Coverity, profile picture
Uploaded byCoverity
PPTX, PDF1,075 views

Adopting Agile

The document discusses the adoption of agile practices in software development to meet increasing customer demands for faster, high-quality features while managing security and stability. It highlights the benefits of agile, such as improved efficiency, better alignment between IT and business, and enhanced problem visibility. The document also addresses the challenges of transitioning to agile, including resistance from developers, managing productivity, and ensuring effective testing procedures.

Embed presentation

Downloaded 22 times
Adopting Agile Ensuring Success Copyright 2013 Coverity, Inc.
Today’s Reality More. Better. Faster. • Customers demand new, innovative features • And quickly • Features are often implemented in software • Size of software projects is exploding • And often includes third-party/open-source code • Security and stability cannot be compromised In other words: software organizations must provide more, with excellent quality, security, and stability, using reliably less time 2
Agile A popular way to address these challenges Many organizations are adopting practices commonly associated with Agile: • Development via rapid iteration over bite-sized, selfcontained work units rather than large process phases • Automated testing: unit, regression, etc. • Continuous integration builds • In some cases, even continuous delivery 3
Why Agile? Business Benefits: • More easily manage change • Better align IT and business objectives • Accelerate time to market Development Benefits: • Visibility: Discover problems sooner • Efficiency: Fix problems more quickly and easily • Predictability: Avoid late-stage schedule disruptions 4
Shorten Cycles, Distribute the Load Theme: Avoid large backlogs; get early feedback • Test code as it is written, minimizing significant last-minute disruptions Practice/Benefit Split development cycle into bite-sized sprints Improve responsiveness, predictability Developers code, test, design All team members are experts with the code; improve efficiency Use small, fast, automated tests like unit tests Get early feedback about whether the code is working properly Routinely integrate, build, test code changes Get early feedback about whether the product is in a working state 5
Adopting Agile We need to go Agile—it will solve our development problems! We can’t put the business on hold to rebuild R&D, Bob! 6
It’s Not Always Easy • Even with a plan and support, adopting Agile practices often encounters resistance • Business Risk: How to maintain developer productivity while onboarding testing responsibilities? • Culture: How to convince developers to actually write tests? • Adoption: How to enforce adoption of the new practices? • IT: How to manage infrastructure? • Politics: How to assure QA that their jobs are safe? • Governance: How to manage the transition to ensure it is successful? 7
Justifying Agile We can’t put the business on hold… 8 We don’t have to! We’ll ease in, starting with our new code and new projects.
Overcome the Resistance • Business Risk (productivity with new testing requirements) • Ease into Agile, e.g. focus on new code/projects first • It’s not all-or-nothing, so plan a transition • Culture (developers must write tests) • Enforce testing standards for important/high-risk code • Phased deployment convinces skeptics and provides escape hatch • Adoption (new practices stick) • Automate enforcement as part of standard process • Politics and Governance • Provide visibility into the new process • Reassure stakeholders—process enables them to fulfill their mission, e.g. independently verify quality or security; not police R&D 9
But…the Devil’s in the Details • How do you determine if code is sufficiently tested? • It’s not practical (or possible) to automate tests for all code • Are you testing all of the important code? • Are you wasting effort testing unimportant code? • How do you enforce testing of changes to legacy code? • You need to require tests for all important code • Without trying to boil the ocean • How do you eliminate manual interpretation and noise? • You need to reduce adoption barriers and increase confidence • Visibility without sufficient context is (worse than) useless 10
Is Code Sufficiently Tested? Sweet, safeClose() is fully tested now! I’m glad I don’t need to test that catch block—I’m not sure I can even trigger an IOException there. 11
Partial Visibility is Worse Than Useless Only 86% coverage for safeClose()? That untested 14% worries me… dbgStub() Why are we wasting time testing dbgStub()? 12 Hey Bob, we need to fix this!
Let Your Tools Do the Heavy Lifting • Leverage static analysis to get early feedback about common coding errors • No need to invest time writing test cases for these issues • It’s critical to automate, look for important problems and configure for minimal noise • Don’t simply measure testing coverage • Enforce a testing policy that focuses on the important/high-risk code • Focus on certain components, modules, classes or functions • Test all code impacted by recent changes • No need to test debug, logging or exception-handling code • Recognize field-tested code; consider code complexity • Leverage SCM systems (age, author), testing artifacts, etc. to improve accuracy and automation 13
Make It Easy On Developers Just add a test covering line 1084 and I’m golden. Glad I don’t need to test those aborts! Don’t need to be tested 14
Make It Easy On Developers • Automate, automate, automate • Use a consistent workflow for all types of issues • Generate prescriptive work items for identified problems • Automatically interpret and prescribe action • “Here is your problem. Do this to fix it…” • AVOID: “Does anything look wrong in this output? Don’t forget to check the build logs and the test output, too.” • Provide easy access to all information, especially the source code and context relevant to the problem • Automatically assign to appropriate team members for accountability • E.g. by most recent SCM committer, or component owner 15
Visibility With Context is Priceless Awesome progress on our improvement goals! Development is right on schedule 16
Visibility and Governance • Measure coverage in the context of your testing policy and definition of “important” and “high-risk” code • Eliminate manual interpretation • Measure performance against objective, meaningful standards • All stakeholders will understand the reports • Automate development testing in your process • Objective, meaningful assessments enable you to automate with confidence and accurately fail the build when something is wrong • Developers become accountable for code quality/security • Gain visibility into pending problems and completeness • Gain scheduling predictability 17
Bob, you did a great job fixing our development problems. I’m giving you a raise! 18
Want to try Coverity on your code? For a free trial, visit: www.coverity.com

