SlideShare a Scribd company logo

The Testers' Secret Weapon - Code Reviews

Bertold Kolics
Bertold Kolics

Presentation slides from HUSTEF '2023.

Software
1 of 26
Download to read offline
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. The Testers’ Secret Weapon - Code Reviews Bertold Kolics HUSTEF 2023 - Budapest, October 4, 2023 1
© 2023 Verosint. All rights reserved. My Context ● Question Asker, Bulldog Engineer ● Not a Gatekeeper ● Verosint - small startup < 20 employees ○ SaaS business ○ We detect & prevent online account fraud ● Past ○ mabl (e2e test automation as a service) - small ○ CS Disco (legal tech) - medium ○ ESO Solutions (healthcare) - medium ○ Ping Identity / UnboundID - small/medium ○ Sun Microsystems - large ○ SZTAKI - medium 2
© 2023 Verosint. All rights reserved. Definition ● What: review code for completeness and correctness ● When: prior to integration into product ● Form of static testing* ● Informal vs. formal ○ mind the context ● Synchronous ○ in-person/virtual walkthrough ○ peer or mob programming ● Asynchronous ○ out of band review typically in the form of a pull request ● Participants: ○ author: engineering (development, test, even ops) ○ reviewer: engineering, ops, technical writers 3 Image credit: Wilfredo Lee/AP/REX/Shutterstock.com
© 2023 Verosint. All rights reserved. Why Accelerate the Achievement of Shippable Quality source: https://www.moderntesting.org/ Code reviews: ● Create shared understanding ● Reduce rework ● Help instill best practices ● Opportunity to learn from others, teach & train ● Influences outcome ● Gels the team when done properly as we rarely work in isolation 4 Remember: soft skills are the hard skills
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems ● Year: 2003. Event: acquisition of Waveset. ● Role: developer ● QA team and technical writers under separate management structure. ● Product: highly-customizable identity provisioning, on-prem ● Process: throw it over the wall ● Initial state ○ frequent patch releases (multiple times a week), regressions ○ implementation with lots of shortcuts, unsuitable for quick ramp of new customers ○ core engineering involvement 5 Image credit: John Anju
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Review Process ● End state ○ max once a month patch release managed by sustaining team ○ design reviews for features ○ longest code review template ever ○ significantly higher quality / throughput ● Code review template forced developers to ○ communicate and create shared understanding ○ slow down: have you heard “slow down to speed up” before? ○ carefully consider all aspects of the changes ○ get buy-in: plan changes first, code next 6 Build the right it & build it right.
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Process ● Developer ○ clarifies requirements if necessary with product or engineering manager ○ consults test specialists if necessary ○ implements increment including tests and changes to documentation ○ tests code manually and with automated tests ○ fills out code review template ○ solicits feedback, revises code ○ integrates change ○ addresses any test failures ○ updates ticket in issue management system: details, links to source changes, etc ● Template reflecting the above process 7
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Template ● Contents: ○ Summary of the issue ○ Alternatives considered ○ Details about solution implemented ○ Impact (cross-cutting concerns) ■ performance, scalability, security, accessibility ○ Net new tests implemented ○ Release notes and notes on updating product documentation ● Details about implementation copied into issue manager ○ QA team - all over the moon 😍 ○ Technical writers - no longer felt neglected 8 Image credit: Teams of Distinction
© 2023 Verosint. All rights reserved. Case Study: ESO Solutions ● Year: 2017. Context: leading QA practice for multiple development teams. ● Company: ~200 employees ● Product: electronic health record, SaaS, US customers only ● Team structure: ○ cross-functional, 2-pizza sized: product manager, developers, test engineers ○ matrix organization ○ 2 test engineer / team: SDET and traditional QA ● Process: scrum with planning/standup/retro ceremonies, 2-week cycle ● Key elements: ○ co-located teams - sitting in close proximity ○ review format: most often pairing driven by short delivery cycles ○ evolving test automation engineers to own framework instead of feature automation 9
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. In The Trenches 10
