William Nichols - Academia.edu (original) (raw)

Papers by William Nichols

The objective of this study is to apply recently developed techniques to infer causality from obs... more The objective of this study is to apply recently developed techniques to infer causality from observational software engineering data. Determining causation rather than just correlation is fundamental to selecting factors that control outcomes such as cost, schedule, and quality. The Tetrad tool's PC and FGES causal search algorithms were applied to software engineering data from 4940 programs written in the C programming language collected during Personal Software Process (PSP) training. PSP programs have previously been used in empirical research quantitative relationships between developer and project factors. Both algorithms successfully identified the expected relationships and did not find contradictory or implausible associations. Many of the available causal inference search algorithms require Gaussian distributional families with linear effects. The linear relationship may be especially important for software engineering research and may require prior knowledge and data...

The 2013 TSP Symposium was organized by the Software Engineering Institute and took place Septemb... more The 2013 TSP Symposium was organized by the Software Engineering Institute and took place September 16–19 in Dallas, Texas. The goal of the TSP Symposium is to bring together practitioners and academics who share a common passion to change the world of software engineering for the better through disciplined practice. The conference theme was "When Software Really Matters," which explored the idea that when product quality is critical, high-quality practices are the best way to achieve it. In keeping with that theme, the community contributed a variety of technical papers describing their experiences and research using the Personal Software Process^SM (PSP^SM) and Team Software Process^SM (TSP^SM). This report contains the four papers selected by the TSP Symposium Technical Program Committee. The topics include demonstrating the impact of the PSP on software quality and effort by elimina...

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below.

ArXiv, 2020

Without quantitative data, deciding whether and how to use static analysis in a development workf... more Without quantitative data, deciding whether and how to use static analysis in a development workflow is a matter of expert opinion and guesswork rather than an engineering trade-off. Moreover, relevant data collected under real-world conditions is scarce. Important but unknown quantitative parameters include, but are not limited to, the effort to apply the techniques, the effectiveness of removing defects, where in the workflow the analysis should be applied, and how static analysis interacts with other quality techniques. This study examined the detailed development process data 35 industrial development projects that included static analysis and that were also instrumented with the Team Software Process. We collected data project plans, logs of effort, defect, and size and post mortem reports and analyzed performance of their development activities to populate a parameterized performance model. We compared effort and defect levels with and without static analysis using a planning ...

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013 and 252.227-7013 Alternate I.

The ideas and findings in this report should not be construed as an official DoD position. It is ... more The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013 and 252.227-7013 Alternate I.

In an effort to determine how to make secure software development more cost effective, the SEI co... more In an effort to determine how to make secure software development more cost effective, the SEI conducted a research study to empirically measure the effects that security tools—primarily auto-mated static analysis tools—had on costs (measured by developer effort and schedule) and benefits (measured by defect and vulnerability reduction). The data used for this research came from 35 projects in three organizations that used both the Team Software Process and at least one auto-mated static analysis (ASA) tool on source code or source code and binary. In every case quality levels improved when the tools were used, though modestly. In two organizations, use of the tools reduced total development effort. Effort increased in the third organization, but defect removal costs were reduced compared to the costs of fixes in system test. This study indicates that organizations should employ ASA tools to improve quality and reduce effort. There is some evidence, however, that using the tools cou...

The ideas and findings in this report should not be construed as an official DoD position. It is ... more The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below.

Proceedings of the 2014 International Conference on Software and System Process, 2014

To meet critical business challenges, software development teams need data to effectively manage ... more To meet critical business challenges, software development teams need data to effectively manage product quality, cost, and schedule. The Team Software ProcessSM (TSPSM) provides a framework that teams use to collect software process data in real time, using a defined disciplined process. This data holds promise for use in software engineering research. We combined data from 109 industrial projects into a database to support performance benchmarking and model development. But is the data of sufficient quality to draw conclusions? We applied various tests and techniques to identify data anomalies that affect the quality of the data in several dimensions. In this paper, we report some initial results of our analysis, describing the amount and the rates of identified anomalies and suspect data, including incorrectness, inconsistency, and credibility. To illustrate the types of data available for analysis, we provide three examples. The preliminary results of this empirical study suggest that some aspects of the data quality are good and the data are generally credible, but size data are often missing.