More Related Content

PPTX
The Psychology of C# Analysis
byCoverity
 
PDF
Static Analysis of Your OSS Project with Coverity
bySamsung Open Source Group
 
PPTX
Static Analysis Primer
byCoverity
 
PPTX
Finding Defects in C#: Coverity vs. FxCop
byCoverity
 
PPTX
Resource Leaks in Java
byCoverity
 
PPTX
Concurrency Errors in Java
byCoverity
 
PPTX
OSS Java Analysis - What You Might Be Missing
byCoverity
 
PPTX
DevBeat 2013 - Developer-first Security
byCoverity
 
The Psychology of C# Analysis
byCoverity
 
Static Analysis of Your OSS Project with Coverity
bySamsung Open Source Group
 
Static Analysis Primer
byCoverity
 
Finding Defects in C#: Coverity vs. FxCop
byCoverity
 
Resource Leaks in Java
byCoverity
 
Concurrency Errors in Java
byCoverity
 
OSS Java Analysis - What You Might Be Missing
byCoverity
 
DevBeat 2013 - Developer-first Security
byCoverity
 

What's hot

PPTX
clean code - uncle bob
bysaber tabatabaee
 
DOCX
Code review guidelines
byLalit Kale
 
PPTX
Code Review
byMikalai Alimenkou
 
PDF
Code Review for iOS
byKLabCyscorpions-TechBlog
 
PDF
Code Review: How and When
byPaul Gower
 
PPTX
Code Review Best Practices
byTrisha Gee
 
PPTX
Utility of Test Coverage Metrics in TDD
byXP Conference India
 
PPTX
Code review
byAbhishek Sur
 
PDF
Code Review Matters and Manners
byTrisha Gee
 
PPTX
Code review at large scale
byMikalai Alimenkou
 
PDF
Java Code Review Checklist
byMahesh Chopker
 
PPTX
First steps in testing analytics: Does test code quality matter?
byAndy Zaidman
 
PDF
Code Review: How and When
byPaul Gower
 
PPTX
Clean code - Getting your R&D on board
byRuth Sperer
 
PPT
Automated Unit Testing and TDD
byGreg Sohl
 
PDF
TDD Workshop UTN 2012
byFacundo Farias
 
PDF
Testing strategies for legacy code
byAlex Soto
 
PPTX
Code Review tool for personal effectiveness and waste analysis
byMikalai Alimenkou
 
