Software Quality ZZZzzzz … Boring!

Rob CrossEnjoy today's guest post from PSC Vice President, Rob Cross!

For over a decade PSC has analyzed and scrubbed code for quality defects. Yet, it’s almost a standing joke in the industry that software quality is still a “nice to have” and not a “need to have.” For example, we recently met with a prospective customer who, during the initial meeting, informed us that he knew his organization’s software had many flaws in it. However, sales had not been negatively impacted and customers were okay with being inconvenienced by buggy software as long as they had access to great support, where their voices could be heard and problems eventually addressed. If this example is as irritating to read as it was to write, then you have some context for what happens next.

Me: Guys, I understand you’re doing what has always been done in the past, but eventually such practices will catch up to you. Perhaps you should seize the opportunity to build more reliable and secure software. This would help you to to strengthen your brand and increase engineering productivity and efficiency, leading to higher profits and less risk.

Prospect: We’ve made investments in the past by buying several tools for our engineers, which provide us with defect information.

Me: So you have trained every engineer in how to use the tool, purchased enough licenses for all of them to access the tool, integrated use of the tool into your processes, hired an administrator for the tool, have regular training sessions for the tool, developed or subscribed to a coding standard, produced reports capturing the flow and accountability of the data throughout this process and provided management a view into this so that they can make decisions? Is that what you mean? And one more thing, how do you get a guarantee from your engineers that they will never compromise on this process?

Prospect: The reality is that we put up a good fight, but our engineers are stretched too thin. The only thing that is guaranteed around here is that our engineers will be distracted daily with fire drills from our support team to fix a critical defect found by our customers. We don’t have the time, focus or energy to do the stuff you’re talking about, but we make the best effort.

After explaining that PSC does all of the above as a turnkey solution and guarantees the results, the prospect decided that it didn't need help for now. With its next huge release scheduled for the following month, it felt that it couldn't spare the cycles.

Quality is Really Boring

I understand looking through your own code is not fun. That’s why every writer has an editor. Writers love to create new things for people to experience and hate reading their own stuff for quality or issues – but there is still a process in place for oversight. Why do we treat our software developers any differently?

If you gave a software engineer the option to work on the next new “hot” release or spend the next two weeks peer reviewing software from the last release, which do you think he or she would choose?

Quality might be boring; however, its importance is core to a company’s brand in every way. In many cases, your software is your brand because it powers the products or delivers an experience your customers will remember and associate with your brand. It costs your company millions of dollars every year to acquire new customers and keep your existing ones, but you can lose them in less than one software glitch.  

Net-Net

It is sometimes a tortuous existence being an advocate for software quality, but life doesn’t have to be that hard. There is a company out there willing to help. If the above story sounds familiar, please give us a call.


Rob Cross
PSC, Vice President

 

Written by Rob Cross at 05:00

An Open Letter to Apple ... From a PSC Summer Intern

proservices

This year PSC hosted a summer intern program, which included the opportunity to participate on the blog. As the first generation that is “fully connected” from birth, these young adults consider technology as another appendage and have much higher expectations for the products they depend on on a daily basis. The post below, from one of our interns, Dorothy, gives me hope that millennials care about their data and privacy – not just having the latest must-have gadget that’s available.

Dear Apple,

The announcement about your latest update has me anxiously awaiting your latest features and software – which have always had me in awe. I hear the rumors, see the spoiler videos and honestly cannot wait until the notification icon that lets me know the update is available appears above my settings app. However, after spending the summer working for a leader in software quality and security assessments, I cannot help but have a few questions that I am now dying to ask.

I would like to preface my questions by stating that I am well aware that these vulnerabilities that I’m about to mention can be found in the software of most phones, not just yours. Basically, they can be found in any internet-seeking device, including TVs and computers. But, I’m an Apple fan, so that is where my concern lies, and with the crazy amount of personal, vital information I keep on my iPhone 5s, it scares me to know that someone could instantly access my entire life if they got their hands on my phone.

So, I guess my concern is two-fold. First, Apple, what steps did you take with this update to ensure your software is up to the highest standard of quality upon release? Since you corrected yourself with roughly a-million-and-one “bug fixes” within the month after the original release, I (unfortunately) have to assume that your attempts for heightened quality are mediocre at best. I understand that designing such intricate software is no easy feat, but we, your loving buyers, expect the best from your team upon arrival. Not only do I have to delete almost my entire phone just to download the first round of your update, I have to continue this vicious cycle every time a new -.0.1 comes out. I want to know how you tackle quality and what you’re doing to offer improved quality with every release.

Another question I have is about the security. I have sensitive information on my phone for numerous accounts, some of which are highly sensitive. And let’s not forget about ApplePay (which I personally do not use, but many others do!). What is it that you do to protect this information? Millions of people use your phones – and with great risk. I would like to know that when I log into my email, or Facebook, and especially my checking account, that there’s little-to-no possibility of hackers getting their hands on my information.

What I’m saying is that I’m nervous that you’re not doing your best. As I have already stated, I am aware that these risks are possible with any and every phone on the market. So perhaps this is a letter to every phone company, not just you. But I’m an Apple lover, and I need to know that as your products are getting more and more advanced, you are accordingly raising your standard.

I can thank PSC for bringing the need for high quality, secure software to my attention, via my internship. At PSC, we provide our clients with the standard of excellence your products once provided. We can guarantee the quality and security of your future iOS updates, and we can guarantee that what you’re giving to your customers breaks the expectations they have set forth. You can change your ways, Apple – your brand depends on it.      

This is your call to action Apple, who are you going to call?

