SlideShare une entreprise Scribd logo

Software Defect Prevention via Continuous Inspection

Josh Gough
Josh Gough

Research and guidance for educing software development risk and cost while improving speed, quality and maintainability by applying review at all levels.

Technologie
1  sur  49
Télécharger pour lire hors ligne
Avoid the Zone of Chaos: Economics of Quality and Productivity via Code Review Reducing software development risk and cost while improving speed, quality and maintainability by applying review at all levels Presented by: Joshua Gough Atlanta ALT.NET Meetup http://www.meetup/com/AtlAltDotNet 6/19/2012
Topic Outline ● Avoiding the Ultimate Risk ● Software Development Processes ● Risks associated with poor code-review and lack of defect prevention ● Automated .NET tools to support "continuous inspection", code-review, and defect prevention ● Demo of static source-code analysis with Visual Studio and NDepend
Avoiding The Ultimate Risk ● How to validate that you're building the product your customers or users want and need? ● What untested assumptions and risks can lurk in requirements and design docs? ● What kinds of reviews can happen before or in parallel with coding to test assumptions and mitigate risks?
Danger! Don't Go There! Say Wha t?
Royce Strawman Waterfall Model
Royce's Observations
Final Royce Model (Shame on our industry for not reading his whole paper)
Generic Iterative and Incremental Model
Boehm Spiral Model
Generic Agile
Extreme Programming (XP) Feedback Loops
Scrum Agile Process Framework
Whirlpool Model (A "violent water metaphor" we can live with and enjoy)
Scrum Agile Process Framework
Let's Review...
Traditional: Known | Known
Agile: Known | Unknown
Lean Startup: Unknown| Unknown
And Now: Code Review...
Types of Code Review ● Formal code review: involves a careful and detailed process with multiple participants and multiple phases: Example: Fagan Inspection ● Over-the-shoulder : One developer looks over the author's shoulder as the latter walks through the code. ● Email pass-around – Source code management system emails code to reviewers automatically after checkin is made. ● Pair Programming – Two authors develop code together at the same workstation, such is common in Extreme Programming. ● Tool-assisted code review – Authors and reviewers use specialized tools designed for peer code review.
Economic Reasons : Defect Cost Increase
Productivity Reasons: Faster Schedule t! Spo eet Sw Relationship between defect rate and development time. As a rule, the projects that achieve the lowest defect rates also achieve the shortest schedules. -- Capers Jones
Cisco Case Study Data : Defect Counts
Formal Code Review
Hope This Guy Gets Lost in Elevator
Email Pass-Around Pre Check-In
Email Pass-Around Post Check-In
Email Pass-Around Code Review (Pray Uncle Bob Doesn't Get The Email, Unless You Crave Discipline! )
Over-The-Shoulder Walkthrough
Don't Be This Guy (Either of Them!)
Pair Programming ● Agile software development technique wherein two programmers work together at one workstation ● One drives and writes codes while the other observes (or navigates) and reviews each line of code ● The two programmers switch roles frequently ● While reviewing, the observer also considers the strategic direction of the work in order to: ○ Devise ideas for improvements and likely future problems to address ○ Free the driver to focus all of his or her attention on the "tactical" aspects of completing the current task, using the observer as a safety net and guide
In Other Words...
But, What Does the Science Say? ● Isolated studies of pair-programming reveal results ranging all across the map ● Some meta-analyses also reveal wide- ranging results ● I suspect the answer to be "It depends", therefore proceed without dogma and use pragmatism
Example Study
Study Summary ● 48% increase in correctness for complex systems ○ No significant time difference ● Simple systems had 20% time decrease ○ No significant correctness difference ● Overall no general time reduction or correctness increase ○ But an overall 84% effort increase ● Limitations: this was a one day experiment with 99 individuals and 98 pairs How would working together longer affect results?
Tool-Assisted Code Review!
Demo: Visual Studio Code Analysis
Demo: NDepend Critical Warnings
11 Lessons from SmartBear Cisco Case Study
1. Review fewer than 200-400 lines of code at a time.
2. Aim for an inspection rate of less than 300-500 LOC/hour
3. Take enough time for a proper, slow review, but not more than 60-90 minutes K e y
4. Authors should annotate source code before the review
Additional Tactical Tips... ● 5. Establish quantifiable goals for code review and capture metrics so you can improve your processes ● 6. Checklists substantially improve results for both authors and reviewers ● 7. Verify that defects are actually fixed!
And Managerial Tips... ● 8. Managers must foster a good code review culture in which finding defects is viewed positively ● 9. Beware the “Big Brother” effect ● 10. The Ego Effect: Do at least some code review, even if you don't have time to review it all
11.Lightweight-style code reviews are efficient, practical, and effective at finding bugs
Many Thanks to SmartBear Software! (See CodeCollaborator Free Trial and Jason Cohen's Free Book) Free!
Contact ● Meetup: http://www.meetup.com/AtlAltDotNet ● Email: jsgough@gmail.com ● Web: http://agilefromthegroundup.blogspot.com