© 2023 Verosint. All rights reserved. Practices that worked for me ● Don’t lose sight of the goal ● Don’t make it personal ● Be curious ● Teach & learn ● Pick your battles ● Size matters ● Time - yours and theirs, interruptions ● Reviewed code is not bug free code 11 Image credit: png image from pngtree.com Remember: more time spent on reading code than writing
© 2023 Verosint. All rights reserved. Extent of Code Changes ● The brain cannot keep focused on large code changes ○ too much changes lead to subpar reviews ● Keep code changes under 400 lines 12 Image credit: IMDB
© 2023 Verosint. All rights reserved. Code Walkthroughs ● Consider code walkthroughs for new features, large changes ● Best if accompanied by ○ READMEs ○ Drawings / sketches ○ Example code / automated tests ○ Whiteboard ● In person or over Zoom ● Allow time for questions 13
© 2023 Verosint. All rights reserved. Before Code Reviews ● Run static analyzers ○ Helps reviewers focus on higher level concerns ● Ensure that automated tests are passing ○ Helps reduce the requests for reviewing code changes again 14 Image credit: Wikipedia
© 2023 Verosint. All rights reserved. Avoid Interruptions ● Interruptions are productivity killers ● Bundling technique ○ work interruptions limited to certain days or part of the day ○ for example: code reviews daily after standup ● Get your ducks in the row before requesting review ○ respect the time and interruptions code review ● Anti-pattern example: ○ requesting a review multiple times for multiple revisions in the same pull request 15
© 2023 Verosint. All rights reserved. Checklists / Templates to The Rescue ● Sets expectations ● Easier for reviewers to follow a consistent format ● May be specific to a repository 16
© 2023 Verosint. All rights reserved. Exceptions Are OK, too ● Consider relaxing code review requirements without sacrificing quality ● Examples: ○ 1-line code change ○ Changing only message catalog keys ○ Updating project README 17
© 2023 Verosint. All rights reserved. Overcommunicate ● Don’t forget to set the context ● Links are helpful ○ tickets ○ design documents ○ decisions records ● Add your own code review comments in areas ○ where implementation choice may not be clear ○ where additional considerations were needed ● Eliminates back-and-forth ● Sometimes I mention: “I am not a Vulcan, I cannot mind-meld” ● Anti-pattern example: ○ 10-line code comment to explain a complex conditional 18
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. What’s In It For Me? 19
© 2023 Verosint. All rights reserved. Testing Specialists ● Make yourself more valuable to the team ○ coaching developers on testing ○ removing yourself eventually as the bottleneck ○ shorten the feedback loop ● Learn programming ○ reading is easier first than writing ● When done properly ○ code reviews create another collaborative venue ○ foster shared understanding ○ gel the team 20
© 2023 Verosint. All rights reserved. Developers ● Opportunity to learn testing techniques ○ testing - especially feature-level - is a must-have skill, not a dedicated job ● Opportunity to share knowledge between developers ○ junior developers, interns can learn best practices to use, patterns to follow ○ senior developers can exercise their coaching, technical leadership skills ● Less rework, more new work ○ do you prefer fixing bugs or develop new features? Most will pick the latter. ● Think value ○ you are not valued on the # of lines of code you produce ○ reviews help to focus our efforts 21
© 2023 Verosint. All rights reserved. Leaders ● Make it part of the software development lifecycle ○ will also pay dividends when customers ask about development practices ● Code reviews can ○ gel the team, ○ provide growth professionally to team members, ○ increase the value the team delivers 22
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Wrapping It Up 23
© 2023 Verosint. All rights reserved. Key Takeaways ● Code reviews are an essential part of the software development life cycle ● Can be done in many shapes and forms ○ having an agreed upon process appropriate for the context is key ● When done properly, it ○ helps create shared understanding, ○ becomes a powerful teaching tool, ○ provides a platform for coaching testing as well as development skills, ○ gels the team 24
© 2023 Verosint. All rights reserved. Resources ● My Code Review Guidelines ● Newsletters ○ The Pragmatic Engineer by Gergely Orosz ○ The Beautiful Mess by John Cutler ● Podcasts ○ A/B Testing ○ Testing Peers ○ Maintainable Software ● Books ○ Your Code As A Crime Scene (2nd edition coming) ○ Software Design X-Rays ○ Clean Code: A Handbook of Agile Software Craftsmanship ○ SmartBear’s Best Practices and e-book ○ User Story Mapping ○ Accelerate 25 bit.ly/hustef2023
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Thank you 26

