Skip to main content

Why Do Software Defects Exist? (Part 2)

(Originally published at www.servicevirtualization.com.)
In Part 1, I proposed that application release decisions are not actually time-based but are instead risk-based.  To summarize, when the Lines of Business demand a specific time to release (from project inception) the Project Lead considers the risk to the business of releasing the application at that time.  This is illustrated to the right.

Application Development Constraints

Let's take a quick look at the "risks to the risk."  These are also known as constraints of the application development process.  I'll start by describing them as they are defined in the book Reality is Overrated (link goes to Amazon).
  • Incomplete Development refers to the fact that software that a developer requires to validate their own code production is unavailable, requiring that developer to stub downstream systems.  The net result is that testing coverage early on is very sparse and puts the onus on the Quality Assurance team to find every defect, something that rarely happens if at all.
  • Infrastructure Unavailability refers to the fact that hardware that is required to run software that a developer requires to validate their own code is unavailable with the same result.  An additional side effect is that sometimes the infrastructure that is unavailable is required to run the developer's own code, meaning they are "dead in the water."
  • Third Party Access Fees refers to the fact that integration with other, internal applications (in situations where charge back policies are in effect) or external applications where fees are assessed for test accounts or, worse, per test transaction.  What I've personally seen happen is that a self-imposed availability constraint is put into effect to avoid "funding bleed" and the inevitable question, "why didn't you hire more consultants?"
  • Finally, Test Data and Scenario Management refers to the long turnaround times when production quality test data is requested.  The slow responses are due to the fact that the DBAs have other, higher priority activities to attend to typically plus the effort to scrub production data to remain in conformance with regulatory requirements (PII, PHI, etc.) is no small feat.
Availability is "Risk to the Risk"

I've defined these four constraints in these specific ways with the intention of highlighting that every one of them, at their core, is a problem of availability:  unavailable software components or applications; unavailable infrastructure; and unavailable test data.  It is this availability problem that is the "risk to the risk" for the following reason:  every time an availability problem manifests itself, a delay in the SDLC is introduced.

What does this mean?  This means that the original assessment of being able to, in our example, deliver the application at 6 months with 75% correctness is no longer valid.  Instead, the inability of the development team to complete their normal activities prevents them from ensuring correctness, so the point in time where 75% correctness is achieved may be 7, 8, 9 months or more from project inception.

The Net Impact

This puts the Project Lead in a bad position because they had the chance to negotiate timelines at the outset.  Now either the delivery date gets pushed in the name of risk while making the Project Lead and their management (who committed the date to the Lines of Business) look unreliable, or the project is released "on time" with quality that's further reduced.

Regardless of which road is taken, quality is not improving and frequently declines in applications released to production.  This adds to the risk that the business will suffer a production outage and ultimately has the possibility of materially impacting revenue; causing a decline in brand equity; or even resulting in shareholder lawsuits in severe enough instances.

Obviously, alleviating the availability constraint in any or all of its four forms has a snowball effect on the quality of the result.  It is the removal of this constraint that the discipline of Service Virtualization effects.  You'll find more excellent material on the industry leading Service Virtualization solution provided by CA Technologies at www.servicevirtualization.com as well in the few discussion groups on LinkedIn.

Popular posts from this blog

"Ni jiang yi yang de hua ma?"

Last week, I wrote about the necessity of having a clear message . Because this topic is so important I decided to follow-up with another entry on this general subject. This week we will approach it from another angle. (For the curious, the title says " Do you speak the same language? " in pinyin, which is a transliterated Mandarin Chinese.) Recently, a good friend of mine (who is Chinese, ironically) and I were playing pool. He had to bank the 8-ball in the pocket to win the game, and since it was an informal game and bank shots are my area of expertise, he asked me for advice. I told him, "you just need to strike the cue ball with medium speed so that it hits the 8-ball right in the middle." He didn't believe me so we marked the positions of the balls, and then he took his shot only to watch the 8-ball sail past the pocket. "A-ha!" he exclaimed. "I told you it wasn't that easy." But when we reset the positions and I made an attemp
Read more

It's Easier to Fail at DevOps than it is to Succeed

Slippery when wet Since the term DevOps was coined in Belgium back in 2009, it is impossible to avoid the term whether in discussions with colleagues or in professional trade magazines.  And during the years while this movement has gained momentum, many things have been written to describe what elements of a DevOps strategy are required for it to be successful. Yet in spite of this, there is an interesting data point worth noting: not many organizations feel there is a need for DevOps.  In a Gartner report entitled DevOps Adoption Survey Results (published in September 2015),  40%  of respondents said they had no plans to implement DevOps and 31% of respondents said they hadn't implemented it but planned to start in the 12 months after the survey was conducted. That left only 29% who had implemented DevOps in a pilot project or in production systems, which isn't a lot. "Maybe it's because there truly isn't a need for DevOps," you say.  While that
Read more

Is No/Low-Code the Key to IT Nirvana?

 Unless you've had your head in the sand for the past year or so, you've seen the phrases low-code  and no-code  bandied about quite frequently everywhere you look.  You've probably wondered if this is something new that's here to stay or just a "flash in the pan."  Although the terms have been in the fore of the IT trade publications recently, Low Code Development Platforms (LCDP) (and the corresponding No Code Development Platforms) have been in existence since 2011.  Their roots can be traced to the 90's with 4th generation programming languages and GUI-assisted programming paradigms, e.g. IBM VisualAge for Basic, which was discontinued in 1998. For those of you who aren't familiar with either, the premise is that these platforms allow someone to quickly build applications using a WYSIWYG interface and a "click and configure" paradigm to Isn't this the source code to Roblox? rapidly build full applications with little or no coding requ
Read more