Recommandé

Shift Left with Continuous Inspection
Shift Left with Continuous InspectionShift Left with Continuous Inspection
Shift Left with Continuous InspectionSerena Software
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMSerena Software
 
Dimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements ManagementDimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements ManagementSerena Software
 
Automation and Release in Federal
Automation and Release in FederalAutomation and Release in Federal
Automation and Release in FederalSerena Software
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)Serena Software
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeploySerena Software
 
SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)Serena Software
 
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena Software
 

Recommandé

Shift Left with Continuous Inspection
Shift Left with Continuous InspectionShift Left with Continuous Inspection
Shift Left with Continuous InspectionSerena Software
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMSerena Software
 
Dimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements ManagementDimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements ManagementSerena Software
 
Automation and Release in Federal
Automation and Release in FederalAutomation and Release in Federal
Automation and Release in FederalSerena Software
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)Serena Software
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeploySerena Software
 
SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)Serena Software
 
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena Software
 
Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016Serena Software
 
Building Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesBuilding Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesInflectra
 
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...SmartBear
 
Continuous Integration Testing for SAP
Continuous Integration Testing for SAPContinuous Integration Testing for SAP
Continuous Integration Testing for SAPWorksoft
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsWorksoft
 
Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)Serena Software
 
FUG Agile software engineering practices
FUG Agile software engineering practicesFUG Agile software engineering practices
FUG Agile software engineering practicesSerena Software
 
Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)Serena Software
 
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!Automate Salesforce Releases with DevOps: Crawl, Walk, Run!
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!Susmitha Vakkalanka
 
Insurance for your Assurance Team
Insurance for your Assurance TeamInsurance for your Assurance Team
Insurance for your Assurance TeamWorksoft
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsSmartBear
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSai Jithesh ☁️
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...XebiaLabs
 
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications Gene Kim
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsXebiaLabs
 
5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeam5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeamAdam Sandman
 
Packaged vs. Custom Application Testing
Packaged vs. Custom Application TestingPackaged vs. Custom Application Testing
Packaged vs. Custom Application TestingWorksoft
 
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...Edureka!
 
Webinar: DevOps challenges facing QA
Webinar: DevOps challenges facing QAWebinar: DevOps challenges facing QA
Webinar: DevOps challenges facing QAQualitest
 
ATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps CultureATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps CultureAgile Testing Alliance
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Moss Drake
 

Contenu connexe

Tendances

Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016Serena Software
 
Building Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesBuilding Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesInflectra
 
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...SmartBear
 
Continuous Integration Testing for SAP
Continuous Integration Testing for SAPContinuous Integration Testing for SAP
Continuous Integration Testing for SAPWorksoft
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsWorksoft
 
Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)Serena Software
 
FUG Agile software engineering practices
FUG Agile software engineering practicesFUG Agile software engineering practices
FUG Agile software engineering practicesSerena Software
 
Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)Serena Software
 
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!Automate Salesforce Releases with DevOps: Crawl, Walk, Run!
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!Susmitha Vakkalanka
 
Insurance for your Assurance Team
Insurance for your Assurance TeamInsurance for your Assurance Team
Insurance for your Assurance TeamWorksoft
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsSmartBear
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSai Jithesh ☁️
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...XebiaLabs
 
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications Gene Kim
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsXebiaLabs
 
5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeam5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeamAdam Sandman
 
Packaged vs. Custom Application Testing
Packaged vs. Custom Application TestingPackaged vs. Custom Application Testing
Packaged vs. Custom Application TestingWorksoft
 
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...Edureka!
 
Webinar: DevOps challenges facing QA
Webinar: DevOps challenges facing QAWebinar: DevOps challenges facing QA
Webinar: DevOps challenges facing QAQualitest
 

Tendances (20)

Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016
 
Building Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesBuilding Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps Pipelines
 
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...
Definition Driven API Development: How OAS & Swagger Help Teams Streamline Th...
 
