Additionally, object-oriented and componentware methodologists�such as Grady Booch, Ivar Jacobson, Bertrand Meyer, and James Rumbaugh, among others�generally conduct consulting assignments that eventuate in their articles and books within organizations having more than 500 employees. Numerous small, independent software vendors (ISVs) and information technology (IT) organizations operating in small businesses will adopt component-based development or solutions.

The benefits of software engineering are undeniable. Likewise, once component-based development (CBD) is skillfully adopted, and after the appropriate infrastructure is established, the summary of the first workshop on component-based software engineering [2] instructs that some goals of CBSE are to:

• Enhance reuse of core functionality across applications;
• Permit the flexible upgrade and replacement of parts of software independent of their production (manufacture); and
• Provide the means for establishment of collective organizations' best practices so that extant processes may be replaced because of changing business or market-driven scenarios.

Many, if not most, of the business components developed for numerous industries will be developed by small businesses as defined by the U.S. Small Business Administration. The issue is this: How can small business software organizations assure quality and trusted components that comport with all established or prevailing standards, whether those components are internally developed or purchased from third parties?

Software Engineering and Small Business

Software engineering processes, including the CMM, generally are based on experiences with DOD contractors and large corporations for whom change occurs more slowly than in small companies. In large organizations that adopt change management, change is perceived as a deliberate, methodical process. In small businesses, change is considered a "make-or-break" situation; the competitive window of opportunity is perceived�often rightly so�as narrow and one that must be traversed immediately.

Nevertheless, software engineering is required to assure consistent access to the software. Strict software engineering guidelines--for example, adherence to the key process areas (KPAs) of the CMM--are considered necessary to assure, at a minimum, a repeatable, controlled, and well understood, software development process. Many small companies, especially those that do not function as subcontractors for DOD projects, consider software engineering a hindrance to efficient, realizable development of software.

The roles are effectively delineated, and Allen states that roles may be assumed by various employees at different times. The problem is that many small organizations have insufficient numbers of employees to assure that employees assigned to various roles will function in each role well. For example, an experienced configuration management engineer likely will have assumed too many existing roles to learn to function effectively in the new role of reuse librarian.

Budgets in many small companies, despite the commitment to component technologies, will not support the recruitment of a reuse librarian. Yet, many small companies necessarily will adopt CBD. How can CBSE develop so that small companies can assure themselves, as well as purchasers of their components, of the confidence and trust in their components?

CBSE and Small Business

Nevertheless, purchasers of third party componentware must trust their business processes to components developed by others. Components can only be trusted when, especially considering components developed using object-oriented techniques, the following requirements converge:

1. The architecture demonstrates adherence to the basic laws and principles of object-oriented analysis, design, and programming [6]:

1. The Law of Demeter � Avoidance of coupling a client to knowledge of indirect objects and the internal representations of direct objects.
2. Principle of Low Coupling � Assurance that a class is not dependent on too many other classes. Enhances reusability.
3. Principle of High cohesion � A measure of how strongly related and focused the responsibilities of a class are. Enhances maintenance, comprehension, and reusability.

2. Services can be accessed only through a consistent, detailed, published interface that represents a contract between the provider of the capability and potential consumers. This is routinely referred to as component encapsulation.
3. New interfaces can be defined to service new requirements with minimal disruption to the component's internals and to component consumers.
4. CBSE is demonstrable through:

1. Repeatable processes (at a minimum, as defined by CMM, Level 2);
2. Documentation of all phases of the software development life cycle;
3. Configuration management of code; and
4. Separate, verifiable component management, with automated search capabilities on metadata.

The Challenge

The author proposes that the admonition "Caveat Emptor" ("Let the buyer beware") is an insufficient standard and one that promotes lawsuits in the event the purchased software does not work as published. Rather, it is recommended that all vendors of business components establish a warranty attesting that basic software engineering principles have been adopted for the general design, construction, and testing of the component. Since many business components, it is proffered, will be developed by ISVs and other small businesses, how can the quality, merchantability, and "fitness for a particular purpose" be assumed, without recourse to the courts?

The Butler Group has introduced the concept of CBD levels of maturity [9]. The issues are similar to those for the CMM. However, what is the assurance that ISVs and small business IT organizations will adopt the proprietary model, or even become aware of the Butler Group�s attempts to propose such a model?

The author proposes for the Workshop�s consideration an approach for certification of components analagous to the international Underwriter�s Laboratories, Inc. model. For those vendors that volunteer to participate in component certification, publication of compliance, as well as all known defects, should be prescribed. The organization�s approach to software engineering, and especially the testing of components, likewise would be published.

A separate standards body would establish minimal standards for acceptable types of defects and the numbers of errors in their internals, interfaces, and metadata. Components then could be tested in UL-type certification laboratories according to standards promulgated by approved national or international standards' organizations. Rigid testing would assure vendors� or publishing users' intent to offer for consumption a trusted component that is reliable and reusable.

Summary

References

[4] Allen, P., "Practical Strategies for Migrating to CBD," Cutter IT Journal, Vol. 11, No. 12 (December 1998).

[5] DSDM Consortium, DSDM Version 3, Tesseract Publishing, Farnham, UK, 1997.

[6] C. Larman, Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design, Prentice Hall PTR, Upper Saddle River, NJ, 1998.

[7] Meyer, B., C. Mingins, and H. Schmidt, "Trusted Components for the Software Industry." http://www.eiffel.com