les courants en profondeur qui, à long terme,
sanz und Dynamik, dass viele Leser diese Themen lesenswert finden, déterminent le temps. Il en va de même pour une revue spécialisée
weil Sie mehr darüber wissen wollen, wissen müssen. paraissant tous les deux mois. Vous y chercherez en vain des articles
Wenn dann der Leser bei der Lektüre eines Artikels auch noch ein valables d’une actualité limitée à la seule journée. Ce qui compte, ce
intellektuelles Vergnügen empfindet, dann ist das mehr als genug… sont les courants en profondeur. Cependant, précisément en informati-
und der Redakteur ist schon wieder weiter. Er liest vielleicht gerade die que, ces développements et leurs conséquences pour l’homme, la tech-
Erstversion eines Artikels für das übernächste Heft. nique, la philosophie et la société sont empreints d’une force et d’une
dynamique telles que bien des lecteurs trouvent ces thèmes dignes
Informatik-Spektrum war bisher die Zeitschrift der Mitglieder der d’être lus, parce qu’ils veulent en savoir davantage, doivent en savoir
GI. Nun kommen auch die Mitglieder der SI dazu. Was ist für die davantage.
neue Leserschaft vorgesehen? Alors, lorsque le lecteur éprouve, en outre, un plaisir intellectuel à
Ich würde mich besonders freuen, wenn sich die SI-Mitglieder von la lecture d’un article, c’est plus qu’il n’en faut et le rédacteur a déjà
Anfang an im Informatik-Spektrum wiederfinden. Es versteht sich von continué son chemin. Il est peut-être déjà en train de lire la première
selbst, dass die Aktivitäten der SI – wie bisher schon in der Informatik/ version d’un article destiné à la brochure suivante.
Informatique – unter den für das Informatik-Spektrum neuen SI-
Mitteilungen abgedruckt werden. Informatik-Spektrum était, jusqu’à présent, la revue des membres de
Auch Hauptbeiträge und Beiträge zu den Rubriken sind hochwill- la GI. Viennent s’ajouter maintenant les membres du SI. Qu’est-il
kommen. Hier haben ja auch in der Vergangenheit schon SI-Autoren prévu pour ces nouveaux lecteurs ?
im Informatik-Spektrum publiziert. Je serais particulièrement content si, dès le début, les membres de la
Generell sehe ich in dem dann für beide Organisationen verlegten SI se retrouvaient dans Informatik-Spektrum. Il va de soi que les
Informatik-Spektrum eine Win-Win-Situation mit mehr Informationen activités de la SI – comme c’était le cas déjà jusqu’à présent dans
für alle Leser und mit einer stärkeren Außenwirkung. “Jedem Anfang Informatik/Informatique – paraîtront dans la nouvelle rubrique Com-
wohnt ein Zauber inne…”, sagte Hermann Hesse. Das ist für mich das munications de la SI d’Informatik-Spektrum. Tous les articles et toutes
Motto für Heft 3/2002, das erste gemeinsame Informatik-Spektrum für formes de participation aux rubriques existantes seront les bienvenus.
GI und SI. Mais, dans le passé déjà, des auteurs de la SI avaient publié des articles
dans Informatik-Spektrum.
Sur un plan général, je vois plutôt dans Informatik-Spektrum, édité
pour les deux organisations, une situation win-win qui apportera
davantage d’informations à tous les lecteurs et aura une plus grande
influence extérieure. « Tout commencement porte en lui un charme »,
disait Hermann Hesse. C’est ma devise pour la l’édition 3/2002, pre-
mier numéro d’Informatik-Spektrum en commun pour la GI et la SI.

40 INFORMATIK • INFORMATIQUE 2/2002


Schweizer Informatiker Gesellschaft • Société Suisse des Informaticiens

DBTA http://servlet.java.sun.com/javaone/home/ verständlicher zu machen, sei der heikle Ver-


Datenbanken, Theorie und Anwendung 0-sf2002.jsp such gewagt, die Besonderheit des Program-
Bases de données, théorie et application • Vendors embrace J2EE 1.3. Eighteen com- mierens mit APL, etwa im Vergleich mit Java,
Chairman: Paul Eisner panies including BEA, IBM, Borland, herauszuarbeiten. Während die Entwickler
Correspondent: Moira Norrie Pramati, and Silverstream have passed the von Java sich offensichtlich vom Bestreben
http://www.unizh.ch/groups/dbtg/DBTA/ J2EE 1.3 compliance tests since its debut leiten lassen, einen Baukasten ständig zu
five months ago. From InfoWorld: vergrössern, welcher schliesslich für jeden
DBTA plans a major event to celebrate its http://www.infoworld.com/articles/hn/xml/ erdenklichen (wenn auch noch so trivialen)
15 years anniversary. We intend to have a two 02/01/29/020129hnj2eeday.xml Vorgang ein passendes Element enthält,
day seminar in late summer 2002 or in spring • And the winner is… Well, being the fastest beruht APL auf einem kühn konzipierten Satz
2003, at a well-known and agreeable place. not always means being the winner. But von mathematischen Operationen, von denen
We think about analysing social implications still, a special honourable mention goes to man in anderen Sprachen nur träumen kann.
of IT, and comparing them with technological Pramati Server 3.0; first application server Ist der Programmierer imstande, in seinen
advances achieved, with a special focus on the to pass the Sun Microsystems J2EE v1.3 Projekten die mathematischen Strukturen zu
database area. Renown key-note speakers will compatibility test suite erkennen, kann er häufig diese direkt in APL
be proposed. http://www.pramati.com/corporate/press/ abbilden – auf atemraubend effektive Art.
We invite DBTA members to share in our press_cts.htm Robin Trpisovsky war die mathematische
planning and to contribute their ideas. Please • Divide and conquer. Aspect-oriented pro- und intellektuelle Faszination, die APL auf
write to Paul.Eisner@swisslife.ch. gramming (AOP) is an extension of object- ihn ausübte, immer anzumerken. Er trug sie in
oriented programming, it allows developers die regelmässigen Workshops der Swiss APL
to cleanly separate “concerns” in their soft- User Group (SAUG) hinein. Sein kritischer,
JUGS ware systems. The inventors of AOP claim durchdringender Geist spielte in diesen Work-
Java User Group Switzerland that this leads to systems, which are easier shops eine wichtige Rolle, ebenso wie sein
Chairman: Arthur Neudeck to maintain, to extend, and to understand. breites fachliches Wissen. Robin, der
http://www.jugs.ch/ An intro-article from JavaWorld: ursprünglich Architekt war, hatte auch philo-
http://www.javaworld.com/javaworld/jw- sophische Interessen. Eine Zeitlang beschäf-
01-2002/jw-0118-aspect.html tigte er sich mit logischen Problemen des
Java News
• Mac OS X and Java. The boldest announce- Suchens und Fragens, mit der so genannten
Welcome to the last issue of Java News ment Jobs made in his “Macworld” keynote erotetischen Logik. Seine grundlegende Art
published through Informatik/Informatique. is that Mac OS X will be the default OS in des Denkens führte ihn dazu, dass er dem heu-
Sad to see that publication disappear, life is all new Macs by the end of this month. Mac tigen Programmierbetrieb, der unter dem
tough sometimes! OS X, built on top of Unix, contains the Druck von Zeitlimiten stattfindet, eine gewis-
Do you find this type of information Java 1.3.1 runtime, as well as command se Skepsis entgegenbrachte. In schnell zusam-
interesting? Do you think I should keep on line tools such as javac, java, jar, rmi, and mengeschusterten Programmen sah er nicht
publishing that column online? If so, please rmid. besondere Leistungen, sondern spätere
send a quick e-mail to silvano.maffeis@ http://www.javaworld.com/javaworld/jw- Problemquellen. Die SAUG wird Robin
softwired-inc.com and let me know! 01-2002/jw-0118-macworld.html? Trpisovsky vermissen, seine fachliche Kom-
Visit http://www.jugs.ch for a list of • JBuilder 6 Enterprise features UML sup- petenz ebenso wie seine kritischen Fragen.
upcoming Java events hosted by JUGS. Also, port and refactoring tools. Urs Oswald
you will find this issue of JavaNews online on http://www.javaworld.com/javaworld/jw-
the JUGS Web: It’s easier to click on URLs 01-2002/jw-0118-iw-jbuilder.html
rather than typing them in! Silvano Maffeis, JUGS, Security
• Finalists announced for the JavaWorld edi- mailto:silvano.maffeis@softwired-inc.com Chairman: Rolph Haefelfinger
tor choice awards. These awards recognize Correspondent: Thomas Kohler
innovative companies, organizations, and http://www.fgsec.ch/
individuals for their commitment to devel- SAUG
oping new Java tools and technologies. Swiss APL User Group Wir bitten Sie, sich die folgenden Veran-
http://www.javaworld.com/javaworld/jw- Chairman: Hans Steffen staltungen vorzumerken:
02-2002/jw-0211-finalists.html hans.steffen@bfs.admin.ch 23. April 2002 (später Nachmittag)
• Java Web Services Developer Pack re- Das neue Recht in der Informatik
leased. All you need (and more) to start de- Im Dezember des vergangenen Jahres starb Raum Zürich – www.fgsec.ch
veloping Web services in Java: SOAP, Robin Trpisovsky. Für Robin nahm die Spra- 20. Juni 2002 (später Nachmittag)
JAXP, JAXM, a UDDI registry server, che APL eine wichtige Stelle ein, obwohl er Wireless Security
Tomcat Servlet engine, etc. sie in seiner Arbeit nur am Rande einsetzen Raum Zürich – www.fgsec.ch
http://java.sun.com/features/2002/01/ konnte. Er war fasziniert von den einzigarti- 26. September 2002 (später Nachmittag)
wspack.html gen Möglichkeiten von APL, schätzte aber die Forensics mit anschliessender General-
• JavaOne is coming! For those that still have Akzeptanz, mit welcher die Kunden der Spra- versammlung 2001
the luxury of a travel budget, JavaOne is the che begegneten, realistisch ein. Für seinen Raum Zürich – www.fgsec.ch
get-together for Java-enthusiast and hunters vielseitigen und kritischen Geist war die 9. November 2002 Nachmittag
of useless-but-really-cool gadgets (25–29 Arbeit mit APL nicht einfach irgendwelches 5. Berner Tagung
March, San Francisco): Programmieren, sondern ein ausgesprochenes für Informationssicherheit
intellektuelles Vergnügen. Um dies etwas Bern – www.fgsec.ch