Recommended

A Tester's Life
A Tester's LifeA Tester's Life
A Tester's LifeBertold Kolics
 
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...DevDay.org
 
ASPgems company profile
ASPgems company profileASPgems company profile
ASPgems company profileAgustin Cuenca
 
Building Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software EngineeringBuilding Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software EngineeringMuhammad Shehata
 
Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...Agustin Benito Bethencourt
 
Software Project management
Software Project managementSoftware Project management
Software Project managementsameer farooq
 
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14p6academy
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software EngineeringSADEED AMEEN
 

Recommended

A Tester's Life
A Tester's LifeA Tester's Life
A Tester's LifeBertold Kolics
 
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...DevDay.org
 
ASPgems company profile
ASPgems company profileASPgems company profile
ASPgems company profileAgustin Cuenca
 
Building Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software EngineeringBuilding Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software EngineeringMuhammad Shehata
 
Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...Agustin Benito Bethencourt
 
Software Project management
Software Project managementSoftware Project management
Software Project managementsameer farooq
 
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14p6academy
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software EngineeringSADEED AMEEN
 
Defensive API programming techniques for Gophers
Defensive API programming techniques for GophersDefensive API programming techniques for Gophers
Defensive API programming techniques for GophersBertold Kolics
 
From class to architecture
From class to architectureFrom class to architecture
From class to architectureMarcin Hawraniak
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Moss Drake
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agileAlyssa Fox
 
Agile process
Agile processAgile process
Agile processSatishreddyMandadi
 
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewMuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewJitendra Bafna
 
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon
 
The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmasSQALab
 
Legacy code development and maintenance
Legacy code development and maintenanceLegacy code development and maintenance
Legacy code development and maintenanceDenis Kondratenko
 
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventPrashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventXebia India
 
Architecture in action 01
Architecture in action 01Architecture in action 01
Architecture in action 01Krishna Sankar
 
Pull requests do's and don'ts
Pull requests do's and don'tsPull requests do's and don'ts
Pull requests do's and don'tsArie Bregman
 
Software Engineering Primer
Software Engineering PrimerSoftware Engineering Primer
Software Engineering PrimerGeorg Buske
 
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Ryo Jin
 
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfDesign and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfIRJET Journal
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwssuser2cde60
 
PROCESS MODELS.ppt
PROCESS MODELS.pptPROCESS MODELS.ppt
PROCESS MODELS.pptDrTThendralCompSci
 
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsTales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsParticular Software
 
8220 sad inquiry
8220 sad inquiry8220 sad inquiry
8220 sad inquirybbass03
 
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxLecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxelham706227
 
Taskfile - makefiles are fun again
Taskfile - makefiles are fun againTaskfile - makefiles are fun again
Taskfile - makefiles are fun againBertold Kolics
 
Email privacy
Email privacyEmail privacy
Email privacyBertold Kolics
 

More Related Content

Similar to The Testers' Secret Weapon - Code Reviews

Defensive API programming techniques for Gophers
Defensive API programming techniques for GophersDefensive API programming techniques for Gophers
Defensive API programming techniques for GophersBertold Kolics
 
From class to architecture
From class to architectureFrom class to architecture
From class to architectureMarcin Hawraniak
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Moss Drake
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agileAlyssa Fox
 
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewMuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewJitendra Bafna
 
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon
 
The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmasSQALab
 
Legacy code development and maintenance
Legacy code development and maintenanceLegacy code development and maintenance
Legacy code development and maintenanceDenis Kondratenko
 
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventPrashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventXebia India
 
Architecture in action 01
Architecture in action 01Architecture in action 01
Architecture in action 01Krishna Sankar
 
Pull requests do's and don'ts
Pull requests do's and don'tsPull requests do's and don'ts
Pull requests do's and don'tsArie Bregman
 
Software Engineering Primer
Software Engineering PrimerSoftware Engineering Primer
Software Engineering PrimerGeorg Buske
 
