The KIT ─ Knowledge & Information Technology
No. 252 - 18 November 2019
Was this forwarded to you?
In This Issue
AI and Ethics
Software Bill of Materials
Cloud Service Agreements Webinar
BPM+ in Healthcare
Seen Recently
Claude Baudoin

Consulting Services
  • IT Strategy
  • Enterprise Architecture Roadmap
  • Business Process Modeling & Analysis
  • Enterprise Software Selection
  • IT Innovation Briefings
  • IT Due Diligence
  • Executive IT Seminars
  • Cloud Computing
  • Security Maturity
  • Software Process
  • Knowledge Strategy
  • Technical Communities
  • Knowledge Capture
  • Taxonomy development
  • Enterprise Social Media
Contact Us:
cébé IT and Knowledge Management
+1 415 870 ITKM
Twitter: @cbaudoin
Previous KIT Issues
Forward this issue to colleagues and friends: use the "forward email" link below at left, rather than "Forward" in your email software, to preserve your privacy, give the recipient more options (their own unsubscribe link, etc.) and to give us better click-through data. Thanks!
AI and Ethics
Dr. Roberto Zicari, professor and founder of the Big Data Lab at Goethe University in Frankfurt (among many other achievements) has recently focused on ethics issues in artificial intelligence.

He recently gave a short webinar on a methodology he calls Z-Inspection. His talk was subtitled "Towards a Process to Assess Ethical AI." Watch the replay on YouTube.

Roberto also sent us a reference to a Wired Magazine article reporting the results of the investigation done by the US National Transportation Safety Board after a self-driving car hit and killed a homeless person crossing a highway. The main problem was multiple flaws in the AI design -- including not expecting that a pedestrian might be jaywalking (crossing outside of designated paths), confusing a person pushing a shopping cart with a bicycle or a car, and inserting delays to avoid erratic behavior by the system. Roberto asks the question: "Who is responsible?"
Software Provenance -- Software Bill of Materials
Dr. Allan Friedman, who has been leading a series of collaborative efforts on the security of the Internet of Things at the National Telecommunications & Information Administration (NTIA) of the U.S. Department of Commerce, wrote this:

"We are very excited to announce that the first wave of resources drafted by participants in the Software Component Transparency Multistakeholder Process are now published. We have created a new website to host these and future documents. [...] As a reminder, the next meeting will be Monday, November 18, in Washington, DC."

If you catch this issue of the KIT in time and are interested, you can join that meeting remotely, even if it has already started (it will last a total of 6 hours, with a break in the middle, from 10:00 am to 4:00 pm, Washington DC time). Basically, the goal of the whole effort is to establish a practice of documenting the provenance of software (including open-source components that may contain security vulnerabilities) through some sort of "bill of materials" equivalent for software engineering. The NTIA effort includes a proof-of-concept, developed in collaboration between security experts, several hospitals and medical device manufacturers, to document the provenance of software used in medical devices.
What to Watch for in Cloud Service Agreements
OMG's Cloud Working Group published the third version of its paper on "Cloud Service Agreements: What to Expect and What to Negotiate." Claude Baudoin, Jyoti Chawla (IBM), Dominick Grillas (Damo Consulting) and Steve Woodward (Cloud Perspectives) will review the content of the paper, including the changes since version 2, in an free hour-long webinar on Wednesday, November 20, 8:00-9:00 am Pacific time (11:00-noon Eastern, 1600-1700 GMT/UK, 17:00-18:00 CET). Register here.
BPM+ in Healthcare
The BPM+ Healthcare community was launched in September 2019, and you can watch a replay of a November 5 webinar explaining what it does. This is for those of you who are interested in how business process management (BPM), case management, and decision modeling -- collectively described by the term "BPM+" for simplicity -- apply in the health domain.

The purpose of the community is to share best practices, promote the use of related standards such as OMG's BPMN, CMMN and DMN (this is explained in the webinar), and allow workflows to follow the patient during their care journey. Corporate membership fees are based on revenue and start at $3,000 a year. Individuals can also join for free as "non-member participants." There are already 30+ members of various sizes.
Seen Recently...
"I have seen several instances recently where the head of [Enterprise Architecture] comes from (and even owns) infrastructure. Is this common in your travels? I am used to EA being more AppDev centric."
-- Mike Kavis, @madgreek65
A reply:
"I've seen this once, but it was because the CIO didn't have a clue what EA meant. AppDev centricity would even still be too narrow, as it would focus only on solution architecture. EA should encompass biz requirements, solution selection (including e.g. cloud-first policies), and BPM."
-- Claude Baudoin, @cbaudoin