Continuous Integration Testing for SAP
Continuous Integration Testing for SAPContinuous Integration Testing for SAP
Continuous Integration Testing for SAP
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
 
Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)
 
FUG Agile software engineering practices
FUG Agile software engineering practicesFUG Agile software engineering practices
FUG Agile software engineering practices
 
Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)
 
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!Automate Salesforce Releases with DevOps: Crawl, Walk, Run!
Automate Salesforce Releases with DevOps: Crawl, Walk, Run!
 
Insurance for your Assurance Team
Insurance for your Assurance TeamInsurance for your Assurance Team
Insurance for your Assurance Team
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & Agile
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
 
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications
DOES15 - Rosalind Radcliffe - Test Automation For Mainframe Applications
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale Organizations
 
5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeam5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeam
 
Packaged vs. Custom Application Testing
Packaged vs. Custom Application TestingPackaged vs. Custom Application Testing
Packaged vs. Custom Application Testing
 
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
 
Webinar: DevOps challenges facing QA
Webinar: DevOps challenges facing QAWebinar: DevOps challenges facing QA
Webinar: DevOps challenges facing QA
 
ATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps CultureATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps Culture
 

Similaire à Software Defect Prevention via Continuous Inspection

Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Moss Drake
 
Peer Code Review An Agile Process
Peer Code Review An Agile ProcessPeer Code Review An Agile Process
Peer Code Review An Agile Processgsporar
 
Software Testing Basic Concepts
Software Testing Basic ConceptsSoftware Testing Basic Concepts
Software Testing Basic Conceptswesovi
 
Technical debt management strategies
Technical debt management strategiesTechnical debt management strategies
Technical debt management strategiesRaquel Pau
 
Expert Code Review best practices
Expert Code Review best practicesExpert Code Review best practices
Expert Code Review best practicesjeetendra mandal
 
Indy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-muleIndy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-muleikram_ahamed
 
The Power of Feedback Loops
The Power of Feedback LoopsThe Power of Feedback Loops
The Power of Feedback LoopsAgileCymru
 
Software Project management
Software Project managementSoftware Project management
Software Project managementsameer farooq
 
Topic production code
Topic production codeTopic production code
Topic production codeKavi Kumar
 
Agile Methodologies And Extreme Programming
Agile Methodologies And Extreme ProgrammingAgile Methodologies And Extreme Programming
Agile Methodologies And Extreme ProgrammingUtkarsh Khare
 
Code Review
Code ReviewCode Review
Code ReviewRavi Raj
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptxcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptxsarah david
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdfcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdfsarah david
 
Quality metrics and angular js applications
Quality metrics and angular js applicationsQuality metrics and angular js applications
Quality metrics and angular js applicationsnadeembtech
 

Similaire à Software Defect Prevention via Continuous Inspection (20)

Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
 
Peer Code Review An Agile Process
Peer Code Review An Agile ProcessPeer Code Review An Agile Process
Peer Code Review An Agile Process
 
Software Testing Basic Concepts
Software Testing Basic ConceptsSoftware Testing Basic Concepts
Software Testing Basic Concepts
 
Technical debt management strategies
Technical debt management strategiesTechnical debt management strategies
Technical debt management strategies
 
Expert Code Review best practices
Expert Code Review best practicesExpert Code Review best practices
Expert Code Review best practices
 
Indy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-muleIndy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-mule
 
The Power of Feedback Loops
The Power of Feedback LoopsThe Power of Feedback Loops
The Power of Feedback Loops
 
Software Project management
Software Project managementSoftware Project management
Software Project management
 
Topic production code
Topic production codeTopic production code
Topic production code
 
Agile Methodologies And Extreme Programming
Agile Methodologies And Extreme ProgrammingAgile Methodologies And Extreme Programming
Agile Methodologies And Extreme Programming
 
What is xp
What is xpWhat is xp
What is xp
 
Code Review
Code ReviewCode Review
Code Review
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptxcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
 
Coding - SDLC Model
Coding - SDLC ModelCoding - SDLC Model
Coding - SDLC Model
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdfcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Quality metrics and angular js applications
Quality metrics and angular js applicationsQuality metrics and angular js applications
Quality metrics and angular js applications
 
Unit iv
Unit ivUnit iv
Unit iv
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 

Dernier

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Dernier (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

