Page 11 -
P. 11

x     ZWASS
                    business partners, and the sense-and-control systems that will support the work of corporations
                    and other organizations with ubiquitous sensors and actuators, feeding voluminous data into the
                    event-driven IS. Such systems “are ‘unbounded’ because they involve an unknown number of
                    participants or otherwise require individual participants to act and interact in the absence of needed
                    information” (Fisher and Smith, 2004, p. 1). The emergent systems of systems act in a manner
                    unforeseen at the time the individual systems were being designed, acquiring vulnerabilities that
                    emerge during execution and system interaction.
                      3. Reuse of software components of various degrees of complexity and functionality has
                    become an objective of development. This complicates the design of individual components, as
                    developers need to determine the level of component granularity and achieve the necessary degree
                    of generality, documentation, and imperviousness to misuse (De Cesare, Lycett, and Macredie,
                    2006). It also calls for the supporting systems of discovery, integration, secure deployment, and
                    intellectual property management. Components and subsystems are provided by diverse suppliers
                    under different organizational arrangements, including open source under various licenses. With
                    the availability of software components, such as commercial-off-the-shelf (COTS) products or
                    Web services, development becomes integration-oriented. Stability of the integration environment
                    underwrites the stability of the systems developed with its use. The stability of the environments,
                    or its absence, is an outcome of the general competitive jockeying for the standardization rents
                    conducted by technology companies.
                      4. Execution paths in some systems are nondeterministic, owing to the runtime binding of
                    services discovered via directories. The fact that different code entities may be invoked to handle
                    the same transactions at different times magnifies other vulnerabilities and lowers system reli-
                    ability considerably.
                      5. A highly dynamic competitive environment on a global scale results in mergers and acquisi-
                    tions, as well as spin-offs and other divestments, and thus necessitates continuing and thorough-
                    going evolution of organizational systems.
                      6. A variety of modes of system provisioning and governance, including outsourcing, offshor-
                    ing, software as a service, grid computing, singly and in various combinations, presents a variety
                    of alternatives in the continuing supply of organizational information services. When governance
                    changes are enacted, extensive software (r)evolution in organizational IS results.
                      7. The open source mode of software production and maintenance, with support provided by
                    software vendors, offers an enticing alternative to the traditional licensing of software products.
                    Beyond that, when internalized by firms it offers a new working paradigm for organizational IS.
                    For instance, the Progressive Open Source program aims to gradually introduce open-source
                    methods into large corporations by going from the intraorganizational deployment of open source
                    gradually to include outside developers (Dinkelacker et al., 2002). Intellectual property issues
                    come to the fore in various forms, including the variety of copyleft licenses under which various
                    parts of the emerging composite systems have been produced. The Open Source Initiative lists
                    seventy-two different licenses compliant with its review criteria (Open Source Initiative, 2006).
                    Security exposures due to the use of third (and further) -party code require coherent handling.
                      A number of fundamental advances in SA&D have been directed at managing the growing
                    complexity of information systems and their development processes. These advances include:
                    the growing understanding of modular system design with information encapsulation and hiding;
                    layered system development with strictly limited interfaces; progression of modeling tools with
                    a gradual movement from the business-process level of abstraction to the solution level of detail;
                    semantically powerful programming languages with typing facility and, in some cases, platform
                    neutrality; supportive software development environments and the means of system composition,
   6   7   8   9   10   11   12   13   14   15   16