On Quality

As overheard by Dr. Bill Curtis at last week’s Agile Conference. Coined by Jeff Sutherland, one of the co-inventors of SCRUM.

Scrumbut – noun (pronounced: skruhm -buht) — A term used to describe the real-life application of SCRUM development methods where one or more SCRUM practices have not been implemented.  Derived from the constant pairing of two words together (“SCRUM” and the preposition “but”).

For example:  “Sure, we are using SCRUM, but we’re not doing daily stand-ups yet.”

On August 4^th, 2010 CAST hosted an IT executive luncheon, bringing together leading Atlanta-area companies. Leading the discussion was The Coca-Cola Company, elaborating on how they measure quality and the velocity of change in their code base and use these metrics to deliver faster, at higher quality and lower cost.

Atlanta Luncheon

Here are the key themes that emerged from the luncheon:

1. Objective measurement of the software product itself is absolutely essential.
2. Objective measurement drives visibility — essential for early detection of structural quality problems that become prohibitively expensive to fix later.
3. Early detection of structural quality lapses shifts IT from a reactive to a proactive stance, improving it both internally and in the eyes of business partners.
4. When you measure the right structural quality metrics, you take control over the drivers of software cost and business risk.
5. Starting to measure quality is easier than you think and pays off faster than you think. Even companies without the resources of Coca-Cola can take small steps that significantly improve their ability to manage cost and risk.

Want to hear more? For a list of some more of our upcoming luncheons and events click here!

Eli attended the fun ThoughtWorks “Big Casino” night during the Agile 2010 conference in Orlando this week. ThoughtWorks, cleverly put together this event to generate money for charity and of course build brand awareness.

At the event, Martin Fowler, Chief Scientist at ThoughtWorks, delivered a powerful speech on corporate social responsibility and the changes at ThoughtWorks to reflect this commitment. The event was well attended and enjoyed by conference attendees as significant money ultimately donated to three different charities.

Forrester analyst Bill Martorelli spoke last week on the topic of Multisourcing in 2010: Best Practices for Managing Risk and Cost.

Bill Martorelli, Principal Analyst, Forrester

You can hear the presentation again by clicking here.

Bill presented the 10 commandments of multisourcing covering governance, SLAs, and best practices. Here are some salient points from his presentation.

• Be realistic.  You want vendor innovation and low cost and high quality. You can achieve all that, but it takes governance discipline and a focus on the right metrics.
• The core of governance is having transparency and visibility into the product delivered by vendors. Get to the right metrics to understand the true drivers of cost and business disruption risk.
• Measure and monitor these drivers to get predictive control over cost and risk.
• Beware of reducing cost without improving quality.

What are the right  KPIs to monitor? Which governance steps are essential? How should your multi-vendor SLA be structured?

To find out, click here.

We’ve been reading quite a bit the last few weeks about iPhone related issues that have had an impact on the security (Citi) and stability (AT&T) of customer data. Beyond the current arms race in the media to see who can write more frequently about Apple, there may actually be something there that spells real news for us in IT.

If you’re in charge of some mission critical systems at an IT-intensive consumer services company, like a bank or a telecom operator, you might be starting to feel a little more nervous than usual. Over the past couple years you’ve finally gotten accustomed to the fallout of the dot com boom that started 10 years ago, since you had to change your architectures, your release cycles, your technology mix, and your team’s (and maybe your own) attitude as your organization got dragged into connecting directly to the end customer. So by now you’re sort of comfortable with the concept that customers can interact directly with back-end systems, including yours. Well, now we have the iPhone, the Droid, the Treo (does anyone still use Palm?), and more real smart phones competition on the way from the likes of Microsoft and Nokia. Having just internalized last Tuesday’s WSJ article, this really does not bode well.

Well, maybe that’s putting too much drama into the equation, but clearly the boom in smart phones is changing the IT landscape. Mobile apps, and the competition around mobile outreach to the consumer, is taking the customer-facing stress to a new level. For IT, the line between the handheld device and the internal system is becoming more blurred. As we can see with some of the commentary coming out of the situation at Citi, the issue is not a straightforward iPhone problem. It’s a combination of factors that include the iPhone OS, the software from mFoundry, and Citi’s internal applications. The recent problems that AT&T had registering new iPhone customers has some similar characteristics. I don’t have any more information about these two companies than what I’ve read in the press, but what’s certain is that we are bound to see more issues like this in the near future.

To me the key question here is what is IT management and customer service line management doing to ensure they stay on top of these problems? Do they take a proactive stance to track their risks to security or stability exposure? Or do we collectively “outsource” or “delegate” the responsibility deep into the IT organization or to our vendors. Collective responsibility is always a winning formula.

As mobile apps come online to be the direct customer interface, the overall IT system we’re customizing to enable our business to compete becomes far-flung. That has an impact on construction and architecture, and the overall structure of these sprawling IT systems. The additional exposure – both in terms of PR and direct customer experience – make these structural issues more important for management to measure and stay on top of.