Software Defect Prevention via Continuous Inspection

  • 1. Avoid the Zone of Chaos: Economics of Quality and Productivity via Code Review Reducing software development risk and cost while improving speed, quality and maintainability by applying review at all levels Presented by: Joshua Gough Atlanta ALT.NET Meetup http://www.meetup/com/AtlAltDotNet 6/19/2012
  • 2. Topic Outline ● Avoiding the Ultimate Risk ● Software Development Processes ● Risks associated with poor code-review and lack of defect prevention ● Automated .NET tools to support "continuous inspection", code-review, and defect prevention ● Demo of static source-code analysis with Visual Studio and NDepend
  • 3. Avoiding The Ultimate Risk ● How to validate that you're building the product your customers or users want and need? ● What untested assumptions and risks can lurk in requirements and design docs? ● What kinds of reviews can happen before or in parallel with coding to test assumptions and mitigate risks?
  • 4. Danger! Don't Go There! Say Wha t?
  • 7. Final Royce Model (Shame on our industry for not reading his whole paper)
  • 8. Generic Iterative and Incremental Model
  • 11. Extreme Programming (XP) Feedback Loops
  • 12. Scrum Agile Process Framework
  • 13. Whirlpool Model (A "violent water metaphor" we can live with and enjoy)
  • 14. Scrum Agile Process Framework
  • 15.
  • 18. Agile: Known | Unknown
  • 20. And Now: Code Review...
  • 21. Types of Code Review ● Formal code review: involves a careful and detailed process with multiple participants and multiple phases: Example: Fagan Inspection ● Over-the-shoulder : One developer looks over the author's shoulder as the latter walks through the code. ● Email pass-around – Source code management system emails code to reviewers automatically after checkin is made. ● Pair Programming – Two authors develop code together at the same workstation, such is common in Extreme Programming. ● Tool-assisted code review – Authors and reviewers use specialized tools designed for peer code review.
  • 22. Economic Reasons : Defect Cost Increase
  • 23. Productivity Reasons: Faster Schedule t! Spo eet Sw Relationship between defect rate and development time. As a rule, the projects that achieve the lowest defect rates also achieve the shortest schedules. -- Capers Jones
  • 24. Cisco Case Study Data : Defect Counts
  • 26. Hope This Guy Gets Lost in Elevator
  • 29. Email Pass-Around Code Review (Pray Uncle Bob Doesn't Get The Email, Unless You Crave Discipline! )
  • 31. Don't Be This Guy (Either of Them!)
  • 32. Pair Programming ● Agile software development technique wherein two programmers work together at one workstation ● One drives and writes codes while the other observes (or navigates) and reviews each line of code ● The two programmers switch roles frequently ● While reviewing, the observer also considers the strategic direction of the work in order to: ○ Devise ideas for improvements and likely future problems to address ○ Free the driver to focus all of his or her attention on the "tactical" aspects of completing the current task, using the observer as a safety net and guide
  • 34. But, What Does the Science Say? ● Isolated studies of pair-programming reveal results ranging all across the map ● Some meta-analyses also reveal wide- ranging results ● I suspect the answer to be "It depends", therefore proceed without dogma and use pragmatism
  • 36. Study Summary ● 48% increase in correctness for complex systems ○ No significant time difference ● Simple systems had 20% time decrease ○ No significant correctness difference ● Overall no general time reduction or correctness increase ○ But an overall 84% effort increase ● Limitations: this was a one day experiment with 99 individuals and 98 pairs How would working together longer affect results?
  • 38. Demo: Visual Studio Code Analysis
  • 40. 11 Lessons from SmartBear Cisco Case Study
  • 41. 1. Review fewer than 200-400 lines of code at a time.
  • 42. 2. Aim for an inspection rate of less than 300-500 LOC/hour
  • 43. 3. Take enough time for a proper, slow review, but not more than 60-90 minutes K e y
  • 44. 4. Authors should annotate source code before the review
  • 45. Additional Tactical Tips... ● 5. Establish quantifiable goals for code review and capture metrics so you can improve your processes ● 6. Checklists substantially improve results for both authors and reviewers ● 7. Verify that defects are actually fixed!
  • 46. And Managerial Tips... ● 8. Managers must foster a good code review culture in which finding defects is viewed positively ● 9. Beware the “Big Brother” effect ● 10. The Ego Effect: Do at least some code review, even if you don't have time to review it all
  • 47. 11.Lightweight-style code reviews are efficient, practical, and effective at finding bugs
  • 48. Many Thanks to SmartBear Software! (See CodeCollaborator Free Trial and Jason Cohen's Free Book) Free!
  • 49. Contact ● Meetup: http://www.meetup.com/AtlAltDotNet ● Email: jsgough@gmail.com ● Web: http://agilefromthegroundup.blogspot.com