SlideShare a Scribd company logo

Which Development Metrics Should I Watch?

Coveros, Inc.
Coveros, Inc.

W. Edwards Deming noted that “people with targets and jobs dependent upon meeting them will probably meet the targets – even if they have to destroy the enterprise to do it.” While metrics can be a great tool for evaluating performance and software quality, becoming beholden to reaching metrics goals, especially the wrong ones, can be detrimental to the project. Each team needs to take care and understand what targets are appropriate for their project. They also need to consider the current and desired states of the source code and product and the capabilities and constraints of the team. As one of the lead architects working with a huge codebase on a government project, I often have the opportunity to influence the teams around me into watching or ignoring various metrics. I will walk through some measures that are available to most projects and discuss what they really mean, various misconceptions about their meaning, the tools that can be used to collect them, and how you can use them to help your team. I’ll discuss experiences and lessons learned (often the hard way) about using the wrong metrics and the damage they can do. This session is aimed at development leads and others that are trying to choose the right metrics to measure or trying to influence what metrics to avoid.

Software
1 of 51
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 1@CoverosGene Agility. Security. Delivered. Which Development Metrics Should I Watch? Gene Gotimer @CoverosGene
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 2@CoverosGene About Coveros • Coveros builds security-critical applications using agile methods. • Coveros Services • Agile transformations • Agile development and testing • DevOps and continuous integration • Application security analysis • Agile & Security training • Government qualifications • DCAA approved rates and accounting • TS facility clearance Areas of Expertise
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 3@CoverosGene Select Clients
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 4@CoverosGene Why Metrics? “Without data you’re just another person with an opinion.” – W. Edwards Deming
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 5@CoverosGene Metrics as Targets “People with targets and jobs dependent upon meeting them will probably meet the targets – even if they have to destroy the enterprise to do it.” – W. Edwards Deming
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 6@CoverosGene Goodhart’s Law “When a measure becomes a target, it ceases to be a good measure.” – Charles Goodhart
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 7@CoverosGene Managing to Metrics “Managers who don't know how to measure what they want settle for wanting what they can measure.” – Russell Ackoff
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 8@CoverosGene What Makes a Good Metric? S Specific M Measurable A Achievable R Relevant T Timely
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 9@CoverosGene How Many Metrics? to at least to actively pay attention to
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 10@CoverosGene SonarQube • Software quality dashboard • Gives visibility into results of • Unit tests • Static analysis • