COTS

Let’s be honest folks, the technical groups we support like it simple, and when you’re talking about anything in today’s technological world it doesn’t get simpler than COTS software.  That is Commercial-Off-The-Shelf Software (COTS), and can you really blame them for wanting it?  Buying the latest version of project management software at large software retailer is a lot easier than hiring a team of developers to build a new solution from scratch.

COTS give businesses fast easy access to cheaper, more reliable, easily maintained, high quality constantly improved complex software.  Who doesn’t want that?  Yet COTS isn’t everything it’s cracked up to be. COTS is cookie cutter software, you get exactly what you pay for, no more, no less; however, what if the software is flawed?

Let me give you an example, Microsoft Windows 10 by default contains an “Administrator account.”  Your typical user doesn’t bother to configure this account, or even knows it exists.  Most users set up their profile on the operating system, put a password in place, and call it a day assuming they are protected. Unbeknownst to the user this Administrator account lays dormant and for most doesn’t cause any problems.  But that complacency can be a problem.  You see, one of the most popular methods to hack into Windows 10 is through the “I forgot my password” option, that can be manipulated for access the admin account – and just like magic they have full rights and access to your computer, system, and via that, your network.

This is a well-known hack, that most network administrators protect their desktop systems against; but this account is built into Windows 10 by default, and is exactly the sort of risk that IT administrators worry about when using COTS software.

“By choosing to use COTS, an architect takes on an additional risk that they cannot control. Vendors may go out of business, choose not to support the existing components, etc.... COTS components are just another factor that an architect must consider when choosing or designing the architecture of a system. Use of COTS has its associated risks, as COTS components can be thought of as black boxes that just work. The trade offs between COTS components and homegrown components are development time vs. flexibility and control.  Because COTS components are restricting by nature it is critical for appropriate stakeholders to be more involved in those aspects of the system that are not controlled by a software architect.” (Software Architecture, 2010)

The project management strategy used for COTS solutions must be flexible in order to handle the challenging integration requirements, as well as vendor and in-house development life cycles.  Cost of poor quality can be attributed to ineffective processes, and quality metrics must be applied throughout the project with the client checkpoint being taken seriously for integration alignment by both the in-house and vendor team staffs, according to Joyce Douglas, author of “COTS project management strategy from a state government PMO perspective,” (Douglas, 2011)

Fortunately curbing that risk is easily accomplished by the use of Project Management principles. Here’s a “Top 10” list for keeping a COTS project on track for success, according to Rhoda Ondov, Technical Manager at AT&T. (Ondov, 2001).

1. Empower the project manager with true accountability and authority. If the “project manager” is really a facilitator, ensure there is someone else (perhaps a higher level) clearly owning the true role.
2. Define the problem and success criteria in clear and measurable terms.
3. Document the scope and just as important – the boundaries of the scope.
4. Get both functional and operational requirements clarified – they are both important.
5. Plan any COTS use carefully, and match the product to the needs.
6. Use and update the schedule – it is there for project control.
7. Estimate workloads realistically – this is not a question of how good the estimate looks, but how good it is.
8. Acknowledge all project risks – this includes the sensitive or politically incorrect issues.
9. Include all tasks, including planning, in the Work Breakdown Structure (WBS) and schedule – check all inputs to verify full coverage.
10. Communicate frequently and honestly – hiding a problem almost always makes it worse.

As society moves ever forward with advancing technology and the adoption of COTS software, let us all remember the eternal observation of Spock: “Computers make excellent and efficient servants, but I have no wish to serve under them. Captain, a starship also runs on loyalty to one man. And nothing can replace it or him.”  – Spock in “The Ultimate Computer”

Citations:

SoftwareArchitecures.com (2010). Software architecture and COTS software. Retrieved online at https://www.softwarearchitectures.com/architecture-COTS.html 

Douglas, J. (2011). COTS project management strategy from a state government PMO perspective. Paper presented at PMI? Global Congress 2011 – North America, Dallas, TX. Newtown Square, PA: Project Management Institute. Available to PMI members online at https://www.pmi.org/learning/library/custom-off-the-shelf-strategy-6137

Ondov, R. (2001). Managing software projects at AT&T: common risks and pitfalls. Paper presented at Project Management Institute Annual Seminars & Symposium, Nashville, TN. Newtown Square, PA: Project Management Institute. Available to PMI members online at https://www.pmi.org/learning/library/managing-software-projects-common-risk-pitfalls-7876