INFORMATIK • INFORMATIQUE 2/2002 41


SwissICT

Schweizerischer Verband der Informations- und Kommunikationstechnologie


Präsidium: Maya Lalive d’Epinay
Redaktion: info@swissict.ch
Verbandsdirektion Hans-Peter Uehli, hans-peter.uehli@swissict.ch
Telefon 056 222 65 00, Telefax 056 222 65 67
Postfach 1345, 5401 Baden
Web: http://www.swissict.ch/

Portrait Markus Fischer


Mitglied des Vorstandes und des Strategie-Ausschusses SwissICT

Als Nicht-Informatiker bin ich während 1. Einführung und Ausbreitung der letzten men, musste dieser Start-up aufgrund des dra-
den 26 Jahren, die ich für die SBG/UBS tätig Host-Applikationen matischen Einbruchs in der e-Szene bereits
war, mit zahlreichen Auswirkungen dieses 2. Strategische Neuausrichtung des Ban- im ersten Betriebsjahr “gegroundet” werden,
faszinierenden Branchen-Clusters in Berüh- king, verbunden mit der Neugestaltung der weil sich die ursprünglich geplanten Ziele
rung gekommen, und schliesslich haben mich Geschäftsprozesse und der internen Organisa- punkto Cash und Zeit unter den neuen Gege-
die Informations- und Kommunikations- tion benheiten als nicht erreichbar herausstellten.
Technologien und ihr enormes Potential für 3. Flächendeckende Einführung vernetzter Trotz dieses Misserfolges hat mir die Füh-
Wirtschaft und Gesellschaft derart in ihren PC-Lösungen und Client Server Technologi- rung dieses Ventures zusammen mit den Kol-
Bann gezogen, dass ich mich im Jahr 2000 en legen der Geschäftsleitung enorm viel ge-
vom Banking verabschiedet habe. 4. “Entdeckung” der Internet-Technologi- bracht und auch grosse Freude bereitet.
Begonnen haben meine Begegnungen mit en, verbunden mit der Konzeption, Entwick- Nachdem uns schon der forcierte Aufbau voll
der damaligen “EDV” unter einem etwas lung und Einführung von Intranet- und Web- gefordert hatte, hatten wir beim anschliessen-
zwiespältigen Eindruck. In die ersten Jahre Lösungen den ebenfalls forcierten Abbau und der Ein-
meiner Bankkarriere fiel nämlich der Fall 5. Entwicklung von Web Banking Strategi- stellung des Unternehmens und der Plattform
UBISCO der damaligen SBG. Quasi als Zu- en und Services für das Privatkunden-, Fir- innert weniger Monate nochmals Gelegen-
schauer und im Rahmen der dazu erhältlichen menkunden- und Anlagekunden-Geschäft heit, unsere Fähigkeiten unter Beweis zu stel-
Informationen hat uns diese “EDV-Entwick- Während diesen Phasen habe ich meine len. Diese zusätzliche Dimension an Erfah-
lung” – und die Summen, um die es dabei Sporen als Projektleiter abverdient und über- rung kommt mir bei meiner Tätigkeit als
ging – nachhaltig beeindruckt. Leider war da- aus wertvolle Erfahrungen in zum Teil sehr Berater und Dozent sehr vonstatten.
mit auch ein zeitlicher Rückschlag für uns komplexen, interdisziplinären und auch mul- Ungeachtet der Abkühlung und stellenwei-
“Benutzer” verbunden, so dass die “dummen” tikulturellen Projekten sammeln dürfen. se auch Frustration in der e-Szene bin ich
Terminals samt den ersten Anwendungen und Gleichzeitig konnte ich mein Fachwissen und überzeugt, dass wir das gigantische Anwen-
ihren eintönigen Zahlen- und Zeichenmenus die gesammelten Erfahrungen als Ausbilder dungs- und Nutzen-Potential der IC-Techno-
erst gegen Ende der Siebziger Jahre auf uns und Prüfungsexperte der schweizerischen logien und insbesondere von Lösungen in den
zukamen. Die damit zu erzielenden Fort- Bankfachprüfungen sowie als Referent an Bereichen Web, Extranet, Intranet sowie von
schritte waren indes gewaltig, zumindest ge- Nachdiplomkursen und Fachtagungen weiter- Multi (inklusive Mobile) Device fähigen Ser-
messen an den damaligen Möglichkeiten. geben. vices erst zu geringen Teilen erschlossen ha-
So richtig den Ärmel reingenommen hat es Der bisherige Höhepunkt bildete jedoch ben. Die nächsten Jahre bleiben also unge-
mir Mitte der Achtziger Jahre mit der Einfüh- ohne Zweifel das Venture “plenaxx”, welches mein spannend, und wir werden noch
rung der PC’s. Damals waren spezifische An- nebst der UBS von vier weiteren strategischen staunen, was in Anwendungsgebieten wie e-
wendungen für Bankfachleute noch rar, wes- Partners (Mobiliar Versicherungen, Schwei- business, e-government, e-learning, mobile
halb wir uns selber an die Konzeption, zerischer Gewerbeverband, Swisscom, Valo- commerce, location based services und perva-
Gestaltung und Entwicklung von kleinen Ap- ra) mitgetragen wurde und zum Ziel hatte, sive computing noch alles auf uns zu kommt.
plikationen heranwagten. Unser erstes lauffä- den Schweizer KMU, Verbänden, Schulen Nicht die Zukunft voraussagen, sondern sie
higes Programm zur Verwaltung, Überwa- und Institutionen innert kürzest möglicher schaffen und gestalten, ist dabei meine Devi-
chung und Berichterstattung von Zeit eine e-Business & e-Collaboration Platt- se: let’s do it!
risikobehafteten Kreditpositionen wurde form samt entsprechender e-Services anzu-
1988 ausgebreitet und hatte auf einer einzigen bieten und nach professionellen Kriterien zu Markus Fischer ist 49jährig, verheiratet, wohn-
5 _ Zoll Diskette Platz! betreiben. Obwohl wir innerhalb von nur acht haft in Lugnorre, und verbringt seine Freizeit am
liebsten mit analoger und digitaler Fotografie,
Die Neunziger Jahre waren für mich von Monaten das Unternehmen, die Marke und Computing und Multimedia, Aviatik und Reisen
fünf massgeblichen Entwicklungen geprägt: die Plattform aufbauten und in Betrieb nah- zu Vulkanen und anderen abenteuerlichen Desti-
nationen.

