|
The software industry is diverse and volatile. All methodologies for creating software have supporters
and critics, and the CMM is no exception.
Praise
- The CMM was developed to give Defense organizations a yardstick to assess and describe the
capability of software contractors to provide software on time, within budget, and to acceptable
standards. It has arguably been successful in this role, even reputedly causing some software
sales people to clamour for their organizations' software engineers/developers to "implement
CMM."
- The CMM is intended to enable an assessment of an organization's maturity for software
development. It is an important tool for outsourcing and exporting software development work.
Economic development agencies in India, Brazil, Ireland, Egypt, Syria, and elsewhere have
praised the CMM for enabling them to be able to compete for US outsourcing contracts on an
even footing.
- The CMM provides a good framework for organizational improvement. It allows companies to
prioritize their process improvement initiatives.
Criticism
- CMM has failed to take over the world. It's hard to tell exactly how wide spread it is as the SEI
only publishes the names and achieved levels of compliance of companies that have requested
this information to be listed. The most current Maturity Profile for CMMI is available online.
- CMM is well suited for bureaucratic organizations such as government agencies, large
corporations and regulated monopolies. If the organizations deploying CMM are large enough,
they may employ a team of CMM auditors reporting their results directly to the executive level.
(A practice encouraged by SEI.) The use of auditors and executive reports may influence the
entire IT organization to focus on perfectly completed forms rather than application
development, client needs or the marketplace. If the project is driven by a due date, CMMs
intensive reliance on process and forms may become a hindrance to meeting the due date in
cases where time to market with some kind of product is more important than achieving high
quality and functionality of the product.
- Suggestions of scientifically managing the software process with metrics only occur beyond the
Fourth level. There is little validation of the processes cost savings to business other than a
vague reference to empirical evidence. It is expected that a large body of evidence would show
that adding all the business overhead demanded by CMM somehow reduces IT headcount,
business cost, and time to market without sacrificing client needs.
- No external body actually certifies a software development center as being CMM compliant. It
is supposed to be an honest self-assessment. Some organizations misrepresent the scope of
their CMM compliance to suggest that it applies to their entire organization rather than a
specific project or business unit.
- The CMM does not describe how to create an effective software development organization. The
CMM contains behaviors or best practices that successful projects have demonstrated. Being
CMM compliant is not a guarantee that a project will be successful, however being compliant
can increase a project's chances of being successful.
- The CMM can seem to be overly bureaucratic, promoting process over substance. For example,
for emphasizing predictability over service provided to end users. More commercially
successful methodologies (for example, the Rational Unified Process) have focused not on the
capability of the organization to produce software to satisfy some other organization or a
collectively-produced specification, but on the capability of organizations to satisfy specific end
user "use cases" as per the Object Management Group's UML (Unified Modeling Language)
approach.
- From the systemic perspective, the CMM(I) represents a (n+1) classical engineering approach
which does not take under consideration numerous human cognitive, organizational and
cultural factors, essential for the success of every projects, see also socio-cognitive engineering
viewpoint. On the other hand, a process design is strongly connected with the process carrier
systems and their requested functions and goals, these clear computational relations are
especially important for the validation of the results of the CMM(I) applications. It seems, the
CMM(I) requires yet a solid theoretical ontological and epistemological background in order to
be a trustworthy standard, for an example only, the arbitrary initial choice of the levels and Key
Process Areas are not sufficiently motivated.
- Critical analysis of CMM has been published in at least two papers. Bach raises questions about
the validity of CMM's assertions regarding what constitutes good software-development
processes. Bollinger and McGowan discuss flaws in CMM's use of assembly-line process
models. They show that manufacturing is fundamentally different than software development,
as the former is primarily concerned with replication and the latter with design.
- Creation of Software Specifications, stating what is going to be developed, combined with
formal sign off, an executive sponsor and approval mechanism. This is NOT a living document,
but additions are placed in a deferred or out of scope section for later incorporation into the
next cycle of software development.
- A Technical Specification, stating how precisely the thing specified in the Software
Specifications is to be developed will be used. This is a living document.
- Peer Review of Code (Code Review) with metrics that allow developers to walk through an
implementation, and to suggest improvements or changes. (Note - This is problematic because
the code has already been developed, and a bad design potentially cannot be fixed by
"tweaking".) The Code Review gives complete code a formal approval mechanism.
- Version Control - a very large number of organizations have no formal revision control
mechanism or release mechanism in place.
- The idea that there is a "right way" to build software, that it is a scientific process involving
engineering design and that groups of developers are not there to simply work on the problem
du jour.
|
