Blind Faith and Black Code

by

Gandhi once said “Faith should be enforced by reason, if it becomes blind it dies”. The same message is at the core of Dr. Bill Curtis’s “fourth wave in software engineering” –which suggests that faith in your application software should be enforced with measurement.

“Third wave of software engineering” - which is process driven, gave a method to the madness of software development. It brought in the much needed discipline, rigor, and standardized approach to it. After a brief period of lull in the software engineering activity, there is some excitement, as the fourth wave is unraveling itself. Software Analysis and Measurement (SAM), which is at the heart of the new measurement based approach to software engineering discipline, is being developed to address the issue of measurement. SAM focuses on the actual output of the software development – the code itself. You can learn more about SAM and Fourth Wave at CISQ website (www.it-cisq.org), which is sponsored by OMG and SEI to develop the new standards.

But more importantly I would like to recommend a new term today that can be measured, monitored and used in the context of SAM – “Black Code”. Analyzing the code using static analysis tools is one of the core requirements of SAM, the output of the analysis will be mined to provide insights that feed into management decision support systems. As organizations start adopting the SAM practices, they would need some new way to measure what portion of the code is actually analyzed and how much risk exposure do they have from the unanalyzed code. That is where the concept of the “Black Code” will be very useful. “Black Code” essentially refers to the portion of the code which is not analyzed and measured, code for which you have no visibility. The inspiration for the term comes from "Black-Box Testing", which takes into account external perspective of the test object to derive test cases and there is no knowledge of the test object's internal structure. In few years it will be common for executives to ask questions like - “How much black code do we have in our system?” I will expand more on this concept and how it can be measured and used in the next few blogs, but just want to get some initial feedback.

To sum it up - “Faith in your code should be enforced with measurement, if you are blind to your code, it becomes black”

Filed in: Technical Debt
Tagged: Jay Sappidi
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jay Sappidi
Jay Sappidi Founder and CEO at Plumsoft
Plumsoft is a leading Cloud ERP solution provider. PlumERP, built on Plumware Cloud Development Platform, is a cloud-based enterprise application that combines lower cost of ownership with innovative technology and approach for enterprises. PlumERP is one of the most comprehensive ERP solutions in the cloud and provides a unified suite that covers entire business cycles from Quote-to-Cash, Procure-to-Pay, Financial Management, HCM, SCM and Production Planning applications designed for today’s organizations and the way people work
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|