42 INFORMATIK • INFORMATIQUE 2/2002


SwissICT

Abschied von der Zeitschrift INFORMATIK

Sie halten die letzte Ausgabe der Zeitschrift Minuten mit dem Studium der Zeitschrift abschnitt. Seine Zeitschrift mit dem inhaltlich
INFORMATIK/INFORMATIQUE in der Hand. INFORMATIK verbracht hat. hochstehenden IT-Fachbeiträgen und dem
Der Redaktor, Herr François Louis Nicolet, Die letzte Nummer der INFORMATIK mar- markanten, knallroten Titelblatt wird mir in
tritt in den wohl verdienten Ruhestand. Leider kiert jedenfalls das Ende einer Ära in unserer guter Erinnerung bleiben.
war es den an der Zeitschrift beteiligten Ver- Verbandsgeschichte – gleichzeitig aber auch Im Namen des Vorstandes und der Mitglie-
bänden nicht gelungen, einen geeigneten einen Neubeginn: SwissICT ist selbst- der von SwissICT überbringe ich Herrn Prof.
Nachfolger für ihn zu finden. verständlich weiterhin auf ein offizielles C. A. Zehnder die Zeichen unserer Dankbar-
Im Jahre 1993 wurde eine “Projektgruppe Publikationsorgan als Kommunikationskanal keit und unsere Anerkennung für seine
Zeitschrift” ins Leben gerufen, welcher Prof. zu seinen Firmen- und Einzelmitgliedern bewundernswerte Initiative und seinen un-
C. A. Zehnder (Präsident SVI/FSI), Helmut angewiesen. So wird der Vorstand an der Ge- ermüdlichen, selbstlosen Einsatz zu Gunsten
Thoma (Präsident SI) und Walter Wüst (Präsi- neralversammlung 2002 den Antrag stellen, der Verbandszeitschrift INFORMATIK, auf die
dent WIF) angehörten. Am 1. Februar 1994 mit dem Schweizerischen Verband der Tele- wir alle so stolz sein können.
erschien die erste Nummer. kommunikationsbenützer asut zusammenzu- Hans-Peter Uehli
Die INFORMATIK /INFORMATIQUE diente arbeiten, um zukünftig gemeinsam eine Zeit- Verbandsdirektor
bekanntlich als offizielles Mitgliederorgan schrift herauszugeben, die gleichzeitig als
von vier Verbänden: Schweizer Informatiker unser offizielles Publikationsorgan dient. Es war gewiss eine Herausforderung, den
Gesellschaft SI, Schweizerischer Verband der Die neue Verbandszeitschrift wird dement- hohen Ansprüchen der in SwissICT und SI
Informations- und Kommunikationstechnolo- sprechend verbandsinterne Berichte und vereinigten Informatik-Fachleute gerecht zu
gie SwissICT, Groupe Romand de l’Informa- Nachrichten enthalten und daneben auch werden. Ich hatte das Glück, in diesen Gesell-
tique GRI und Swiss Open Systems User mehrere Seiten mit Fachbeiträgen zu aktuel- schaften anerkannte Experten der verschien-
Group ch/Open. len Themen der Informations- und Kommuni- denen Teilgebiete der Informatik zu finden,
Die INFORMATIK war auf qualifizierte In- kationstechnologie. die als Gastredaktoren meine Arbeit unter-
formatik-Fachleute ausgerichtet. Oft haben In den letzten 10 Monaten, in denen ich für stützten. Viele Autoren der Fachbeiträge sind
die Übersichtsartikel und die einführenden die Redaktion der Beiträge von SwissICT zu- Mitglieder der an der Zeitschrift beteiligten
Beiträge zu aktuellen Themen der Informa- ständig gewesen bin, habe ich die freundliche Gesellschaften, was einmal mehr ihre fachli-
tionstechnologie die Leserschaft herausgefor- Unterstützung von Herrn Nicolet zu schätzen che Kompetenz bezeugt. Eine Mitgliederzeit-
dert, dies nicht zuletzt wegen ihres hohen Ab- gewusst. Für seine Redaktion und Produktion schrift dient auch dazu, über das Leben des
straktionsniveaus. Für eher praxisorientierte der INFORMATIK habe ich einen hohen Res- Verbands zu berichten. Hier hat Herr Hans-
Leser dürfte die Lektüre der INFORMATIK des- pekt gewonnen. Ich bedanke mich an dieser Peter Uehli in jeder Ausgabe für vielseitige
halb nicht immer leichte Kost gewesen sein. Stelle bei Herrn Nicolet ganz herzlich für die Beiträge gesorgt. Für seine Arbeit und die
Erfreulicherweise hat die Mitgliederumfrage angenehme und erfolgreiche zusammenar- sehr angenehme, freundschaftliche Zusam-
vom Herbst 2001 ergeben, dass etwa die Hälf- beit. Ich wünsche ihm eine gute Gesundheit menarbeit danke ich ihm ganz herzlich.
te unserer Mitglieder zwischen 15 und 60 und viele fröhliche Stunden im neuen Lebens- François Louis Nicolet

SwissICT-Salärumfrage 2002

Seit 1981 führt der Informatikverband und repräsentativste Salärstatistik der Infor- lagen unaufgefordert zugestellt. Falls Sie zum
SwissICT jährlich die massgebende Salärum- matik- und Telekom-Spezialisten in der ersten Mal an unserer Salärumfrage teilneh-
frage für Informatikberufe in der Schweiz Schweiz. men möchten, bitten wir Sie, die detaillierten
durch. Die Anzahl Nennungen und damit Die Liste der Funktionen sowie ein Beispiel Erfassungsunterlagen anzufordern. Zögern
auch der Wert der Erhebung steigt von Jahr zu aus der Standardauswertung finden Sie auf Sie nicht, uns anzurufen, falls Sie noch weite-
Jahr: 2001 wurden 19'278 Salärnennungen unseren Webseiten unter Publikationen / Be- re Fragen haben.
von 236 Unternehmen ausgewertet! Einmal stellformulare http://www.swissict.ch/publi/ SwissICT
mehr hat diese erfreuliche Beteiligung das bestellformular.php Badstrasse 7
grosse Bedürfnis und den hohen Stellenwert Stichtag für die Salärumfrage ist jeweils der 5401 Baden
der SwissICT-Salärumfrage für unsere Wirt- 1. Mai. Die Erfassungsunterlagen werden Tel: 056 / 222 65 00
schaft dokumentiert. deshalb im April an die teilnehmenden Unter- eMail: info@swissict.ch
Wir würden uns freuen, wenn sich Ihr Un- nehmen verschickt. Die ausgewerteten Daten Hans-Peter Uehli
ternehmen an der diesjährigen Salärumfrage liegen bis Ende September in Buchform vor. Verbandsdirektor
beteiligen würde. Ende September 2002 er- Unternehmen, die bereits einmal teilge-
halten die Teilnehmer kostenlos die aktuellste nommen haben, erhalten die Erfassungsunter-

INFORMATIK • INFORMATIQUE 2/2002 43


SwissICT

Symposium

Managing Speed and Complexity

Verbandsdirektion und Programmkommis- drei Tagen werden hochkarätige Fachleute ge, wie sich die IT laufend auf die sich verän-
sion von SwissICT freuen sich, Sie zum aus Forschung und Praxis, darunter Prof. Fre- dernden Geschäftsprozesse abstimmen lässt,
diesjährigen Symposium INFORMATIK deric Vester (Autor von “Die Kunst vernetzt ohne dabei das Tagesgeschäft aus den Augen
2002 einzuladen zu denken”), Prof. Walter Brenner (Universi- zu verlieren.
Managing Speed and Complexity tät St. Gallen), Jens Alder (CEO Swisscom) Das alle zwei Jahre stattfindende SwissICT
Montag, 27. Mai 2002 bis Mittwoch, 29. und Prof. Helmut Merkel (Vorstandmitglied Symposium richtet sich an Führungskräfte
Mai 2002 Karstadt Quelle) interessante Antworten lie- von Informatik-, Organisations- und Fachab-
im Seehotel Waldstätterhof, Brunnen SZ fern und mit teilweise unkonventionellen Ein- teilungen. Als Teilnehmender finden Sie hier
Die Geschäftsprozesse werden immer sichten aufwarten. eine Plattform für die Auseinandersetzung mit
schneller und komplexer. Von dieser Entwick- Jeder Symposiumstag hat ein eigenes einem wichtigen Thema. Sie pflegen dabei
lung ist die Informations- und Kommunikati- Schwerpunktthema. Am Montag wird die “IT- gleichzeitig den Gedankenaustausch mit Kol-
onstechnologie gleich zweifach betroffen: als Revolution” aus der Sicht von Politik, Wirt- legen und können auftanken, abseits vom Ta-
massgebliche Antreiberin des Geschehens, schaft und Kultur beleuchtet. Am Dienstag gesgeschäft.
aber zugleich auch als Getriebene vom eige- wird erörtert, inwieweit die neuen Technolo- Hans-Peter Uehli
nen Erfolg. gien den Fortschritt beschleunigen oder brem- Verbandsdirektor
Das Symposium INFORMATIK 2002 sen. Der dritte Tag steht unter dem Motto “Die
nimmt sich dieser aktuellen Thematik an. An Veränderung führen” und behandelt die Fra-

Einladung zur Generalversammlung

Donnerstag, 25. April 2002 um 16:15 Uhr im Marriott Hotel in Zürich

Programm 4 Vorschau 2002


15:45 Uhr Eintreffen der Teilnehmenden, Kaffee Beat Schmid / Hans-Peter Uehli
16:15 Uhr Begrüssung der Teilnehmer • Verbandsstrategie, Grobzielsetzungen
Maya Lalive d'Epinay, • neue Verbandszeitschrift
Präsidentin • Veranstaltungen
16:20 Uhr Gastreferat 5 Budget 2002
Wird die Liberalisierung der Telekommunika- Hans-Peter Uehli
tion zu Ende geführt? 6 Erneuerungswahlen
Marc Furrer Maya Lalive d'Epinay
17:00 Uhr Kaffeepause 7 Diverses
17:30 Uhr Generalversammlung Maya Lalive d'Epinay
1 Protokoll der Generalversammlung vom 18. Mai Beantwortung von Fragen
2000 gemäss Homepage von SwissICT www.swis- 8 Abschluss der Generalversammlung
sict.ch Maya Lalive d'Epinay
Maya Lalive d'Epinay ab
2 Jahresberichte 2001 18:30 Uhr Gemeinsamer Imbiss
Maya Lalive d'Epinay / Guido Auchli
• Jahresrückblick Anmeldung
• Kurzbericht der Arbeits- und Fachgruppen bis spätestens 15. April 2002 per Fax 056 222 65 67 oder
• Kontakte mit anderen Verbänden via eMail info@swissict.ch.
• Veranstaltungsprogramm 2002/03
3 Jahresrechnung 2001 Anfragen
Hans-Peter Uehli / Othmar Flück Anfragen an die Generalversammlung sind spätestens
• Erfolgsrechnung und Bilanz 20 Tage vor der Versammlung schriftlich an die Ge-
• Bericht der Revisoren schäftsstelle einzureichen.
• Genehmigung der Rechnung / Erteilung der Dé-
charge