PDF
How to get the most out of code reviews
byJavaDayUA
 
PDF
Code review in practice
byEdorian
 
clean code - uncle bob
bysaber tabatabaee
 
Code review guidelines
byLalit Kale
 
Code Review
byMikalai Alimenkou
 
Code Review for iOS
byKLabCyscorpions-TechBlog
 
Code Review: How and When
byPaul Gower
 
Code Review Best Practices
byTrisha Gee
 
Utility of Test Coverage Metrics in TDD
byXP Conference India
 
Code review
byAbhishek Sur
 
Code Review Matters and Manners
byTrisha Gee
 
Code review at large scale
byMikalai Alimenkou
 
Java Code Review Checklist
byMahesh Chopker
 
First steps in testing analytics: Does test code quality matter?
byAndy Zaidman
 
Code Review: How and When
byPaul Gower
 
Clean code - Getting your R&D on board
byRuth Sperer
 
Automated Unit Testing and TDD
byGreg Sohl
 
TDD Workshop UTN 2012
byFacundo Farias
 
Testing strategies for legacy code
byAlex Soto
 
Code Review tool for personal effectiveness and waste analysis
byMikalai Alimenkou
 
How to get the most out of code reviews
byJavaDayUA
 
Code review in practice
byEdorian
 

Viewers also liked

PDF
How to Adopt Agile at Your Organization
byRaimonds Simanovskis
 
PPTX
Agile pilot project selection
byhemantg1
 
PPTX
How to measure the outcome of agile transformation
byRahul Sudame
 
PPTX
Agile Methodology Assessment
bySandy Lee
 
PDF
IBM DevOps - Adopting Scaled Agile Framework (SAFe) Webinar
byReedy Feggins Jr
 
PDF
User Story Cycle Time - An Universal Agile Maturity Measurement
byEthan Huang
 
PPTX
Exploring Agile Transformation and Scaling Patterns
byMike Cottmeyer
 
PDF
Agile case study
bySandy Lee
 
PDF
Agile leadership assessment
byRavi Tadwalkar
 
PPTX
Agile 2012 - An Agile Adoption and Transformation Survival Guide
byMichael Sahota
 
PPTX
Implement Agile Practices That Work
byInfo-Tech Research Group
 
ODP
Brief Intro to Agile, Benefits & Transition
byMichael Sahota
 
PDF
Agile adoption tales from the coalface
byNish Mahanty
 
PPTX
Change request for right mindset
byRahul Sudame
 
PDF
Overcome the 6 Antipatterns of Agile Adoption
byAgile Velocity
 
PDF
Conducting 'meaningful' retrospection meetings
byRahul Sudame
 
PPTX
Transforming Lives using Agile
byRahul Sudame
 
PDF
Technical Paper Competition - PMI's Project Management Regional Conference, P...
byRahul Sudame
 
PPTX
PMI Agile Certified Practitioner Certification Overview
byRahul Sudame
 
PDF
Risks and strategies adopting agile in medium and large organizations
byAgile Software Community of India
 
How to Adopt Agile at Your Organization
byRaimonds Simanovskis
 
Agile pilot project selection
byhemantg1
 
How to measure the outcome of agile transformation
byRahul Sudame
 
Agile Methodology Assessment
bySandy Lee
 
IBM DevOps - Adopting Scaled Agile Framework (SAFe) Webinar
byReedy Feggins Jr
 
User Story Cycle Time - An Universal Agile Maturity Measurement
byEthan Huang
 
Exploring Agile Transformation and Scaling Patterns
byMike Cottmeyer
 
Agile case study
bySandy Lee
 
Agile leadership assessment
byRavi Tadwalkar
 
Agile 2012 - An Agile Adoption and Transformation Survival Guide
byMichael Sahota
 
Implement Agile Practices That Work
byInfo-Tech Research Group
 
Brief Intro to Agile, Benefits & Transition
byMichael Sahota
 
Agile adoption tales from the coalface
byNish Mahanty
 
Change request for right mindset
byRahul Sudame
 
Overcome the 6 Antipatterns of Agile Adoption
byAgile Velocity
 
Conducting 'meaningful' retrospection meetings
byRahul Sudame
 
Transforming Lives using Agile
byRahul Sudame
 
Technical Paper Competition - PMI's Project Management Regional Conference, P...
byRahul Sudame
 
PMI Agile Certified Practitioner Certification Overview
byRahul Sudame
 
Risks and strategies adopting agile in medium and large organizations
byAgile Software Community of India
 

Similar to Adopting Agile

PDF
Agile Methods: The Good, the Hype and the Ugly
byTyrone Grandison
 
PDF
Agile testing practice
byMary Jiang
 
PPTX
Test Strategy-The real silver bullet in testing by Matthew Eakin
byQA or the Highway
 