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at

The ideas and findings in this report should not be construed as an official DoD position. It is ... more The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.

2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 2016

Assurance is not a specific thing that can be easily measured and monitored. It is an emerging co... more Assurance is not a specific thing that can be easily measured and monitored. It is an emerging composition of a variety of independently collected data elements that come from loosely linked software life cycle activities. As a system emerges from concept to high-level design to architecture to detailed design to code to components to implementation there is a huge amount of information that is assembled in artifacts, text, and evaluation outputs. This paper proposes a framework for making sense of these pieces to monitor and manage assurance. An example is provided to show how the framework can be applied to evaluating tainted and counterfeit products.

Proceeding of the 2nd workshop on Software engineering for sensor network applications - SESENA '11, 2011

Effective process models, to result in effective processes, must be adapted to the unique needs o... more Effective process models, to result in effective processes, must be adapted to the unique needs of an organization. When done carefully, proper adaptation produces superior results. This article includes examples of successful application of process in different domains and scales. From these come a list of values and principles for effective process use.

An analysis of the 61,817 tasks performed by developers working on 45 projects, implemented using... more An analysis of the 61,817 tasks performed by developers working on 45 projects, implemented using Team Software Process, is documented via a conversation between a data analyst and the person who collected, compiled, and originally analyzed the data. Five projects were safety critical, containing a total of 28,899 tasks. Projects were broken down using a Work Breakdown Structure to create a hierarchical organization, with tasks at the leaf nodes. The WBS information enables task organization within a project to be investigated, e.g., how related tasks are sequenced together. Task data includes: kind of task, anonymous developer id, start/end time/date, as well as interruption and break times; a total of 203,621 time facts. Task effort estimation accuracy was found to be influenced by factors such as the person making the estimate, the project involved, and the propensity to use round numbers.

The objective of this study is to apply recently developed techniques to infer causality from obs... more The objective of this study is to apply recently developed techniques to infer causality from observational software engineering data. Determining causation rather than just correlation is fundamental to selecting factors that control outcomes such as cost, schedule, and quality. The Tetrad tool's PC and FGES causal search algorithms were applied to software engineering data from 4940 programs written in the C programming language collected during Personal Software Process (PSP) training. PSP programs have previously been used in empirical research quantitative relationships between developer and project factors. Both algorithms successfully identified the expected relationships and did not find contradictory or implausible associations. Many of the available causal inference search algorithms require Gaussian distributional families with linear effects. The linear relationship may be especially important for software engineering research and may require prior knowledge and data...

The 2013 TSP Symposium was organized by the Software Engineering Institute and took place Septemb... more The 2013 TSP Symposium was organized by the Software Engineering Institute and took place September 16–19 in Dallas, Texas. The goal of the TSP Symposium is to bring together practitioners and academics who share a common passion to change the world of software engineering for the better through disciplined practice. The conference theme was "When Software Really Matters," which explored the idea that when product quality is critical, high-quality practices are the best way to achieve it. In keeping with that theme, the community contributed a variety of technical papers describing their experiences and research using the Personal Software Process^SM (PSP^SM) and Team Software Process^SM (TSP^SM). This report contains the four papers selected by the TSP Symposium Technical Program Committee. The topics include demonstrating the impact of the PSP on software quality and effort by elimina...

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below.

ArXiv, 2020

Without quantitative data, deciding whether and how to use static analysis in a development workf... more Without quantitative data, deciding whether and how to use static analysis in a development workflow is a matter of expert opinion and guesswork rather than an engineering trade-off. Moreover, relevant data collected under real-world conditions is scarce. Important but unknown quantitative parameters include, but are not limited to, the effort to apply the techniques, the effectiveness of removing defects, where in the workflow the analysis should be applied, and how static analysis interacts with other quality techniques. This study examined the detailed development process data 35 industrial development projects that included static analysis and that were also instrumented with the Team Software Process. We collected data project plans, logs of effort, defect, and size and post mortem reports and analyzed performance of their development activities to populate a parameterized performance model. We compared effort and defect levels with and without static analysis using a planning ...