You could hide security and quality issues when IT was all internally focused. These days badly designed software is going to become more and more of a publicly visible liability. The smart IT managers are getting in front of these issues.

Seldom do the worlds of mainstream network television programming and IT collide. But when they do … it’s comedy. Or at least NBC thinks so. The network is promoting a sitcom called ‘Outsourced’ about an American thirty-something who goes to India to manage a call-center.  Inevitably, comedic culture clashes ensue. Cringe-worthy clip here (SFW but not funny).

Because we’re ahead of the mainstream (not to mention the experts on software quality), the world’s leading outsourcers and biggest IT organizations have been coming to CAST for help with their Outsourcing strategies and practices for years. In fact, hundreds of IT executives ‘tuned in’ to the Season 1 webinar, “Outsourcing with Forrester” starring Bill Martorelli, principal analyst.  A lot has changed in the IT world since 2009.

In Season 2, Mr. Martorelli will reprise his starring role in a webinar on July 27th.   In “How to Multisource”, Mr. Martorelli will explain how the most successful companies decide what to outsource, how to measure the quality of what is outsourced and when it’s time to consolidate vendors.

We can’t promise a hilarious comedy about “where Midwest meets the exotic East” (their words, not ours), but you will learn what the latest trends and practical tips guaranteed to improve your Multisourcing.

So grab the popcorn and put down the remote – “Outsourcing with Forrester” is on!

To tune in on July 27th,  click here.

Industry data demonstrate that code reviews are highly effective.

Out-Sized Effectiveness of Code Reviews

The problem, however, is that code reviews are time consuming, expensive, and difficult to get right.

To be effective, code reviews require the following:

1) Software engineering expertise

2) An objective basis for evaluating code

3) Comprehensive code coverage

4) A repeatable method that produces reliable results

5) Practical guidance on how to prioritize and fix problems found, and

6) A way to quantify improvement (and hence the effectiveness of code review activities)

As you can see, these are very difficult to set up in any organization. It quickly becomes too expensive, cumbersome, and unworkable.

So how do you get both low cost AND effective code reviews that overcome all the usual stumbling blocks (1 -6) that otherwise prevent companies from effective code reviews?

Check out the webinar on automating code reviews on the DCG website!

C.K. Chesterton wrote, “The word ‘good’ has many meanings. For example, if a man were to shoot his mother at a range of five hundred yards, I should call him a good shot, but not necessarily a good man.”

“It’s the qualifier ‘necessarily’ that shows Chesterton possessed a truly philosophical mind”, write Thomas Cathcart and Daniel Klein, in their book Plato and a Platypus Walk into a Bar (p.81).

Yes indeed.

There’s something so neat-o about making distinctions. Good distinctions don’t simply classify — they illuminate and clarify.

Lev at the Forrester Office in Dallas

I was reminded of that during a recent visit to Dallas to spend some time with Forrester analyst Mary Gerush. (That’s my colleague Lev Lesokhin, breaking into an off-the-charts-spinal-tap-volume-11 smile because he’s finally out of the Dallas heat and inside the cool Forrester digs.)

Let’s distinguish three kinds of business risk :

• Delivery Derailment Risk – risks that add IT cost or stop business revenue due to delayed launch or cancellation.
• Business Case Risk — risks that affect the quality of a delivered application; even though the application works, it doesn’t work as well as it should.  The number of successful transactions per unit time cannot be completed to fulfill the benefits articulated in the business case.
• Business Opportunity Risk — risks that make the application hard to maintain and change in the face of pressing business demand. The resulting loss of agility damages future business revenue.

You lie awake at night worrying about project derailment risk and pay scant attention to the other two.

Watch out!

Software quality is getting hard to measure and automated quality measurement is the only way to go.  That’s the news from our IBM Innovate2010 quality survey. Complete survey results are on Slideshare.

Business Disruption: Hard to Root Cause, Hard to Avoid

“We’re not surprised that so few respondents believe their companies are able to analyze their software properly because assessing the health, internal quality, complexity, maintainability and functional size of an application can be a daunting manual task that is costly, time consuming and grossly inefficient,” said Bill Curtis, Chief Scientist at CAST.

Measuring Software Quality is Getting Harder

Dr. Curtis added, “Automation facilitates this assessment and provides an instant return on investment by helping fix distressed projects and improving core business application assets.”

The survey respondents couldn’t  agree more.

Automation is Essential for Measuring Software Quality

Get the complete survey results on Slideshare.

And our iPad (64G) winner is…(drum roll)…

Drawing the lucky iPad winner

Carol Poulsen,  Senior Vice President, Group Architecture, Innovation and Solution Delivery Services, Royal Bank of Canada. Thanks for participating Carol!

And thanks to all who participated in our IBM Innovate2010 Quality Survey.

Results of that survey in the next post…