Browse Books

Reviewer: Christopher Fox

This book is unusual in that it is consciously modeled on the medical text Control of communicable diseases in man [1], which lists and describes the causes, spread, and control of disease. Jones hopes that a book about the detection, control, and prevention of problems that afflict software processes can play as useful a role for the software engineer as its analog does for the medical practitioner. The goal of the book is to identify the most serious software process problems, explain how to recognize and control them, and tell the reader how to prevent them from recurring. The book's format is clearly based on its medical exemplar. The preface and the first 3 chapters are introductory, and the following 60 chapters consider common software process problems, one per chapter alphabetically, just as Control of communicable diseases in man treats diseases. The preface lays out the analogy between disease and software process problems, and explains how the book is modeled on Control of communicable diseases in man . Chapter 1 focuses on diagnosis, emphasizing that treatment must follow accurate diagnosis, and diagnosis of software process problems is done by process assessment. Chapter 2 discusses the most common software project risks. Jones divides projects into six classes: management information systems projects, systems software projects, commercially marketed software projects, military software projects, contract or outsourced software projects, and end-user software projects. Jones illustrates the patterns of risks in each project category by discussing the top five risk factors in each. Surprisingly, almost a third of the most common risk factors in these categories do not appear among the 60 risks discussed in the remainder of the book, and others appear under different names. In the category of end-user software, none of the five most common risks appear later in the book. Some of these most common risks seem to have been ruled out of discussion because their “detailed analysis is not appropriate or possible” (p. 27). That so many of the most common software risks have been left out of the book for this or some other reason raises questions about the state of our ability to analyze software risks, and about the appropriateness of Jones's choice of risks to catalog in the remainder of the book. Chapter 3 discusses the ten most serious software risks, from most to least serious. Each risk is introduced, its overall severity is discussed, and the project typology introduced in chapter 2 is used to rank project types by the likelihood that they will suffer from each risk. All risks mentioned in this chapter are discussed further in the remainder of the book. Chapters 4 through 63 consider individual software risks, from “Ambiguous Improvement Targets” to “Slow Technology Transfer.” The risks that Jones addresses are treated exhaustively: the 60 chapters on individual risks discuss each under the following 20 headings: “Definition,” “Severity,” “Frequency,” “Occurrence,” “Susceptibility and Resistance,” “Root Causes,” “Associated Problems,” “Cost Impact,” “Methods of Prevention,” “Methods of Control,” “Product Support,” “Consulting Support,” “Education Support,” “Publication Support,” “Periodical Support,” “Standards Support,” “Professional Associations,” “Effectiveness of Known Therapies,” “Costs of Known Therapies,” and “Long-range Prognosis.” Clearly Jones was much influenced by his medical model in designing the format for these chapters. The final section of the book is an extensive and well-done glossary of software assessment and management terms. The book has no index and no cumulative bibliography. Chapters are thoroughly cross-referenced in the “Associated Problems” section of each chapter. The glossary and cross-references are helpful, but the book suffers badly from the lack of an index and a cumulative bibliography—the book is 619 pages long, but still lacks important material. The typography, printing, and binding are excellent. Jones assumes the reader has a considerable background in software engineering. Researchers and professionals will want to read the preface and first three chapters, and dip into the remainder of the book as need or curiosity arises (the chapters on management and technical malpractice are likely to interest many readers). The book would not be suitable as a primary textbook, but could be useful as a secondary reference for advanced students in software engineering. Although it breaks no new ground, software engineering researchers and professionals will want to have a copy of this book available for reference. Jones is a principal of Software Productivity Research (SPR), a software process assessment and improvement consulting firm. Most of the empirical claims in the book are based exclusively on software project assessment data collected by SPR under nondisclosure agreements. Consequently, Jones is able to present conclusion based on data, but none of the data or the details of his analysis. On the one hand, the reader is able to benefit from lessons that Jones has drawn from data that only SPR can access; on the other hand, the reader is unable to judge whether these conclusions are warranted, as he or she would be able to do in a typical empirical study. Jones is selective in references to the literature, heavily favoring a few books and papers and completely ignoring other important work; he also often refers to others' work without adequate citation. The reader is left with the feeling that this is decidedly a book incorporating its author's biases and opinions. Jones is a senior and respected member of the software engineering community, and it is interesting and informative to have his views and wisdom on the many issues discussed. But a book that purports to provide a reference on the model of Control of communicable diseases in man should exhibit a higher degree of impartiality and scholarship than is found here.