44 INFORMATIK • INFORMATIQUE 2/2002


SwissICT

Rückblick und Ausblick auf die Verbandstätigkeiten Veranstaltungskalender


von SwissICT
25.04.2002
Generalversammlung
Im Laufe des Jahrs 2001 hat SwissICT 16 Im Verbandsjahr 2002 sind 24 Ausbil- Versammlung
Ausbildungsveranstaltungen durchgeführt. dungsveranstaltungen unter anderem zu den 7./8. Mai 2002
Dabei konnten die Tagungen “Die Zukunft Themen EAI - Brücke zwischen Anwen- Leadership
der IT ist web-based” und “eBusiness” sowie dungsinseln, Applikationsentwicklung mit Seminar
das “2. eGovernment Symposium” über 100 XML, Requirements Engineering, Serverkon- 27.- 29. Mai 2002
Teilnehmer verzeichnen. solidierung unter Windows, Management von INFORMATIK 2002 in Brunnen
Gegenüber dem Vorjahr haben an der Salä- eProjekten, Methoden und Werkzeuge des Symposium
rumfrage 2001 4% mehr Firmen teilgenom- Softwaretestings, eGovernment, Metriken 6./7. Juni 2002
men. Dabei ist die Anzahl der ausgewerteten und Benchmarking, Modellverträge im Infor- Requirements Engineering
Saläre auf 19'278 (+8.2%) gestiegen. matikbereich, Risikomanagement in IT-Pro- Seminar
Seit dem 1. Juli 2001 werden die Mitglieder jekten, J2E versus .net, Project Management 11. Juni 2002
von SwissICT durch die Mitarbeiter der neu- und Technologie-Update vorgesehen. J2E versus .net*
en Geschäftstelle in Baden betreut. Das traditionelle dreitägige INFORMATIK Abendveranstaltung
Die Mitgliederbefragung hat - mit einem Symposium 2002 dreht sich um das aktuelle 13. Juni 2002
fantastischen Rücklauf von 38% der Firmen- Thema “Managing Speed and Complexity” Serverkonsolidierung unter Windows
mitglieder und 32% der Einzelmitglieder - und wird in der gediegenen Ambiance des Abendveranstaltung
eine hohe Zufriedenheit der Mitglieder mit Hotels Waldstätterhof in Brunnen durchge- 20./21. Juni 2002
den Dienstleistungen von SwissICT attestiert. führt. Management von eProjekten
Trotzdem wir haben manch kritische Bemer- Die Aktion für vergünstigte Abonnemente Seminar
kung als Anlass genommen, unsere Dienst- von IT-Zeitschriften wird wiederholt. 27. Juni 2002
leistungen zu überprüfen und zu verbessern. Wir rechnen damit, dass - dank der Erfas- Softwaretesting: Methoden und
In einer einmaligen Aktion konnten über sung variabler Lohnbestandteile - die Teilneh- Werkzeuge
150 vergünstigte Abonnemente bekannter IT- mer an der Salärumfrage 2002 ein weiteres Tagung
Zeitschriften abgegeben werden. Mal gesteigert werden können. 9./10. Juli 2002
SwissICT hat im Rahmen der Vernehmlas- Für das Jahr 2002 hat sich SwissICT die Verbessern von Software-Entwick-
sungen zum Bundesgesetz über die elektroni- folgenden Ziele gesetzt: lungsprozessen
sche Signatur eine positive Stellungnahme 1 Ausbauen der Dienstleistungen zur Ver- Seminar
publiziert. besserung des Mehrwerts für die Mitglie- 22./23.August 2002
Im Januar 2002 sind die neuen Internetsei- der Entscheidungsfindung
ten aufgeschaltet worden, die im laufenden 2 Ablösen der Zeitschrift INFORMATIK Workshop
Jahr schrittweise ergänzt und verbessert wer- durch eine attraktive Verbandszeitschrift 22. August 2002
den. 3 Durchführen von gezielten Werbeaktionen 3. eGovernment Symposium
Der Expertenausschuss ist eine attraktive zur Verbreiterung der Mitgliederbasis Symposium
Plattform für den fachlichen Erfahrungsaus- 4 Intensivieren der Medienarbeit und veran- * = Arbeitstitel
tausch. Er hat bereits vier neue Arbeits- und kern von Verbandsname und Verbandszie- SwissICT-Mitglieder erhalten eine aus-
Fachgruppen gegründet und es werden weite- len im breiten Publikum führliche Einladung. Anmeldungen nehmen
re folgen. 5 Beobachten von aktuellen Themen als wir gerne per Fax 056 222 65 67 oder via
Trotz fusionsbedingtem Rückgang der An- Grundlage für die Einflussnahme zur Ver- info@swissict.ch entgegen.
zahl Mitglieder und einer hohen Nachforde- besserung der gesetzlichen Rahmenbedin-
rung der Mehrwertsteuerverwaltung kann im gungen für die ICT-Branche
Jahr 2001 eine ausgeglichene Erfolgsrech- 6 Übernehmen der Initiative bei Verhand-
nung präsentiert werden. lungen zur Konsolidierung der ICT-Ver-
Es bleibt doch noch viel zu tun um ein füh- bandslandschaft, etwa über die Schaffung
render Verband der Informations- und Kom- eines Dachverbandes.
munikationstechnologie zu werden: In die- Die Verbandsdirektion dankt all den Mit-
sem Sinne hat der Strategieausschuss eine gliedern, die sich in den Gremien von Swiss-
umfassende Verbandsstrategie entworfen, ICT persönlich engagiert haben und mit ih-
welche der Generalversammlung vom 25. rem Einsatz die Erfolgsgeschichte von
April 2002 vorgelegt wird. Dazu lauten die SwissICT erst möglich gemacht haben.
Stichworte: SwissICT befindet sich auf dem richtigen
1. Gegenwert erbringen Weg, “A Leading Swiss Association in Infor-
2. Mitgliederpotenzial ausschöpfen mation & Communication Technology” zu
3. Interessen der Mitglieder vertreten werden.
4. Konsolidierung der schweizerischen Ver- Hans-Peter Uehli
bandslandschaft unterstützen Verbandsdirektion

INFORMATIK • INFORMATIQUE 2/2002 45


SwissICT

Alter Wein in neuen Schläuchen?


Was steckt hinter der Metapher E-Marketplace oder die neuen Brückenbauer

Der elektronische Handel zwischen Businesspartnern ist in der Schweiz keine Vision mehr, sondern Realität. Technologische Schranken werden
laufend aufgehoben und neue virtuelle Brücken für den Handel entstehen.