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Ryo Jin
 
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfDesign and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfIRJET Journal
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwssuser2cde60
 
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsTales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsParticular Software
 
8220 sad inquiry
8220 sad inquiry8220 sad inquiry
8220 sad inquirybbass03
 
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxLecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxelham706227
 

Similar to The Testers' Secret Weapon - Code Reviews (20)

Defensive API programming techniques for Gophers
Defensive API programming techniques for GophersDefensive API programming techniques for Gophers
Defensive API programming techniques for Gophers
 
From class to architecture
From class to architectureFrom class to architecture
From class to architecture
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agile
 
Agile process
Agile processAgile process
Agile process
 
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewMuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
 
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
 
The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmas
 
Legacy code development and maintenance
Legacy code development and maintenanceLegacy code development and maintenance
Legacy code development and maintenance
 
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventPrashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia event
 
Architecture in action 01
Architecture in action 01Architecture in action 01
Architecture in action 01
 
Pull requests do's and don'ts
Pull requests do's and don'tsPull requests do's and don'ts
Pull requests do's and don'ts
 
Software Engineering Primer
Software Engineering PrimerSoftware Engineering Primer
Software Engineering Primer
 
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Open Governance for Tizen 3.0
Open Governance for Tizen 3.0
 
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfDesign and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage Shelf
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
 
PROCESS MODELS.ppt
PROCESS MODELS.pptPROCESS MODELS.ppt
PROCESS MODELS.ppt
 
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsTales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systems
 
8220 sad inquiry
8220 sad inquiry8220 sad inquiry
8220 sad inquiry
 
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxLecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptx
 

More from Bertold Kolics

Taskfile - makefiles are fun again
Taskfile - makefiles are fun againTaskfile - makefiles are fun again
Taskfile - makefiles are fun againBertold Kolics
 
Password Managers - Lastpass
Password Managers - LastpassPassword Managers - Lastpass
Password Managers - LastpassBertold Kolics
 
GitHub Actions demo with mabl
GitHub Actions demo with mablGitHub Actions demo with mabl
GitHub Actions demo with mablBertold Kolics
 
Improve quality culture using visualization
Improve quality culture using visualizationImprove quality culture using visualization
Improve quality culture using visualizationBertold Kolics
 
Funnels of Hiring Test Engineers
Funnels of Hiring Test EngineersFunnels of Hiring Test Engineers
Funnels of Hiring Test EngineersBertold Kolics
 
Session Based Testing Made Fun
Session Based Testing Made FunSession Based Testing Made Fun
Session Based Testing Made FunBertold Kolics
 

More from Bertold Kolics (8)

Taskfile - makefiles are fun again
Taskfile - makefiles are fun againTaskfile - makefiles are fun again
Taskfile - makefiles are fun again
 
Email privacy
Email privacyEmail privacy
Email privacy
 
Password Managers - Lastpass
Password Managers - LastpassPassword Managers - Lastpass
Password Managers - Lastpass
 
Make DevOps inclusive
Make DevOps inclusiveMake DevOps inclusive
Make DevOps inclusive
 
GitHub Actions demo with mabl
GitHub Actions demo with mablGitHub Actions demo with mabl
GitHub Actions demo with mabl
 
Improve quality culture using visualization
Improve quality culture using visualizationImprove quality culture using visualization
Improve quality culture using visualization
 
Funnels of Hiring Test Engineers
Funnels of Hiring Test EngineersFunnels of Hiring Test Engineers
Funnels of Hiring Test Engineers
 
Session Based Testing Made Fun
Session Based Testing Made FunSession Based Testing Made Fun
Session Based Testing Made Fun
 

Recently uploaded

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 

Recently uploaded (20)

