Recently I had the pleasure of speaking at QAI QUEST 2016, which showcases the latest techniques for software quality measurement and testing. It was a content-rich program with more than three days of diving deep into issues like DevOps, Open Source, Security Mobile and more. But what struck me the most above all the event chatter is that even the brightest of companies are still having a difficult time identifying and fixing code quality errors.
During my keynote, I spoke about the perils of system-level defects and how these defects, when they go undetected, can completely ruin ingenious application development strategies. There are two key reason these bugs persist: decentralized development practices and a lack of automated code review standards.
For example, Developer A and Developer B are both working on a new enterprise application. Developer A has written a simple instruction to open a database without knowing that Developer B is calling that method into a loop. Developer B has written this call without knowing that Developer A is opening and closing the database repeatedly. What we end up with is a sluggish application as it continuously engages the database perhaps thousands or tens of thousands of times a day. What’s worse is that eventually the system will come to a complete standstill.
Unintentional resource drains, non-validated user inputs and inadequate errors handling are serious defects that happen more frequently than you might expect, and is not easy to detect with human review processes – especially when developers are working separate threads simultaneously to complete a project on time.
Defects like these are nearly impossible to detect because there is no single knowledge holder who understands what is going on in various aspects of the application development cycle.
For IT-rich organizations, the greatest risks for unregulated application development include:
In fact, Booze Allen Hamilton asserts that decisions made in department silos can result in making an organization more vulnerable to the escalating frequency and sophistication of today’s cyber-attacks.
Automation is the main ammo against security and performance threats posed by application defects. Automated code review is the most efficient way to boost quality and reduce application risk during the development process. Technology-based solutions provide a thoroughness and cadence that human review cannot, and they arm developers with the knowledge they need to work accurately and efficiently.
For more best practices in managing the application development process, check out how RWE Supply & Trading is improving the resilience of trading systems.