PDF
[India Merge World Tour] Coverity
byPerforce
 
PDF
Business Value of Agile Methods: Benefits of Testing Early & Often
byDavid Rico
 
PPTX
Build Quality In
byKishen Simbhoedatpanday
 
PPTX
Is Test Planning a lost art in Agile? by Michelle Williams
byQA or the Highway
 
PPTX
Why Isn't Clean Coding Working For My Team
byRob Curry
 
PPTX
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
bySimon Storm
 
PDF
It's XP, Stupid
byMike Harris
 
PPTX
Creating change from within - Agile Practitioners 2012
byDror Helper
 
PDF
Helpful Practices in Agile Testing
byJosiah Renaudin
 
KEY
Essential practices and thinking tools for Agile Adoption
bySteven Mak
 
PDF
What is agile
byOrange and Bronze Software Labs
 
PPTX
Agile Testing Agile Ottawa April 2015
byDag Rowe
 
PPT
Agile2011 Conference – Key Take Aways
bySynerzip
 
PDF
[Paul Holland] Trends in Software Testing
byHo Chi Minh City Software Testing Club
 
PDF
PHP World DC 2015 - What Can Go Wrong with Agile Development and How to Fix It
byMatt Toigo
 
PDF
Agile Gurgaon 2016 Conference | The game has changed! | Sudipta Lahiri
byAgileNetwork
 
PDF
Why agile testing isn't working
byXebia Nederland BV
 
Agile Methods: The Good, the Hype and the Ugly
byTyrone Grandison
 
Agile testing practice
byMary Jiang
 
Test Strategy-The real silver bullet in testing by Matthew Eakin
byQA or the Highway
 
[India Merge World Tour] Coverity
byPerforce
 
Business Value of Agile Methods: Benefits of Testing Early & Often
byDavid Rico
 
Build Quality In
byKishen Simbhoedatpanday
 
Is Test Planning a lost art in Agile? by Michelle Williams
byQA or the Highway
 
Why Isn't Clean Coding Working For My Team
byRob Curry
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
bySimon Storm
 
It's XP, Stupid
byMike Harris
 
Creating change from within - Agile Practitioners 2012
byDror Helper
 
Helpful Practices in Agile Testing
byJosiah Renaudin
 
Essential practices and thinking tools for Agile Adoption
bySteven Mak
 
What is agile
byOrange and Bronze Software Labs
 
Agile Testing Agile Ottawa April 2015
byDag Rowe
 
Agile2011 Conference – Key Take Aways
bySynerzip
 
[Paul Holland] Trends in Software Testing
byHo Chi Minh City Software Testing Club
 
PHP World DC 2015 - What Can Go Wrong with Agile Development and How to Fix It
byMatt Toigo
 
Agile Gurgaon 2016 Conference | The game has changed! | Sudipta Lahiri
byAgileNetwork
 
Why agile testing isn't working
byXebia Nederland BV
 

Recently uploaded

PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
API-First Architecture in Financial Systems
bycyy111112
 
software-security-intro in information security.ppt
byismaeelsahib032
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 