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 

The Testers' Secret Weapon - Code Reviews

  • 1. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. The Testers’ Secret Weapon - Code Reviews Bertold Kolics HUSTEF 2023 - Budapest, October 4, 2023 1
  • 2. © 2023 Verosint. All rights reserved. My Context ● Question Asker, Bulldog Engineer ● Not a Gatekeeper ● Verosint - small startup < 20 employees ○ SaaS business ○ We detect & prevent online account fraud ● Past ○ mabl (e2e test automation as a service) - small ○ CS Disco (legal tech) - medium ○ ESO Solutions (healthcare) - medium ○ Ping Identity / UnboundID - small/medium ○ Sun Microsystems - large ○ SZTAKI - medium 2
  • 3. © 2023 Verosint. All rights reserved. Definition ● What: review code for completeness and correctness ● When: prior to integration into product ● Form of static testing* ● Informal vs. formal ○ mind the context ● Synchronous ○ in-person/virtual walkthrough ○ peer or mob programming ● Asynchronous ○ out of band review typically in the form of a pull request ● Participants: ○ author: engineering (development, test, even ops) ○ reviewer: engineering, ops, technical writers 3 Image credit: Wilfredo Lee/AP/REX/Shutterstock.com
  • 4. © 2023 Verosint. All rights reserved. Why Accelerate the Achievement of Shippable Quality source: https://www.moderntesting.org/ Code reviews: ● Create shared understanding ● Reduce rework ● Help instill best practices ● Opportunity to learn from others, teach & train ● Influences outcome ● Gels the team when done properly as we rarely work in isolation 4 Remember: soft skills are the hard skills
  • 5. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems ● Year: 2003. Event: acquisition of Waveset. ● Role: developer ● QA team and technical writers under separate management structure. ● Product: highly-customizable identity provisioning, on-prem ● Process: throw it over the wall ● Initial state ○ frequent patch releases (multiple times a week), regressions ○ implementation with lots of shortcuts, unsuitable for quick ramp of new customers ○ core engineering involvement 5 Image credit: John Anju
  • 6. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Review Process ● End state ○ max once a month patch release managed by sustaining team ○ design reviews for features ○ longest code review template ever ○ significantly higher quality / throughput ● Code review template forced developers to ○ communicate and create shared understanding ○ slow down: have you heard “slow down to speed up” before? ○ carefully consider all aspects of the changes ○ get buy-in: plan changes first, code next 6 Build the right it & build it right.
  • 7. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Process ● Developer ○ clarifies requirements if necessary with product or engineering manager ○ consults test specialists if necessary ○ implements increment including tests and changes to documentation ○ tests code manually and with automated tests ○ fills out code review template ○ solicits feedback, revises code ○ integrates change ○ addresses any test failures ○ updates ticket in issue management system: details, links to source changes, etc ● Template reflecting the above process 7
  • 8. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Template ● Contents: ○ Summary of the issue ○ Alternatives considered ○ Details about solution implemented ○ Impact (cross-cutting concerns) ■ performance, scalability, security, accessibility ○ Net new tests implemented ○ Release notes and notes on updating product documentation ● Details about implementation copied into issue manager ○ QA team - all over the moon 😍 ○ Technical writers - no longer felt neglected 8 Image credit: Teams of Distinction
  • 9. © 2023 Verosint. All rights reserved. Case Study: ESO Solutions ● Year: 2017. Context: leading QA practice for multiple development teams. ● Company: ~200 employees ● Product: electronic health record, SaaS, US customers only ● Team structure: ○ cross-functional, 2-pizza sized: product manager, developers, test engineers ○ matrix organization ○ 2 test engineer / team: SDET and traditional QA ● Process: scrum with planning/standup/retro ceremonies, 2-week cycle ● Key elements: ○ co-located teams - sitting in close proximity ○ review format: most often pairing driven by short delivery cycles ○ evolving test automation engineers to own framework instead of feature automation 9
  • 10. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. In The Trenches 10
  • 11. © 2023 Verosint. All rights reserved. Practices that worked for me ● Don’t lose sight of the goal ● Don’t make it personal ● Be curious ● Teach & learn ● Pick your battles ● Size matters ● Time - yours and theirs, interruptions ● Reviewed code is not bug free code 11 Image credit: png image from pngtree.com Remember: more time spent on reading code than writing