Im 18. Jahrhundert erlangte das Londoner also gleichzeitig am selben Ort aufhalten – Zeit beim richtigen Lieferanten bestellt, von
Kaffeehaus Lloyds grosse Berühmtheit. Wer eben auf Marktplätzen, Börsen oder in Kaf- diesem geliefert und schliesslich bezahlt wer-
immer auch für seine Schiffe Fracht suchte feehäusern. den. Diese Abläufe sollen einfach, schnell,
oder aufgeben wollte, Waren anbieten und Dem ist heute nicht mehr so. Information kostengünstig und absolut transparent sein.
kaufen oder auch nur die aktuellsten Neuig- steht heute praktisch ohne Zeitverzögerung Um diese Effizienz zu erreichen werden in
keiten aus Übersee erfahren wollte, fand sich allen Interessierten zur Verfügung. Auch müs- vielen Unternehmen IT Systeme eingesetzt,
dort ein. Bald waren die Händler nicht mehr sen Güter nicht mehr physisch vor Ort inspi- die von der Auftragserfassung über die Pro-
nur unter sich. Schiffsladungen mussten vor- ziert werden oder Zahlungsmittel in Form von duktionsplanung bis hin zur Auslieferung und
finanziert werden, Investitionen waren not- Geldnoten oder Münzen ausgetauscht wer- Rechnungsstellung sämtliche Prozesse unter-
wendig und so durften auch die Banken und den. Alles Elemente, welche wir mit dem Be- nehmensweit abbilden. Diese Systeme sind
Financiers nicht fehlen. Das Klumpenrisiko, griff Marktplatz assoziieren. Hinter der Meta- auch in der Lage, selbst wiederum Bestellun-
mit einem Schiff die Weltmeere zu befahren, pher E-Marketplace und speziell den B2B gen bei Zulieferern auszulösen, wenn
konnten einzelne häufig nicht mehr alleine Marktplätzen muss sich also etwas anderes Lagerbestände sinken, ein Produktionszyklus
tragen und so entstanden Gemeinschaften, verbergen, als das Bild der Marktschreier auf geplant ist oder Bestelleingänge zunehmen.
welche das Risiko gemeinsam tragen – die einer griechischen Agora. Werden Bestellungen nicht automatisch
ersten Versicherungen entstanden. All dies durch Planungssysteme erzeugt, so erlauben
fand in einem kleinen Kaffeehaus – aber ei- Beschaffen oder Einkaufen? E-Procurement Systeme eine dezentrale elek-
nem riesigen Marktplatz – seinen Anfang. Im Handel zwischen Unternehmen erleben tronische Beschaffung durch die Mitarbeiter
Der Gedanke des Marktplatzes - einem Ort, wir zwei, in ihrer Natur sehr unterschiedliche eines Unternehmens. Diese flexibilisieren und
an dem Käufer, Verkäufer, Händler und Prozesse: Die strategische Beschaffung und vereinfachen die Bestellprozesse, stellen aber
Dienstleister zusammenkommen - legte die der operative Einkauf. gleichzeitig sicher, dass trotzdem alle not-
Grundlage für den Begriff des E-Marketplace. Bei der strategischen Beschaffung werden wendigen Informationen in den Finanz- und
Eine Analogie, welche auf sehr abstrakter Anbieter und deren Leistung verglichen. Die- Planungssystemen zur Verfügung stehen.
Ebene durchaus ihre Gültigkeit hat. Auch auf se Leistungen gehen weit über das reine Pro- Ausserdem stellen E-Procurement Applikati-
elektronischen Marktplätzen treffen sich im duktangebot und dessen Preis hinaus. Das onen das Interface zum Menschen her und
metaphorischen Sinne die Teilnehmer des Wissen über den Beschaffungsmarkt und eine binden diesen in die Bestellprozesse ein.
Handels. Geht es aber um eine konkretere saubere Spezifikation der Bedürfnisse sind Workflows können definiert und Produktin-
Vorstellung über die Rolle der elektronischen entscheidend. Elektronische Marktplätze formationen werden nicht nur als rohe
Marktplätze, so finden wir sehr unterschiedli- können dabei zum Teil im Bereich der Infor- Artikelstämme, sondern in benutzerfreundli-
che Interpretationen. Nicht zuletzt deshalb mationsbeschaffung unterstützen. Das aber chen Katalogstrukturen präsentiert.
wurde fast jedes zweite Internet Venture der wohl wichtigste Element ist die Durchfüh- Die Krux in der Geschichte liegt aber an
letzten Jahre im einen oder anderen Zusam- rung von elektronischen Ausschreibungen den Unternehmensgrenzen und damit an den
menhang als Marktplatz bezeichnet. Phil und “reverse Auctions”. Das heisst, dass in ei- Grenzen des Einflusses der eigenen Informa-
Evans von der Boston Consulting Group ging ner elektronischen Auktion derjenige Anbie- tiksysteme.
1998 sogar soweit, dass er das Internet selbst ter den Zuschlag erhält, welcher das beste An-
als die Agora – also den Marktplatz überhaupt gebot (was bei weitem nicht immer nur Evergreen statt Internet
– des 21. Jahrhunderts bezeichnet hat. Als Vi- preisgetrieben ist) unterbreitet. Dies geschieht Mögen unternehmensinterne Prozesse
sion durchaus richtig, im Alltag des täglichen online und real-time – ohne Austausch von schon hoch optimiert und von Informatiksys-
Geschäftes aber nicht geeignet, um die Rolle Papier oder physischer Präsenz der Beteilig- temen unterstützt sein, so finden wir an der
und Funktionalität von elektronischen Markt- ten in vielen zähen Verhandlungsrunden. Die Unternehmensgrenze ein ganz anderes Bild.
plätzen einzuordnen. Was Phil Evans aber für eine elektronische Auktion notwendigen Per Telefon, Brief, Fax oder bestenfalls e-mail
richtig beschrieben hat, ist die Tatsache, dass Applikationen werden von spezialisierten wird bestellt. Die Lieferanten müssen die ein-
die mit Hilfe der elektronischen Kommunika- Unternehmen betrieben – zum Beispiel gehenden Daten in ihrer Auftragsverwaltung
tion und dem Internet eine Trennung von phy- “Marktplätzen”. Bieter und Käufer nutzen erfassen und stellen Rechnung – wiederum
sischen Gütern und Information stattfindet. diese Dienstleistung und brauchen selbst kei- auf Papier. Dass diese Rechnungen häufig am
Marktplätze im klassischen Sinne hatten ihren ne aufwendige Infrastruktur, sondern nur ei- falschen Ort im Unternehmen ankommen, er-
Ursprung darin, dass Information immer an nen PC mit Internet-Zugang. neut manuell erfasst (häufig nicht nur einmal)
ein physisches Produkt oder Transportmedi- Eine wesentlich gewichtigere Rolle nimmt und verarbeitet werden müssen, kennen wir
um gekoppelt war und deshalb Wissen nie- der Marktplatz aber im operativen Einkauf alle aus eigener Erfahrung.
mals jedermann gleichzeitig - unabhängig bzw. in der Auftragsabwicklung ein. Dieser Das Problem ist nicht neu. Bereits in den
von dessen Aufenthaltsort - zugänglich ge- ist dadurch charakterisiert, dass alle strategi- 70er Jahren wurde erkannt, dass ein elektroni-
macht werden konnte. Um Informationskong- schen Beschaffungsentscheide gefällt sind, scher Austausch von Informationen nicht an
ruenz zu erreichen, mussten sich Menschen und nur die richtigen Produkte, zur richtigen Unternehmensgrenzen halt machen sollte.

46 INFORMATIK • INFORMATIQUE 2/2002


SwissICT

EDI (Electronic Data Interchange) war das dass jeder Handelspartner Informationen (al- Fazit
Schlagwort. Als Transportmechanismen wur- so strukturierte Daten) in der Form erhält, Der Begriff e-marketplace ist insofern pas-
den X.25 und X.400 eingesetzt. Im EDIFACT welche seine IT Systeme verstehen. Er stellt send, als tatsächlich Anbieter, Käufer und de-
Standard wurden die wichtigsten Ge- sicher, dass Daten wirklich end-to-end ausge- ren Partner wie Finanzdienstleister oder Lo-
schäftsvorfälle und die dazugehörigen Daten- tauscht werden und nicht irgendwo im Inter- gistikunternehmen zusammengebracht
strukturen definiert. Insbesondere in der pro- net verloren gehen. Auch erlaubt er auf Si- werden. Die Aufgabe, die der E-Marketplace
duzierenden Industrie und im Detailhandel cherheitsanforderungen einzelner übernimmt ist aber viel weniger farbig und
wurden damit Lieferketten optimiert. Trotz Unternehmen einzugehen, ohne dass davon schillernd, als die Metapher vielleicht vermu-
vermeintlicher Standards sind viele dieser die anderen Handelspartner unmittelbar be- ten lässt. Es sind nämlich vielmehr IT-Syste-
Systeme sehr proprietär und ermöglichen ein- troffen sind. Dies reicht von speziellen Konfi- me, die zusammengebracht, Datenstrukturen
zig eine Punkt zu Punkt Verbindung zwischen gurationen der Firewalls, über die Verschlüs- die übersetzt und Prozesse die gesteuert und
zwei Unternehmen. Die Implementations- selung von Daten bis hin zum Aufbau eines überwacht werden. Der Traum des völlig
und Integrationskosten sind relativ hoch und virtual private networks. Der e-marketplace transparenten Informationsaustausches ist
fallen für jede zusätzliche Handelsbeziehung ist dafür besorgt, dass nicht jeder Verkäufer trotz des Internets noch nicht wahr geworden,
erneut an. Ausserdem hat sich gezeigt, dass mit jedem Käufer langwierige Integrations- EDIFACT ist nicht tot und XML ist nicht das
trotz aller Bemühungen um Standards, die projekte durchführen muss, im Laufe derer Esperanto der strukturierten Datenkommuni-
Bedürfnisse von Industrien und einzelnen Un- man sich auf gemeinsame Prozesse, Daten- kation. Nicht zuletzt deshalb positioniert sich
ternehmen zu heterogen sind, als dass eine formate und IT Systeme einigen muss. zum Beispiel Conextrade heute mehr als Brü-
Lösung für alle passen würde. Als zentraler “Hub” reduziert ein elektroni- ckenbauer zwischen Unternehmen denn als
Nun stellt sich die Frage ob nicht eben dank scher Marktplatz also die Komplexität bishe- Marktplatz. Die darunter liegenden Konzepte,
des Internets all diese Schwierigkeiten über- riger Handelsnetze entscheidend. Jeder Teil- Technologien und Architekturen sind für den
wunden sind und wir problemlos mit jedem nehmer stellt nur noch eine Verbindung, Anwender letztendlich nicht entscheidend –
unserer Handelspartner kommunizieren kön- nämlich diejenige zum Marktplatz her. Für dafür ist der Marktplatz verantwortlich. Ent-
nen. Die Antwort ist ja und nein. Ja deshalb, die Weiterleitung sind die Architekten oder scheidend ist das eigentliche Ergebnis: Inseln,
weil wir alle mit dem Internet verbunden sind Betreiber der Marktplätze verantwortlich. welche bisher nur schwierig zu erreichen wa-
und dieses uns erlaubt, Dokumente und Daten Der elektronische Marktplatz bereitet Da- ren (die IT Systeme und Prozesse der Unter-
standardisiert auszutauschen. ten und Informationen für jeden Teilnehmer nehmen) finden nun Zugang zum Strassen-
Nein deshalb, weil eben nur der Daten- in der von ihm gewünschten Form auf. Dies netz des elektronischen Handels. Wir alle
transport standardisiert ist. Nicht aber die gilt sowohl für einmalige Ereignisse, wie das haben dann vielleicht wieder etwas mehr Zeit
Struktur der Daten. Dass jedes Unternehmen Aufbauen und Strukturieren von Katalogen, für das Kaffeehaus.
für sich wiederum spezielle Bedürfnisse hat, als auch für transaktionsorientierten Daten- Dieser Artikel wurde erstmalig in der Son-
und dass Prozesse zwischen Unternehmen austausch wie etwa Bestellabwicklungen und derbeilage der NZZ vom 05.2.2002 veröffent-
noch viel weniger standardisiert sind leuchtet Zahlungen. Aus One-to-One-werden folglich licht.
ein. Genau hier kommt der B2B e-market- so many (Kunde/Anbieter)-to-one (Markt- Dr. Thomas C. Flatt
place ins Spiel. platz)-to-many (Anbieter/Kunde)-Beziehun- CEO der Swisscom-Tochter Conextrade
gen, welche die Kosten für alle Beteiligten re- und Vorstandsmitglied SwissICT
Der Marktpatz als “Hub” duzieren.
Seine Aufgabe ist es, zwischen Anbietern
und Käufern zu vermitteln. Er stellt sicher,