  - Dorothy

Dorothy, of course, is right! Companies like Apple have the opportunity to provide safe, secure, high quality software, but it’s up to them to make that happen. If customers continue to be disappointed by a company’s software, the brand will suffer (and a drop in revenue will likely follow). So, like I always say, we’re here to help. If your software is need of a boost, reach out to DCG or to us. Together we can help you produce the software that your customers deserve.


Rob Cross
PSC, Vice President

Written by Rob Cross at 05:00
Categories :

Download SQTM Presentations

SQTM Conference

If you missed out on this year's Software Quality and Test Management conference, then you missed a great time! We really enjoyed it - there were some fantastic presentations and the crowd of attendees was full of knowledgeable and interesting people from across the industry.

But, we'll stop talking about what a great time it was. Whether you were in attendance or not, we're sharing both of Tom Cagley's presentations from the conference.

"Identifying Software Quality Best Practices" and "The Impact of Cognitive Biases on Test and Project Teams" are both available for download here.

If you have any questions or comments, please leave a comment below or reach out directly to Tom!

Written by Default at 05:00

The Software Quality and Test Management Conference

We're headed back to the Software Quality and Test Management (SQTM) Conference! This year we'll be taking up residence in San Diego from September 13-18, and, as always, we're looking forward it.

SQTM is the only conference that focuses on how best practices in test management and software quality can increase productivity and and user satisfaction, and we'll be there sharing our own strategies and tactics for how to achieve this.

Tom Cagley, Vice President of Consulting, will give two presentations.

“The Impact of Cognitive Biases on Test and Project Teams” will discuss how our biases affect how we interact with others, thereby affecting the work we produce. Tom will discuss how teams can deal with this issue and how an understanding of these biases can make an Agile team more efficient and effective.

He will also present "Identifying Software Quality Best Practices." This presentation will explain how a team can pinpoint its own best practices in development and then how to leverage those for success.

Both presentations will be available for download following the conference, so be sure to check back here for the links!

We're looking forward to a great conference, and we can't wait to share our takeaways with you.



 

Written by Default at 05:00

Is the Problem of Software Security Sociological or Technological?

Rob CrossBack in January 2015, Osterman Research published a whitepaper, "The Need for Improved Software Quality.” It was a great read, so I wanted to share a few of my favorite “moments” from it, as well as some of my own thoughts.

#1: Fewer than one in five of the organizations surveyed viewed security as the most important criterion when developing custom applications internally or when having custom software developed by third parties.

My thoughts: Software quality and security are still being treated as a low priority. Our business at PSC is offering an MSP turnkey solution to provide software quality and security expertise to our clients. To this day, it amazes even us how reactive organizations are, especially after high-profile events, such as the Target data breach. There is a common misperception of, "That won't happen to us; our products aren't a target of hackers." If your products touch a network and are software-driven, then they are a target. Just this morning the news reported how an airline passenger hacked into the jet engines midflight through the telematics and entertainment systems onboard the plane. Gadzooks!  

#2: The vulnerability of much of today’s off-the-shelf and custom software, coupled with a lack of management focus on and support for security, is directly responsible for many of the data breaches, financial losses and other security-related problems that have occurred and will occur in the future.

My thoughts: ATTENTION C-Suite executives! The hacker community loves you! They want you to keep your heads buried in the sand so that they can continue to threaten the millions of dollars you have spent on building your loyal customer base and brand.

Need an example? The data breach at Target resulted in a number of serious and long-term problems:

  • Target’s shareholder value dropped by $148 million.
  • Net earnings for the company during the fourth quarter of 2013 were 46% lower than for the fourth quarter of 2012.
  • Sales and the number of transactions during the fourth quarter of 2013 were 3.8% and 5.5% lower, respectively, than for the same period a year earlier.
  • As of August 2013, Target estimated that the cost of the data breach to that point totaled $236 million.

#3: To address these issues, management must focus on security as a top priority in the software development process and must provide sufficient security-focused training to developers.

My thoughts: A good place to start is by addressing process and education. These are long-term investments that will pay off over time and take some time to implement, but eventually both will contribute significantly to changing the organization's culture to being proactive and proud of software security. In addition, there should be a focus on technology, implementing new tools that will assist the organization in collection, correlation and collaboration of security data and providing transparent views into risks from all levels.

IS THE PROBLEM OF SOFTWARE SECURITY TECHNOLOGICAL OR SOCIOLOGICAL?

Clearly there is an issue with software security – this white paper highlights that. But why does this issues exist? It's my contention that the issue of software security is more sociological than technical – it’s an issue of culture and complacency. Technology has been available to companies for a long time, enabling them to prevent the injection of software security risks into their products and allowing them to monitor and control their supply chain.

What we have found prevalent in our client accounts is that if executive management doesn't know or understand how such risks relate to company performance, then they don't know to care or how to proactively manage them. On the other hand, some executive teams don't want to understand what they don't know about software security by claiming that it's a technical issue that's beneath them.

The smart executive teams dig in and invest the time and money to build a risk framework that incorporates software security metrics into their management reports. This emphasizes software security as an important data point and shifts their software from being regarded as a liability to an important asset to proactively measure, understand, manage and mitigate risks. These executives are the hackers’ worst enemies.

But remember, the hackers only have to be right once – your software team and supply chain has to be right 100% of the time. An impossible task, perhaps, and a lot to ask, but we all should be swinging for the fences to protect our company, products and customers.            

Read “The Need for Improved Software Quality” here.

  
Rob Cross
PSC Vice President

                       

Written by Rob Cross at 05:00
Categories :

"It's frustrating that there are so many failed software projects when I know from personal experience that it's possible to do so much better - and we can help." 
- Mike Harris, DCG Owner

Subscribe to Our Newsletter
Join over 30,000 other subscribers. Subscribe to our newsletter today!