Jeff Hammond of Forrester Research (and formerly of Rational, by the way) talks about the “iron triangle” of software development. “Schedule, features, cost…pick any two,” is the way he describes it. He often brings this up in the context of open source and multi-source development taking the position that open source lets dev teams soften up the iron and improve on all three dimensions.
There’s another iron triangle that has to do with compliance. Productivity, Risk and Compliance (any sort of risk and compliance). In the same way software teams wrestle with development tradeoffs, so is the case with the other triangle. You can be highly productive if you flout the rules and don’t worry about compliance, but it’s risky. You can minimize risk with a bulletproof compliance program, but nobody gets real work done. Maintaining productivity and reasonable risk puts pressure on the compliance program.
There’s no magic bullet and each company must make tradeoffs based on its specific situation, but certainly a key is making compliance a part of the way people do work. When it comes to software, this means essentially building compliance into the software similar to the concept of building in quality or building in security. The “magic” if there is any, is simply that doing something right the first time is much cheaper than fixing it after the fact (Capers Jones suggests that when it comes to software it’s on the order of 10-100X less costly to do things right the first time). So building in compliance requires education, processes and ultimately tools to give developers visibility into the issues early and to help guide them to make appropriate tradeoffs.
Rational is helping development organizations tackle this issue through Collaborative Lifecycle Management (CLM). https://jazz.net/library/article/856 Their best practices research and product integrations provide guidelines and tools are valuable resources for customers managing a variety comp compliance issues. Black Duck has been working closely with Rational to help joint customers build open source compliance into their development process so that they can take full advantage of the benefits of open source (as touted by Forrester Research) while minimizing the risk.
For more information, check out the Rational/Black Duck May 2nd webinar: How to Ensure Compliance without Compromising Innovation.
VP Business Development