The business team wanted us to move faster. Releasing every 3 weeks was too slow. Our customers were hurting, and we need to innovate faster. Development and testing was the bottle-neck that impeded progress.
Our team switched to a Continuous Delivery model, where we pushed each story live to production as it became available. I recently told this story at the Pacific Northwest Software Quality Conference in Portland. These are the slides from that presentation.
New vulnerabilities are no longer surprising or shocking. It seems like they come out every day. Shellshock is interesting to me because the underlying bug was introduced 22 years ago, but it only being exposed now. Imagine how many code reviews, how many regression tests, how many signoffs happened in those 22 years – and shellshock has been waiting all this time.
How many times have we heard, “this code hasn’t been touched in years”, or “this bug was found internally, but no customer has complained in several releases”. Shellshock, to me, is a reminder to always be vigilant, keep an open mind, and to keep focus on high quality – even for the old and stable components of our system.
March 17th is Saint Patrick’s day, a celebration for the Patron Saint of Software Quality Engineers. Today will be a great day to lift a glass for your efforts in chasing snakes out of your software.
Saint Patrick, Patron Saint of Software Quality Eningeers
Of course, Saint Patrick lived before computers and software (he died in 464 AD). He is known as the patron saint of engineers because he brought innovations to the way churches were constructed in Ireland. Saint Patrick is more famous for chasing the serpents out of Ireland.
Imagine if Grace Hopper found a small snake, instead of a moth, in the Mark II computer, we might call defects “snakes” instead of bugs. In this world, the connection to software quality and Saint Patrick would then be more direct.
Who better to represent software quality than the man who chased all of the serpents out of Ireland?
These are the slides from my recent talk on Introducing Static Analysis with Mature Codebases. Stay tuned for a blog post or two to add commentary.