Plea for help: The detriment of using Microsoft products

Mike Bilow mikebw at colossus.bilow.com
Thu May 18 16:38:29 EDT 2000


What I am saying, and I think this discussion has exceeded the bounds of
general interest to list subscribers, is that there is a difference
between self-assessing CMM level and being evaluated by a third party.  
Anyone can do a self-assessment and be listed on the SEI web site, and
their listings are entirely on the honor system.

However, an independent evaluation by a certified third party evaluator,
needed to satisfy US defense contracting requirements, is not going to be
a worthwhile expenditure for any organization barred from US defense
work.  As the SEI site shows, there are actually only two non-US certified
independent evaluators, and they both work for the UK Ministry of Defence.

So the situation is that there may be numerous organizations which claim
to be operating at CMM4 or CMM5, and they are listed on the SEI web site
as users of the SEI standard.  But there is no possibility that anyone in
India, for example, is going to be given a contract for a US defense
critical system requiring CMM evaluation.  This has absolutely nothing to
do with the actual quality or competence of the organizations in India,
but is a straightforward national security policy.

The end result is that organizations in India do self-assessments and
claim CMM conformance to SEI, which lists them on the web site.  These
claims could be true, or they could be false: it is entirely based upon
the unaudited credibility of the organization itself.  SEI views its
mission as the promotion of CMM as a well-defined standard, and they do
not get involved in contract requirements or any other private issues.  
SEI certification is limited to individuals who perform organizational
assessments and evaluations, but there is no endorsement by SEI of any
particular organizational assessment or evaluation.

There may well be many organizations which choose to use CMM methodology
for non-defense work.  Some of them may even be in India.  However, it
must be understood that all we really know about such organizations which
are not independently evaluated in connection with defense work is that
they are claiming CMM conformance only on the basis of self-assessment.

-- Mike


On 2000-05-18 at 14:30 -0400, Jeffry Smith wrote:

> Again, I direct you to look at the site (www.sei.cmu.edu)!  CMM
> Started with the DoD, but is actually used by many others.  You made
> an assumption that because DoD started it, they're the only ones to
> use it.  I'll point out that a lot of our industry started 
> for the DoD (including COBOL and computers in general).  And, I'll
> point out that the purpose of CMM5 is to generate bug-free code, quickly
> and efficiently.  DoD has a strong interest because of critical
> systems.  Are you saying that no one else wants bug-free code,
> generated in an efficient manner?



-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list