Custom process
Brief introduction
The 2nd part of this series describes how the Business Recovery matters leadership team quickly configures their project environment and starts in a number of hours rather than days. We learned how the team took advantage of validated success patterns to create plans and work items, and also looked at how each work item provides links to relevant guides and contextual guides that enable team members to quickly master the team's processes.
This article describes a more advanced scenario in which the Business Recovery matters development team needs to perform security testing throughout the development lifecycle. The approach is to customize the process assets contained in IBM Rational method Composer and IBM Rational Team concert to meet this requirement.
Scenarios: Customizing and automating Processes
In this scenario, the leadership team has been notified that the project needs to follow a security policy to ensure that its final product is free of vulnerabilities and the risk of hacking. They determine that this will affect the team that is developing the dividend deposit component.
This scenario focuses on the following operators and roles:
Peter, Process Engineer (Project leadership Team)
Sally, Safety Officer (Project leadership Team)
Marco, team leader (Dividend deposit feature team)
The following subsections describe how they deal with this problem.
Add security assessment content to the process description in Rational method Composer
Peter, Sally and Marco are responsible for investigating whether any security testing practices can be used to support the development team. The Rational solution for Collaborative Lifecycle Management (CLM) process assets that they are currently using do not contain practices that deal with product safety assessments. The good news: there is a application vulnerability assessment practice in the practice library contained in Rational method Composer. The team believes this practice can meet their project requirements.
In addition, they learned that only one practice could customize the project process, so they decided to follow the tasks and steps in the practice to complete their customizations. Peter also relies on the tutorials provided in the Rational method Composer online Help to speed up mastering process customization. The following steps show how he uses tools to customize the process, and Marco and Sally are responsible for determining how best to integrate new security assessment practices into the team's processes.
Add new practices to the configuration
Peter has a Rational method Composer license. Rational method Composer is installed in the "shell sharing" mode of Rational Team concert. He has confirmed that the entire team has a Content reader license.
The Rational method Composer,peter that prepares the custom process will do the following:
He opens the practice library provided by rational method Composer, exporting Application vulnerability assessment practice plug-ins, and following exporting a method of the Rational Software Information Center Plug-in the following guidelines for the topic.
He downloaded the CLM process library provided on the IBM Rational Solution Process Asset page.
He opens a copy of the CLM process library and imports the Application vulnerability Assessment Practice plug-in he previously exported, and follows the "design and management Process" section of the Rational Software Information Center, publishing and exporting a method plug-in for importing 's Guide.
The practice set provided with the CLM process library and the application vulnerability assessment practice are now available in the Rational method Composer installation.
In the Configuration Editor view of the authoring perspective, Peter makes a copy of the CLM configuration and edits it. (In short, configuration is a practice choice to publish). He added the vulnerability Assessment folder to the configuration (see Figure 1). This folder contains all the elements that are part of the application vulnerability assessment practice, such as roles, tasks, work products, and guidelines.
Figure 1. CLM configuration includes application vulnerability assessment content