Adopting Agile

  • 1.
  • 2.
    Today’s Reality More. Better.Faster. • Customers demand new, innovative features • And quickly • Features are often implemented in software • Size of software projects is exploding • And often includes third-party/open-source code • Security and stability cannot be compromised In other words: software organizations must provide more, with excellent quality, security, and stability, using reliably less time 2
  • 3.
    Agile A popular wayto address these challenges Many organizations are adopting practices commonly associated with Agile: • Development via rapid iteration over bite-sized, selfcontained work units rather than large process phases • Automated testing: unit, regression, etc. • Continuous integration builds • In some cases, even continuous delivery 3
  • 4.
    Why Agile? Business Benefits: •More easily manage change • Better align IT and business objectives • Accelerate time to market Development Benefits: • Visibility: Discover problems sooner • Efficiency: Fix problems more quickly and easily • Predictability: Avoid late-stage schedule disruptions 4
  • 5.
    Shorten Cycles, Distributethe Load Theme: Avoid large backlogs; get early feedback • Test code as it is written, minimizing significant last-minute disruptions Practice/Benefit Split development cycle into bite-sized sprints Improve responsiveness, predictability Developers code, test, design All team members are experts with the code; improve efficiency Use small, fast, automated tests like unit tests Get early feedback about whether the code is working properly Routinely integrate, build, test code changes Get early feedback about whether the product is in a working state 5
  • 6.
    Adopting Agile We needto go Agile—it will solve our development problems! We can’t put the business on hold to rebuild R&D, Bob! 6
  • 7.
    It’s Not AlwaysEasy • Even with a plan and support, adopting Agile practices often encounters resistance • Business Risk: How to maintain developer productivity while onboarding testing responsibilities? • Culture: How to convince developers to actually write tests? • Adoption: How to enforce adoption of the new practices? • IT: How to manage infrastructure? • Politics: How to assure QA that their jobs are safe? • Governance: How to manage the transition to ensure it is successful? 7
  • 8.
    Justifying Agile We can’t putthe business on hold… 8 We don’t have to! We’ll ease in, starting with our new code and new projects.
  • 9.
    Overcome the Resistance •Business Risk (productivity with new testing requirements) • Ease into Agile, e.g. focus on new code/projects first • It’s not all-or-nothing, so plan a transition • Culture (developers must write tests) • Enforce testing standards for important/high-risk code • Phased deployment convinces skeptics and provides escape hatch • Adoption (new practices stick) • Automate enforcement as part of standard process • Politics and Governance • Provide visibility into the new process • Reassure stakeholders—process enables them to fulfill their mission, e.g. independently verify quality or security; not police R&D 9
  • 10.
    But…the Devil’s inthe Details • How do you determine if code is sufficiently tested? • It’s not practical (or possible) to automate tests for all code • Are you testing all of the important code? • Are you wasting effort testing unimportant code? • How do you enforce testing of changes to legacy code? • You need to require tests for all important code • Without trying to boil the ocean • How do you eliminate manual interpretation and noise? • You need to reduce adoption barriers and increase confidence • Visibility without sufficient context is (worse than) useless 10
  • 11.
    Is Code SufficientlyTested? Sweet, safeClose() is fully tested now! I’m glad I don’t need to test that catch block—I’m not sure I can even trigger an IOException there. 11
  • 12.
    Partial Visibility isWorse Than Useless Only 86% coverage for safeClose()? That untested 14% worries me… dbgStub() Why are we wasting time testing dbgStub()? 12 Hey Bob, we need to fix this!
  • 13.
    Let Your ToolsDo the Heavy Lifting • Leverage static analysis to get early feedback about common coding errors • No need to invest time writing test cases for these issues • It’s critical to automate, look for important problems and configure for minimal noise • Don’t simply measure testing coverage • Enforce a testing policy that focuses on the important/high-risk code • Focus on certain components, modules, classes or functions • Test all code impacted by recent changes • No need to test debug, logging or exception-handling code • Recognize field-tested code; consider code complexity • Leverage SCM systems (age, author), testing artifacts, etc. to improve accuracy and automation 13
  • 14.
    Make It EasyOn Developers Just add a test covering line 1084 and I’m golden. Glad I don’t need to test those aborts! Don’t need to be tested 14
  • 15.
    Make It EasyOn Developers • Automate, automate, automate • Use a consistent workflow for all types of issues • Generate prescriptive work items for identified problems • Automatically interpret and prescribe action • “Here is your problem. Do this to fix it…” • AVOID: “Does anything look wrong in this output? Don’t forget to check the build logs and the test output, too.” • Provide easy access to all information, especially the source code and context relevant to the problem • Automatically assign to appropriate team members for accountability • E.g. by most recent SCM committer, or component owner 15
  • 16.
    Visibility With Contextis Priceless Awesome progress on our improvement goals! Development is right on schedule 16
  • 17.
    Visibility and Governance •Measure coverage in the context of your testing policy and definition of “important” and “high-risk” code • Eliminate manual interpretation • Measure performance against objective, meaningful standards • All stakeholders will understand the reports • Automate development testing in your process • Objective, meaningful assessments enable you to automate with confidence and accurately fail the build when something is wrong • Developers become accountable for code quality/security • Gain visibility into pending problems and completeness • Gain scheduling predictability 17
  • 18.
    Bob, you dida great job fixing our development problems. I’m giving you a raise! 18
  • 20.
    Want to tryCoverity on your code? For a free trial, visit: www.coverity.com