Assessing Readiness for (Software) Process Improvement


Hans Sassenburg

There has been an increasing interest in the application of models and standards to support quality assurance in the software industry. The grow-
ing familiarity with the Capability Maturity Model has led in recent years to large scale Software Process Improvement programs. Positive re-
sults are being achieved, but the majority of the improvement programs unfortunately die a silent death. Large investments are lost and the mo-
tivation of those involved is severely tested. Case studies have revealed a number of critical factors, which determine the success or failure of
(Software) Process Improvement programs. Instead of evaluating these critical success factors only once at the start of (Software) Process Im-
provement programs, it is recommended to assess them periodically throughout the entire lead-time of (Software) Process Improvement pro-
grams. By regularly determining where weak points exist or may be imminent and by paying attention to these weak points in time, the probability
of (S)PI programs succeeding can be substantially increased. Experiences so far in applying this method may be described as encouraging.

SPI Experiences everyday practice are discussed, each contain- Case A: “Solving Today’s Problems First”
Working as external consultants, we have ing a description of the following points: The first case relates to an internationally
acquired a great deal of experience in various • the establishment of the SPI program,; operating industrial company. The R&D
European organisations in recent years. In this • the most important factors for the success department has a matrix structure within
respect we have encountered many badly or failure of the SPI program; which multidisciplinary projects are carried
planned implementations of SPI programs, • the extent to which the SPI program will out. Over 250 software engineers work in the
but also some good ones. Three cases from ultimately lead to structural improvements. software department. At the end of 1999 our

INFORMATIK • INFORMATIQUE 2/2002 47


SwissICT

firm was called in to carry out a CMM assess- to achieve improvements in accordance frequent self-assessments, as a result of
ment. The study was commissioned by the with the CMM. which the organisation is taught to make
head of the software department but it was • A separate group – the Software Engineer- strength/weakness analyses itself and to de-
found that most of the problems encountered ing Process Group – was appointed to co- tect and eliminate bottlenecks.
were much more general in nature: unclear ordinate the SPI program. Unfortunately, in • A number of people are released on a full-
and unstable system specifications, no struc- practice, there was only one person work- time basis to co-ordinate the SPI activities
tured project approach and little attention to ing full-time for the whole R&D depart- and everyone involved is regularly sent on
the quality of the process and the product. Our ment. training courses to acquire the necessary
findings and recommendations were present- • People were not sufficiently involved in new knowledge.
ed to the Board and the management team. determining the bottlenecks and in thinking The active role of management, the organi-
The findings were accepted, but we were about improvements. Proposals for im- sation around the SPI program, the release
asked for proof that the recommendations provements were mainly written by exter- and training of people and the extensive
made would rapidly (read: today) lead to suc- nal consultants and after a short discussion provision of information are very clear factors
cess. The report disappeared into a filing cab- with a number of key figures were made for success. Nevertheless, the continuity of
inet – unused. The failure factors here were: compulsory for the entire organisation. the program is in danger. As yet, the organisa-
• Senior management did not realise the stra- Although the organisation is making sub- tion has not succeeded in quantifying goals
tegic importance and the added value of stantial progress, there may be some doubt and results and bringing them into line with
software in the product. They were only about the long-term return on the capital and the overall business objectives. As a result,
surprised that software always creates effort invested in the project. The primary aim people get bogged down in aiming at wrong
problems and arrives too late. is to eliminate all the findings of the assess- goals such as “achieving CMM level 2", so
• The organisation deliberately avoids pursu- ment as quickly as possible at the lowest that the high investments cannot be justified.
ing a long-term business strategy because possible cost in order to score within the
people believe it is impossible to forecast company. The organisation is also seizing Derived Critical Success Factors
how the market will develop in the coming every other opportunity to distinguish itself Now, what can be learned from these case
years. positively in the market and within the com- studies? It may be concluded that the success
• There is no willingness to invest in structur- pany as a whole, so that many people are of the improvement programs is not guaran-
al improvements of business processes: becoming snowed under with extra activities. teed in any of the three situations discussed.
“formalisation will lead to bureaucracy and Over-working people in this way may prove In fact, sustainment is very doubtful. And we
this hampers the necessary creativity”. counter-productive in the long term. believe that the practical situations outlined
The lack of success in starting an improve- may be said to be representative of the aver-
ment program can in this case be attributed to Case C: “Increasing Maturity as Objec- age situation in many other organisations. It is
senior management failing in its role. tive” further evident that the critical success factors
The third case study concerns an organisa- may be regarded as important in every im-
Case B: “Quick Results” tion operating independently within a larger provement program to be started. Conversely,
The second case study concerns a branch of company. Various product programs are failure factors must be eliminated. So what
an internationally operating company. Over developed in different groups. In total, there exactly are the critical factors for success? A
200 software engineers work in the R&D are almost 100 software engineers. Stimulat- more detail analysis of the case studies
department, allocated to projects in which ed by strategic statements at the highest level discussed, as well as other practical experi-
software is by far the predominant discipline. in the company, the organisation started a ences, results in the following overview.
A CMM assessment was carried out in 2000, Software Process Improvement program in
after which we were asked to offer support in co-operation with our consulting. Senior Role of Management
specific improvement areas in the form of management recognises the added value of The role of management is crucial in
consulting and workshops. The success and software in the various products and creates improvement programs. An understanding of
failure factors were: the preconditions in which structural im- the need for improvement must be translated
• Management appeared to be aware of the provements are possible. In addition to the into a clear business strategy from which
importance of software in the various prod- crucial role of management, there are other concrete goals for improvements must be
ucts and released both capacity and money success factors: derived. Management undertakes to create the
• A steering committee, consisting of senior necessary room for investments and plays an
management, line active role in the introduction and further
management and SPI implementation of the improvement program.
Evaluation Dimensions co-ordinators, has • Awareness
Score been appointed with- Senior and line management are aware of
Approach Deployment Results
in which progress is the need for improvement. Strength/weak-
0 - Poor No awareness None Ineffective
discussed every quar- ness analyses have shown what the organi-
1 - Weak Recognition Limited Spotty results
ter. The SPI co-ordi- sation’s position is in the external market as
2 - Fair Some commitment Inconsistent Intuitive results nators play a facilita- well as the efficiency of the internal man-
3 - Marginal Support Deployed Measurable results tory role and line agement of the business.
4 - Qualified Total commitment Consistent Positive results management reports •Business Strategy
5 - Outstanding Leadership Pervasive Expectations exceeded on progress. The organisation has formulated a clear
• Formal assessments long-term strategy indicating where it aims
on a two-yearly basis to be within a number of years. Concrete,
Table 1: Score matrix
alternate with more quantified and measurable goals for im-

