The Software Quality Revolution
Back in the eighties there was a quality revolution in manufacturing. Cars just got better.
There’s a long history of comparing building software to building cars. It isn’t always an easy comparison.
There is one aspect of the quality revolution that we should think about: that increasing quality actually reduces costs. The traditional view is that there are three options: good, fast and cheap. You have to pick two because you can’t have all three. The quality revolution was based on the idea that by making it better you can make it faster and cheaper:
“Costs go down and productivity goes up as improvement of quality is accomplished by better management of design, engineering, testing and by improvement of processes.”
David J Anderson believes that focusing on quality can significantly improve our performance as developers:
Put simply, excessive defects are the biggest waste in software development. The numbers on this are staggering and show several orders of magnitude variation…
Encouraging high initial quality will have a big impact on the productivity and throughput of teams with high defect rates. A two- to four-times throughput improvement is reasonable. With truly bad teams, a ten-times improvement may be possible by focusing on quality.
This month we’re going to look at six books that can help us improve the quality of our code, build and security. If you want to have a chance of winning one of these books then please sign up on the Meetup page. At the end of November the lucky winner will get a physical copy with an ebook for the runner up.
Writing code is what we do, so let’s start there.
The most obvious way to improve code is to improve the coders. Is certification useful for making coders better? That’s a controversial topic, but knowing your language can only help. If you’re new to programming then studying for the exam is a useful way to ensure you know your tools well.
Even if you have no interest in taking the exam this book has value for anybody who wants to improve their knowledge of Java. Author Richard Reese provides insight into Java that you may not have seen before with helpful diagrams to show how Java works, including how the program stack and heap are used. The books many examples show you how to deal with some of the common pitfalls encountered while developing Java applications.
I remember reading Joshua Bloch’s Effective Java for the first time. It was a great book but my heart sank. Having to learn so many rules seemed overwhelming. How could I remember all of them? When you’re developing code you are focused on solving the problem and making it work. You don’t want to have to worry about whether or not you’ve violated this principle or inadvertently introduced that problem. You’re walking a tight rope: too much one way and your churning out bad code, to much the other way and you can’t get anything written.
Sonar gives you a safety net. It allows you to write code that works and then discover the quality issues that need to be addressed. This book will help you learn to use Sonar effectively and explore the quality of your source code. It will show you how to apply coding standards, provide documentation and comments, identify potential bugs and defects, ensure sufficient unit-testing coverage and improve the design and complexity of you code base.
You only benefit from quality code once it has been assembled into a delivered product. Solid continuous integration is essential.
Apache Maven is much more than just a build tool. If you use it right it can help you to follow the best software engineering practices and Agile team collaboration techniques. Srirangan hsa gathered a real-world collection of step-by-step solutions that use Apache Maven and the engineering benefits it brings into their development processes.
This book starts with the basics of Apache Maven, implements software engineering best practices, covers the broad range of technologies Maven works with and finally shows how to create your own custom plugins.
Jenkins, a fork of Hudson, can automate the building of software regularly, and trigger tests pulling in the results and failing based on defined criteria. Failing early through build failure lowers the costs, increases confidence in the software produced, and has the potential to morph subjective processes into an aggressive metrics-based process that the development team feels is unbiased.
Alan Mark Berg shows how to maintain and secure a Jenkins server. Then how teams can us it to help them build software, communicate and improve quality using metrics. There is also an appendix containing recipes for quality improvement.
Security is an essential quality for any application but so difficult to achieve. If you want to get it right you’re going to need some help. The third chapter of this book will help as it explains how to do authentication, authorisation and rules enforcement properly in a Java EE 6 application. It also shows how to securely sign your JARs and obfuscate byte-code and web resources.
This is a book that I’ve found personally useful. If your architecting Java applications then you probably will too. The book doesn’t waste much time on tutorials and primers. There isn’t a lot of explanatory text. Instead it provide you with a recipe for how to achieve important goals such as auditing JPA transactions or configuring an application for deployment. The author succinctly explains the salient points of the code sample so that you can quickly adapt it for your own purposes. Mick Knutson assumes a good understanding of the language and dives into advanced topics.
Making sure your application is secure, truly secure, is a complex and daunting task. Lee Allen is passionate about his work of performing security assessments and penetration testing and shares his knowledge with the reader. Using the Penetration Testing Execution Standard (PTES) as a guideline and freely available tools like Backtrack he will show you how to set up a highly secured environment in which to explore the exploits, by-pass the firewalls, gather your data and validate the results.
It concludes with some challenges to put it all together. Everything you need to know to test your applications or write a cyberthriller. This is true hacking and a fascinating read.