The Technical Debt Management Cycle:Evaluating the Costs and Risks of IT Assets by Dr. Bill Curtis, Director, Consortium for IT Software Quality.

1. The Technical Debt Management Cycle:
Evaluating the Costs and
Risks of IT Assets
Dr. Bill Curtis
Director, Consortium for IT Software Quality

2. Technical Debt Damages Business Value
2

3. The Technical Debt Metaphor
Technical Debt  the future cost of defects remaining in code at
release, a component of the cost of ownership
Business Risk
Opportunity cost—benefits that could have
been achieved had resources been put on new
Opportunity cost capability rather than retiring technical debt
Liability from debt Liability—business costs related to
outages, breaches, corrupted data, etc.
Technical Debt Interest—continuing IT costs attributable to the
violations causing technical debt, i.e, higher
Interest on the debt maintenance costs, greater resource usage, etc.
Principal borrowed Principalcost of fixing problems remaining in
the code after release that must be remediated
Structural quality problems
in production code
3

4. How to Use Technical Debt
Calculating Cost
Of Ownership Assessing
Business Risk
Estimate of
Technical Debt
Explaining IT
Managing
Cost of Quality
Portfolio Quality
4

5. CAST’s Application Intelligence Platform
Language Application Detected Quality
Parsers Analysis Violations Measurements
Oracle PL/SQL Expensive operation in loop
Sybase T-SQL
Static vs. pooled connections
SQL Server T-SQL
Complex query on big table
Performance
IBM SQL/PSM
C, C++, C# Large indices on big table
Pro C
Cobol Empty CATCH block
Evaluation of
Uncontrolled data access
CICS
Visual Basic
1200+ coding &
Poor memory management
Robustness
VB.Net
architectural rules
Opened resource not closed
ASP.Net
Java, J2EE SQL injection
JSP
Application Cross-site scripting
XML
Buffer overflow
Security
HTML meta-data
Javascript Uncontrolled format string
VBScript
PHP Unstructured code
Misuse of inheritance
PowerBuilder
Oracle Forms Lack of comments
Transferability
PeopleSoft Violated naming convention
SAP ABAP,
Netweaver
Highly coupled component
Tibco
Duplicated code
Business Objects
Index modified in loop
Changeability
Universal Analyzer
for other languages High cyclomatic complexity
5

6. Technical Debt Management Cycle
Application Build/Release/
IT Executives Managers Developers QA/AI Center
Step 1 Step 2 Step 3
Set policy and Set thresholds Measure
quality priorities for app quality Technical Debt
Step 4
Plan reduction
goals & actions
Step 7 Step 6 Step 5
Report to the Remediate
Track results
business violations
6

7. Step 1  Set Policy and Quality Priorities
Quality Corporate purpose Training
Policy Expected behavior Reporting
Audit
Reliability
Performance
Security
Quality Customer-facing Maintainability
Priorities Internal business Reliability
Performance
Security
Maintainability
7

8. Step 2  Set Thresholds for App Quality
Reliability 3.8
Performance 3.9
Product information Security 2.5
Maintainability 3.0
Retail Reliability
Performance
3.5
3.5
Online purchase
Website Security
Maintainability
3.9
2.5
Reliability 3.5
Performance 3.0
Delivery scheduling Security 3.9
Maintainability 2.5
8

9. Step 3  Measure Technical Debt

10. Step 4  Plan Quality Goals & Actions
3.9 Quality Score Target
3.7 by Release
3.5
3.3 Reliability
Score
3.1 Performance
2.9 Security
2.7 Maintainability
2.5
10

11. Step 5  Remediate Violations
11

12. Step 6  Track Results
App Management
3.6
3.5 AppDev
Planned
Performance
3.4 Exec
Efficiency
3.3 Actual
3.2
3.1
3
2.9 Portfolio
2.8 QA Data
2.7
Repository
12

13. Step 7  Report to the Business
Quality Operational Output
Category problems Measure
Outages, slow
Resilience Availability
recovery
Degraded
Efficiency Work efficiency
response
Technical
Security Breaches, Theft Data protection
debt
Lengthy
Transferability IT productivity
comprehension
Changeability Excessive effort Delivery speed
13

14. Reducing Technical Debt Is Imperative
14