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013 and 252.227-7013 Alternate I.

The ideas and findings in this report should not be construed as an official DoD position. It is ... more The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013 and 252.227-7013 Alternate I.

In an effort to determine how to make secure software development more cost effective, the SEI co... more In an effort to determine how to make secure software development more cost effective, the SEI conducted a research study to empirically measure the effects that security tools—primarily auto-mated static analysis tools—had on costs (measured by developer effort and schedule) and benefits (measured by defect and vulnerability reduction). The data used for this research came from 35 projects in three organizations that used both the Team Software Process and at least one auto-mated static analysis (ASA) tool on source code or source code and binary. In every case quality levels improved when the tools were used, though modestly. In two organizations, use of the tools reduced total development effort. Effort increased in the third organization, but defect removal costs were reduced compared to the costs of fixes in system test. This study indicates that organizations should employ ASA tools to improve quality and reduce effort. There is some evidence, however, that using the tools cou...

The ideas and findings in this report should not be construed as an official DoD position. It is ... more The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below.

Proceedings of the 2014 International Conference on Software and System Process, 2014

To meet critical business challenges, software development teams need data to effectively manage ... more To meet critical business challenges, software development teams need data to effectively manage product quality, cost, and schedule. The Team Software ProcessSM (TSPSM) provides a framework that teams use to collect software process data in real time, using a defined disciplined process. This data holds promise for use in software engineering research. We combined data from 109 industrial projects into a database to support performance benchmarking and model development. But is the data of sufficient quality to draw conclusions? We applied various tests and techniques to identify data anomalies that affect the quality of the data in several dimensions. In this paper, we report some initial results of our analysis, describing the amount and the rates of identified anomalies and suspect data, including incorrectness, inconsistency, and credibility. To illustrate the types of data available for analysis, we provide three examples. The preliminary results of this empirical study suggest that some aspects of the data quality are good and the data are generally credible, but size data are often missing.

This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at

The ideas and findings in this report should not be construed as an official DoD position. It is ... more The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.

2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 2016

Assurance is not a specific thing that can be easily measured and monitored. It is an emerging co... more Assurance is not a specific thing that can be easily measured and monitored. It is an emerging composition of a variety of independently collected data elements that come from loosely linked software life cycle activities. As a system emerges from concept to high-level design to architecture to detailed design to code to components to implementation there is a huge amount of information that is assembled in artifacts, text, and evaluation outputs. This paper proposes a framework for making sense of these pieces to monitor and manage assurance. An example is provided to show how the framework can be applied to evaluating tainted and counterfeit products.

Proceeding of the 2nd workshop on Software engineering for sensor network applications - SESENA '11, 2011

Effective process models, to result in effective processes, must be adapted to the unique needs o... more Effective process models, to result in effective processes, must be adapted to the unique needs of an organization. When done carefully, proper adaptation produces superior results. This article includes examples of successful application of process in different domains and scales. From these come a list of values and principles for effective process use.

An analysis of the 61,817 tasks performed by developers working on 45 projects, implemented using... more An analysis of the 61,817 tasks performed by developers working on 45 projects, implemented using Team Software Process, is documented via a conversation between a data analyst and the person who collected, compiled, and originally analyzed the data. Five projects were safety critical, containing a total of 28,899 tasks. Projects were broken down using a Work Breakdown Structure to create a hierarchical organization, with tasks at the leaf nodes. The WBS information enables task organization within a project to be investigated, e.g., how related tasks are sequenced together. Task data includes: kind of task, anonymous developer id, start/end time/date, as well as interruption and break times; a total of 203,621 time facts. Task effort estimation accuracy was found to be influenced by factors such as the person making the estimate, the project involved, and the propensity to use round numbers.