  • 12. © 2023 Verosint. All rights reserved. Extent of Code Changes ● The brain cannot keep focused on large code changes ○ too much changes lead to subpar reviews ● Keep code changes under 400 lines 12 Image credit: IMDB
  • 13. © 2023 Verosint. All rights reserved. Code Walkthroughs ● Consider code walkthroughs for new features, large changes ● Best if accompanied by ○ READMEs ○ Drawings / sketches ○ Example code / automated tests ○ Whiteboard ● In person or over Zoom ● Allow time for questions 13
  • 14. © 2023 Verosint. All rights reserved. Before Code Reviews ● Run static analyzers ○ Helps reviewers focus on higher level concerns ● Ensure that automated tests are passing ○ Helps reduce the requests for reviewing code changes again 14 Image credit: Wikipedia
  • 15. © 2023 Verosint. All rights reserved. Avoid Interruptions ● Interruptions are productivity killers ● Bundling technique ○ work interruptions limited to certain days or part of the day ○ for example: code reviews daily after standup ● Get your ducks in the row before requesting review ○ respect the time and interruptions code review ● Anti-pattern example: ○ requesting a review multiple times for multiple revisions in the same pull request 15
  • 16. © 2023 Verosint. All rights reserved. Checklists / Templates to The Rescue ● Sets expectations ● Easier for reviewers to follow a consistent format ● May be specific to a repository 16
  • 17. © 2023 Verosint. All rights reserved. Exceptions Are OK, too ● Consider relaxing code review requirements without sacrificing quality ● Examples: ○ 1-line code change ○ Changing only message catalog keys ○ Updating project README 17
  • 18. © 2023 Verosint. All rights reserved. Overcommunicate ● Don’t forget to set the context ● Links are helpful ○ tickets ○ design documents ○ decisions records ● Add your own code review comments in areas ○ where implementation choice may not be clear ○ where additional considerations were needed ● Eliminates back-and-forth ● Sometimes I mention: “I am not a Vulcan, I cannot mind-meld” ● Anti-pattern example: ○ 10-line code comment to explain a complex conditional 18
  • 19. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. What’s In It For Me? 19
  • 20. © 2023 Verosint. All rights reserved. Testing Specialists ● Make yourself more valuable to the team ○ coaching developers on testing ○ removing yourself eventually as the bottleneck ○ shorten the feedback loop ● Learn programming ○ reading is easier first than writing ● When done properly ○ code reviews create another collaborative venue ○ foster shared understanding ○ gel the team 20
  • 21. © 2023 Verosint. All rights reserved. Developers ● Opportunity to learn testing techniques ○ testing - especially feature-level - is a must-have skill, not a dedicated job ● Opportunity to share knowledge between developers ○ junior developers, interns can learn best practices to use, patterns to follow ○ senior developers can exercise their coaching, technical leadership skills ● Less rework, more new work ○ do you prefer fixing bugs or develop new features? Most will pick the latter. ● Think value ○ you are not valued on the # of lines of code you produce ○ reviews help to focus our efforts 21
  • 22. © 2023 Verosint. All rights reserved. Leaders ● Make it part of the software development lifecycle ○ will also pay dividends when customers ask about development practices ● Code reviews can ○ gel the team, ○ provide growth professionally to team members, ○ increase the value the team delivers 22
  • 23. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Wrapping It Up 23
  • 24. © 2023 Verosint. All rights reserved. Key Takeaways ● Code reviews are an essential part of the software development life cycle ● Can be done in many shapes and forms ○ having an agreed upon process appropriate for the context is key ● When done properly, it ○ helps create shared understanding, ○ becomes a powerful teaching tool, ○ provides a platform for coaching testing as well as development skills, ○ gels the team 24
  • 25. © 2023 Verosint. All rights reserved. Resources ● My Code Review Guidelines ● Newsletters ○ The Pragmatic Engineer by Gergely Orosz ○ The Beautiful Mess by John Cutler ● Podcasts ○ A/B Testing ○ Testing Peers ○ Maintainable Software ● Books ○ Your Code As A Crime Scene (2nd edition coming) ○ Software Design X-Rays ○ Clean Code: A Handbook of Agile Software Craftsmanship ○ SmartBear’s Best Practices and e-book ○ User Story Mapping ○ Accelerate 25 bit.ly/hustef2023
  • 26. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Thank you 26