48 INFORMATIK • INFORMATIQUE 2/2002


SwissICT

provement have been derived


from this long-term strategy. CSF - Kiviat
• Commitment
Management plays a leading, ac-
tive role in the further develop- A wareness
ment of the business strategy. 4
The necessary space for drawing Successes B usiness Strategy
3
up, introducing and implement-
ing an improvement program is Communication 2 Commitment
created so that it is clearly visible
1
for the whole organisation. The
management continues to play a Progress Reporting 0 Steering Committee Jan 01
leading and active role through-
out the implementation.
Deployment P rogress Reviews
Project Organisation
Improvement programs do not Training and Tools A ssessments
become successful simply by get-
Assignments
ting off to a good start. A project
team with members drawn from all
levels of the organisation must be
formed to monitor progress, revise Figure 1: Example evaluation results
priorities if necessary and perform
interim measurements (or have
these performed).
• Steering Committee ment program. The ‘champions’ will be Everyone participates as far as possible in
The project team, or steering committee, released or will have to be recruited. Another thinking about possible initiatives, investi-
consists of representatives of senior man- way of thinking and working often results in gating bottlenecks and formulating im-
agement, line management and the appro- the need to train people or provide support by proved working procedures. The responsi-
priate co-ordinator(s). Where possible, means of tools. Resistance can be removed by bility for these activities is placed at the
representatives of other parts of the organi- involving people as actively as possible in the lowest possible level of the organisation.
sation are also involved as listeners or improvement program.
advisers. • Assignments Information Sharing
• Progress Reviews The knowledge, experience and skills Improvement programs require invest-
Progress discussions are arranged at regular required by co-ordinators are carefully ments on the part of the management and the
intervals – e.g. every quarter – by the co- mapped out. On the basis of these profiles motivation of everyone involved. Progress
ordinator(s). During these discussions, internal staff are released and/or external must be regularly reported to all concerned.
which are chaired by the senior manage- consultants are recruited. They are regarded All other information which contributes to
ment, every line manager reports on the as ‘champions’ and facilitators who support better understanding and motivation should
progress achieved with respect to the plan, the organisation in deciding on and imple- be communicated by means of the available
the expected progress in the coming period menting improvements: they are therefore resources. The successes achieved both inter-
and problems and risks, which have been not responsible for these. They win respect nally and externally should be brought to
identified. Senior management ensures that on the basis of their achievements in the everyone’s attention.
the quantified goals are actually achieved past. • Progress Reporting
and adopts a pro-active attitude in solving • Training and Tools The improvement program is launched
identified problems and eliminating risks. The co-ordinators of improvement pro- during a specially convened meeting,
• Assessments grams are confronted with resistance at all attended by everyone involved. Senior
Assessments are made at various points in levels of the organisation. If necessary, they management shows its commitment by
the improvement process. Formal assess- are trained in change management, together explaining the need for improvement.
ments, carried out by external experts, are with any other persons involved. The These interactive meetings are repeated
used to establish independently how far an changes in the organisation may possibly periodically to report on progress and both
organisation has progressed and where the lead to changes in the content of the work senior management and line management
priorities for improvement lie. Self-assess- or to work being distributed differently. are actively present.
ments are made between times so that the Possible training requirements are identi- • Communication
organisation learns to perform strength/ fied in good time and space is created for Communication media such as notice/bul-
weakness analyses itself and to identify following the necessary training courses. letin boards and newsletters are available
bottlenecks and take remedial initiatives. The extent to which certain tools can be and are known to everyone in order to sup-
used to support changes is also looked at. port the required exchange of information.
Resource Management • Deployment Their use is encouraged, but care is taken to
Improvement means change and will en- All the parties concerned at the various ensure that the organisation is not swamped
counter resistance. A crucial role is then re- levels of the organisation are actively with information. Communication is not
served for the co-ordinator(s) of the improve- involved in the improvement program.

INFORMATIK • INFORMATIQUE 2/2002 49


SwissICT

restricted to one’s own organisation: exter- • Approach • Senior management initially appears to be
nal publicity is deliberately sought. Criteria are the organisation’s commitment achieving much more positive scores than
• Successes to and management’s support for the line management and the people on the
Demonstrable successes, resulting directly success factor, as well as the organisation’s shop floor, which is leading to extensive
from the improvement program and in line ability to implement the success factor. discussions. The result is that everyone has
with the overarching business strategy, are • Deployment a better understanding of each other’s situ-
regularly achieved. These successes are Criteria are the breadth and consistency of ation.
brought clearly to the organisation’s atten- success factor implementation across the • In all cases, bottlenecks in the current
tion. Wherever it appears useful, external organisation. improvement processes are revealed more
organisations are invited to come along and • Results quickly. This has led to extra actions, a de-
tell their success stories so that the organi- Criteria are the breadth and consistency of velopment which is felt to be both positive
sation itself can learn from these and people positive results over time and across the and motivating by everyone involved.
are further motivated. organisation. • The method has proved to be easy to adapt
to the specific wishes of an organisation
Method to Periodically Assess the Critical Guidelines for evaluation are given in Table and is more generally applicable in any
Success Factors 1. randomly selected improvement processes.
The theorist might possibly conclude that The score for each success factor is the Success factors can be added, adjusted or
every improvement program to be started average of the three separate scores for each omitted as required.
should incorporate these success factors as dimension. The scores are collected by the On the basis of the above results all the par-
preconditions. The pragmatist, however, will SPI co-ordinator and presented during the ticipating organisations have reported that the
realize that this ideal image can never be Progress Reviews. The scores are discussed probability of the improvement processes
achieved and will look to see how this list of and compared with the required status as ultimately succeeding has increased. This has
success factors can be used as an instrument determined earlier. If the score of a success given us confidence to start developing the
in successfully starting and sustaining an im- factor is below this actions are defined for method further. It is expected that an evalua-
provement program. A number of organisa- improving the score in the next quarter. Figure tion in the near future will result in a definitive
tions in which we are working has been asked 1 gives an example of a practical situation. set of success factors and a more finely tuned
to evaluate this list of success factors every The Kiviat-plot presents the evaluation results definition.
quarter during the progress reviews. By way for January 1996.
of preparation for these periodic reviews, all Author
concerned (i.e. members of the steering com- Preliminary Results and Experiences Ir. J. A. Sassenburg is managing director of
mittee) evaluate the success factors independ- Five organisations were asked to try out the SE-CURE AG. In this position he advises and
ently of each other by assigning a score. The method. Three organisations ultimately supports companies in setting up, introducing
score is determined by evaluating three sepa- agreed to co-operate in doing this. In the other and guiding the implementation of extensive
rate dimensions (based on the CMM self- two organisations senior management refused improvement programs. He is also guest-lec-
assessment method as used in Motorola1): to co-operate: they were not convinced of the turer at the Berne University and chairman of
possible benefits. The three trials started on the Swiss SPI network SPItze.
1. See: “Achieving higher SEI levels”, Michael January 1995. The provisional results may be
K. Daskalantonalis, Motorola, IEEE Software, described as encouraging:
July 1994

Software Process Improvement: the new ‘silver bullet’?


Hans Sassenburg

Introduction sition of certificates have often cost a great ded software’ – software incorporated into
From the end of the eighties onwards it deal of time and money, but has seldom led to products such as television, audio, telephone,
became clear that the use of information tech- the desired result. Managers are often com- medical and telecommunications equipment –
nology tools in our society would expand pletely at a loss and ask themselves how these will increase sharply in the coming years. A
enormously. This trend is characterised, problems can be solved. In recent years an growth from 10 to 40 billion dollars in
among other things, by revolutionary devel- increasing interest in improving the software Europe, say the forecasts. Observable trends:
opments in the software industry. But the development process has been observable: • A substantial growth in the use and com-
problems experienced in the management of Software Process Improvement. This article plexity of software in products and as
projects are becoming progressively greater. deals with the question of the extent to which stand-alone products.
Budgets are substantially exceeded, delivery this attention to the process alone is sufficient, • More demand for open systems with stand-
times are not met, the ultimate product does together with an explanation based on a ardised interfaces, so that link-ups can be
not satisfy expectations and, in addition, it practical example. made to other (standard) products.
contains many defects. In the past, numerous • Greater importance of hierarchical and
‘silver bullet’ solutions have been put forward The software crisis robust architectures, aimed at future adap-
to cope with the problems outlined. The use of Tumultuous developments are taking place tations and expansions.
advanced methods/techniques and the acqui- in the software industry. Turnover in ‘embed-

