In my first post, I’m going to tell you a story of a friend of mine, comparing something that happened to him to fix defects in the software.
Some time ago, a friend of mine went to the doctor. Was he sick? Well… not really. He was not old, but not young either, let’s say … mature, experienced, and he needed to check his health due to past efforts to accommodate to the “needs” everyday life imposed.
Can we think of our applications in analogous terms? Applications that have overcome the ailments of youth but, due to constant “time to market” needs, have evolved in an uncontrolled manner. Let’s keep the analogy and see if it is valid.
My friend went to the doctor to assess his general health check. The doctors run all kinds of tests with the most modern techniques and they found “defects” in his different systems and organs. He was suffering the symptoms but he didn’t know the cause. His first thought was: “Wow! So that’s why I’m feeling this way, the reasons are inside. I was only looking at the surface”. Suddenly, he knew he had to take care of his health, an important aspect he was neglecting.
By analogy, this is a common situation when a company decides to have a closer look at the internals of their applications, whatever the reason may be, reactive or preventive (the reasons can be the subject for another post). CIOs, Development Managers and Security Managers are suffering symptoms in their applications (faults in production, low performance, security flaws, high maintenance costs, etc.) with no insight on the underlying causes.
They acquire Kiuwan, analyze the source code and get a report with a comprehensive list of software analytics metrics and “defects” in their source code according to industry best practices and standards.
Those applications have been running in production for a while and have high business value, so they need to be fixed to keep giving service for a long time. But those applications have grown with a big emphasis in delivering new functionality as fast as the business needed. The pay off are now injuries and those injuries are affecting their current health in terms of maintainability, efficiency or, in worst cases, security flaws and faults.
The CIO is now aware of his applications’ risk, the accumulated technical debt and, as a professional manager he is, he reacts serenely, with no panic, no anxiety. He knows that defects found should be somehow fixed and, although he does not have enough resources to fix them all, he recognizes the situation and, more important, he decides that something has to be done. He needs a realistic plan.
1. Do not be discouraged by the results obtained, even by the lack of resources to fix it, keep calm and start thinking to make a realistic and affordable plan. Relax, Kiuwan will help you
One of the software analytics Kiuwan provides is the technical debt, an estimated effort in man-days to fix the applications. An effort he probably cannot afford right now. He needs to act but he seems to have his hands tied. This is a very common situation our Kiuwan customers face and ask for advice.
With this post I want to give you some tangible actions that can help you handle this situation and start working on it. The first one we already told you, run a health check and keep calm, you are going to do something according to your possibilities.
Anybody can understand that the world cannot stop while you fix the defects. You must keep on evolving the system while working on its internal technical debt at the same time. Yes, with no additional budget. The market is continuously asking for more functionality and you have to provide it. In summary, you have to do more with less.
Let’s go back to our medical analogy. My friend is not so sick that he must completely change his way of life, but he needs to introduce some changes, according to his possibilities. The minimum less expensive goal would be, of course, “not getting worst”. Whatever his current health is (good, medium or bad), he’s now aware that going regularly to the doctor is advisable and, even in the case of not doing anything to improve, he decides to check his health periodically to assess his evolution. At least, knowing the evolution he will be prepared to quickly react if the situation gets worse. Here is your second action.
2. Check periodically the status of the applications and monitor the evolution of the main “health” indicators that Kiuwan provides (risk index, quality and technical debt)
Real life shows us that, only by informing developers and providers that quality of source code is being inspected, more attention is paid when writing code and the whole quality improves in some degree, maybe due to inner knowledge of “best practices” —an interesting point (but subject of yet another post)—.
Ok, this is the minimum, perhaps enough for some time, but not enough as a unique strategy. Let’s move on.
Kiuwan provides an out-of-the-box quality model (CQM) with a set of rules, thresholds and weights ready to use and applicable to wide range of applications. Many Kiuwan users that are not experts in quality or security, or that do not have time to invest in creating their own quality model, simply use this model as-is to periodically check the health of their applications.
Although CQM provides some reasonable weights, you know better than anyone your actual needs so you must concentrate on what is really important and the priorities in your applications, to pay attention in those aspects that are more important for you at this first moment. That’s your third action:
3. Use Kiuwan’s CQM as it-is, or modify it to select the metrics and rules more important for you at this moment
By customizing CQM to your priorities (probably eliminating some aspects not relevant at this moment), you will reduce the list of defects found to those that are really relevant, reducing the effort and making future actions more affordable. But, if you don’t have time to do it… trust CQM, let it run, it’s been designed from years of experience and it’s ready to be used as it is.
So, regardless you use CQM or your custom model, you must now define a plan. What’s your goal? Improve, of course. But what, how, when? Even the resulting list of defects must be prioritized.
Kiuwan provides a ‘What if’ functionality that can help you to precisely define goals and, objectively, define an action plan to accomplish them.
If you have a well-defined goal in terms of improving any of the quality dimensions (maintainability, efficiency, security, etc.), you can use the what if simulator to define different targets for such dimensions (the to-be situation), generating different action plans, until you get one in line with your goals and the resources you have.
Or it may be very likely that you can afford to spend a given effort fixing defects (i.e. 8-16 h per month per developer). Then, you can use Kiuwan’s what if simulator to get the action plan that most pay off. An optimized list of defects that, with the given effort, mostly reduces your technical debt, risk and improve your quality indicators.
4. Define your goals and let Kiuwan generate an action plan according to your possibilities
Once here, you have a goal and a concrete action plan, with well defined actions and well known pay-off in terms of improvement. What are you waiting for? Let’s put hands in action. You can export those defects to developer’s issue tracker (i.e. Atlassian JIRA) and track them.
After some time applying the action plan, you want to measure again and know the remediation progress. Let Kiuwan work its magic and automatically get, in a single view, the progress on the action plan, the benefits, and even see if new defects were introduced that should also be fixed.
5. Analyze periodically to know the action plans’ remediation progress and how your main indicators evolve (and hopefully, improve)
Do you have a Continuous Integration system? You can go even further and integrate Kiuwan into the automated building process. That integration, with very little effort, will fully automate the analysis process and let the reports arrive right to your desk. This is our last action for now.
6. Continuously analyze integrating Kiuwan with your Continuous Integration system and let Kiuwan work alone
Yes, of course, you can do this integration with a few single point-and-click actions (remember that Kiuwan provides out-of-the-box plugins for Jenkins and IBM Urban Code), but continuous integration is another story… Stay tuned!
By the way, what was of my friend? He is much better than before, thanks!