50 INFORMATIK • INFORMATIQUE 2/2002


SwissICT

• Ever-larger and more highly qualified processes, which play a part in software Other possible solutions
development teams, working on a geo- development for the whole organisation. This The Software Process Improvement con-
graphically scattered basis. idea is beginning to be more and more widely cept and the Capability Maturity Model as a
• The availability of progressively newer accepted and is known as: Software Process reference framework are rapidly gaining in
techniques. Improvement. popularity. Numerous organisations are tak-
• An increasingly higher investment level for In 1986 the Software Engineering Institute ing this process approach on board and regard
the development of new products. (Pittsburg/USA) – at that time headed by it as the latest ‘silver bullet’ solution. Is this
• A strong growth in subcontracting projects Watts S. Humphrey – started developing a euphoria justified? A comparison with a com-
to specialised companies (both within the ‘process maturity framework’ to help organi- pletely different discipline may possibly
Western Europe and also to low wage coun- sations improve their software development prove instructive: the construction world.
tries). processes. This was prompted by a request • Control parameters
Running counter to these trends, within from the American government (Ministry of A number of control parameters can be
both companies and government organisa- Defense) to supply a method for assessing distinguished in the construction world
tions there is unrelenting pressure aimed at: suppliers with regard to their ability to imple- which may be regarded as important for the
• Shortening project lead times, so that prod- ment software projects effectively. After years successful completion of a building project:
ucts can be introduced to the market faster. of experience with this framework, based on the quality of the construction plan, includ-
• Increasing productivity by operating more investigations carried out in many companies, ing working agreements, the availability of
efficiently. this led in 1991 to the release of the Capability the necessary tradesmen and the availabili-
• Improving customer-satisfaction by fulfill- Maturity Model. The CMM distinguishes be- ty of the right tools. A comparison with the
ing prior agreements in which functionali- tween five levels of maturity which an organ- software industry is given below.
ty, quality, costs and delivery times are laid isation may have reached. This stratified
down as precisely as possible. structure is based on ideas of such quality Construction world Software industry
• Anchoring activities in the organisation in gurus as Deming, Juran and, particularly, Construction plan, incl.
Development processes
order to search continually for and imple- Crosby (‘Maturity Grid’). Working agreements
ment improvements: the self-teaching Tradesmen Training, experience, skills
organisation (TQM). SPI in Europe Tools Technology
The areas of conflicting interests, which In our consulting work we increasingly
have thus arisen, are not new. Numerous come across companies which embrace the All the control parameters are important,
attempts have already been made in the past to SPI concept and use the CMM as a reference both in the construction world and in the
find an appropriate answer. Among other framework for improving their software capa- software industry. Placing too much em-
things, this was sought in the use of advanced bility. At the start of the nineties, this was still phasis on only one of the parameters is too
methods and techniques. The results were dis- confined to larger, internationally operating one-sided and will result in sub-optimisa-
appointing, however. At the end of the eight- companies which were active in extensive tion. After all, what good are excellent
ies excessive attention suddenly emerged for embedded software projects. Many millions tradesmen if the construction plan displays
the IS-9001 standard, together with the apper- of guilders were invested in extensive im- too many defects? What is the point of the
taining ISO/9000-3 directive. Many organisa- provement programmes. Slowly but surely most modern tools if there are no well-
tions have attempted to obtain certification as attractive results are now beginning to be- trained specialists available to use them?
quickly as possible. This has often become an come visible. Don’t forget: here it is a ques- Proposition 1: “All the control parameters
end in itself and that certificate is mainly used tion of invest first, earn later. Following the must be in balance with each other.”
as a commercial visiting card. As such, these example of these organisations, the SPI con- • Requirements
certificates have made scarcely any contribu- cept gradually also found application in Secondly, one may ask oneself which
tion to achieving a structural improvement in smaller organisations, but still in the area of requirements must be met by the various
the management of projects. So what is the ‘embedded software’. Since 1995, however, control parameters. Does it make sense to
answer? we have seen a change taking place. The impose the same requirements on the
entire banking and insurance business is construction plan, the tradesmen and the
Process approach paying great attention to SPI and major im- tools for building a garage as for building a
Even in undisciplined organisations one provement programmes will start up have new tunnel? Of course not.
occasionally comes across projects which started up since. It is, of course, interesting to Proposition 2: “The ultimate requirements
have worked extremely successfully. The see that the problems in this business are iden- at the level of the control parameters are
success of such projects, however, is general- tical to those in the technical field. Our expe- determined by the characteristics of the
ly attributable to the heroic efforts made by a rience in numerous organisations shows that product to be realised.”
project team instead of following a disci- the software industry in Europe is in no way By analogy, in the software industry it may
plined procedure laid down for the organisa- inferior to that in other parts of the world. It be said that aiming uncritically to achieve
tion, and therefore applying to every project. turns out that over 90% of the organisations the highest CMM level is not useful for eve-
Because of the absence of a clearly estab- known to us are in the bottom regions of the ry organisation.
lished process, future results depend entirely CMM. We only come across more mature • Priorities
on the availability of these same people for a organisations occasionally, and these are Now let’s assume that the level of all the
subsequent project. If success depends on the generally small development departments in various control parameters is not in accord-
availability of people, this cannot constitute small organisations. ance with the characteristics of the product
the basis for long-term continuity and to be realised. Which control parameter
improvement. That can only be achieved by should then take priority? In the software
establishing and continually improving those industry at present it is said that attention to

INFORMATIK • INFORMATIQUE 2/2002 51


SwissICT

the process should take priority. But is this Before they start, a kick-off presentation is teristics of the type of product mean that the
really true? Would you give preference to a given to all those directly involved. A control parameters must at least be at level 3.
good carpenter with a bad hammer or a crucial role is reserved for the client in It was found, however, that the ‘People’
poor carpenter with a good hammer? convincing all those concerned of the need dimension and the ‘Process’ dimension
Proposition 3: “People constitute the most for the investigation by pointing out the (CMM level 1) fell short in this respect. It
important control parameter in every main business objectives. Next, the inter- proved that the so-called software developers
discipline”. views are held. These are strictly confiden- had little or no training in information tech-
Opting for good tradesmen will prove to be tial and open in nature. For this reason it is nology. Their backgrounds varied from biolo-
the most justified choice in every case. preferable not to allow the client to be gy to electrical engineering. The development
When it comes to making a choice in the present at the interviews unless otherwise process we encountered had not been laid
software industry, it is therefore probably explicitly agreed. On average an interview down, which resulted in unrealistic planning,
advisable to invest in recruiting and main- lasts for 1.5 hours. unclear working agreements and an ad-hoc
taining qualified staff in addition to improv- • Analysis (lead time 2-4 days) approach to work. On the basis of the recom-
ing the development process or buying the The information collected during the im- mendations made it was then decided to start
latest technology. plementation phase is analysed in this three improvement processes:
phase. Firstly, on the basis of the character- • Recruiting some experienced information
Assessments istics of the product it is decided what technologists;
Over the last ten years we have increasingly requirements would have to be satisfied by • Setting up a training program for the
come into contact with organisations which the control parameters ‘People’, ‘Technolo- present development engineers;
want to use SPI and CMM. The questions gy’ and ‘Process’ both in the present situa- • Improving the software development
most frequently put to our consultants are: tion and within three to five years. After process.
• How much does a CMM assessment cost? that, the maturity level of each control Despite the high investment level required
• How do we reach the next CMM level as parameter is determined on a scale of 1 to 5. for this the company is now in a much better
quickly as possible? The CMM is used as a reference here for position to plan new projects in terms of
On the basis of the propositions above, ‘Process’. The risks, conclusions and budgeting and lead times and the quality of
caution is advisable. In every organisation recommendations are then drawn up. All the end products is increasing. The number of
that asks us these questions we try to show this information is recorded in a report. The complaints reported by customers has de-
that: recommendations are generally long-term creased by a factor of 4, despite a doubling of
• In addition to attention for the dimension in nature, varying from one to two years. the installed base.
‘Process’, attention to other control param- • Reporting (lead time 1 day)
eters is desirable, namely ‘People’ and In this phase the report is discussed with the Conclusion
‘Technology’ client. First, there is a discussion with the This article has dealt with the increasing
• It will be necessary to identify the charac- client himself and later a presentation is attention being paid to improving the software
teristics of the present and future products given to all the persons interviewed, as well development process. In Europe, we see an
(’Product’) in order to be able to decide as others concerned and interested parties. explosive growth in this interest, particularly
what requirements must be met by the Once again, a crucial role is reserved here in the banking and insurance business. By
various control parameters. for the client in promising everyone making an extrapolation to the construction
Only then can a sensible strength/weakness involved that the recommendations made world, however, an attempt has been made to
analysis of an organisation be made. In every will actually be followed up in practice. show that attention to other control parame-
case we have found that organisations appre- • Follow-up (lead time 1 year) ters is also important. Recruiting qualified and
ciate this expansion of scope and that, in The last phase of an assessment is also the experienced staff and keeping them motivated
particular, the management is delighted with most important phase. On the basis of the probably deserves even higher priority and is
this. That is particularly because an attempt is recommendations made, the client will at present an extremely difficult issue, given
also made to find out what over-arching busi- have to decide how an improvement the tightness of the present labour market. In
ness objectives are eventually aimed at. process can be initiated and what resources addition, intelligent use should be made of the
Recommendations resulting from an assess- will have to be made available for this available technology as a support in the devel-
ment should be brought into line with each purpose. opment process. The challenge will lie in
other as far as possible here. managing to find the correct balance between
An assessment generally proceeds as Practical example these different control parameters in relation
follows: In 1999 we carried out an assessment in a to the type of product being developed. In that
• Preparation (lead time 2-4 weeks) company which specialises in automation sense, SPI therefore cannot and must not be
In this phase the organisation to be investi- applications in the petrochemical processing described as the ‘silver bullet’ solution. That
gated is studied on the basis of an organisa- industry: depot monitoring, data acquisition, does not exist.
tion description, the available manuals and process control and trend analyses. First we
some intake interviews. Next, the scope of were asked to analyse a project which had Author:
the research is determined in consultation gone off the rails and to help it to get back on Hans Sassenburg is Managing Director of
with the client by selecting a number of course as quickly as possible. By mutual SE-CURE AG (www.se-cure.ch). SE-CURE
representative projects. The persons to be agreement, however, it was decided to make AG is a training and consulting firm in the
interviewed during the implementation an assessment covering several projects in field of Software Process Improvement and
phase are then selected. order to try to analyse the ‘capability’ of the Software Architecture. He is a guest lecturer
• Implementation (lead time 2-4 days) entire software development department. The at the University of Berne (hsassenburg@se-
The interviews are held during this phase. results are presented in figure 1. The charac- cure.ch).

52 INFORMATIK • INFORMATIQUE 2/2002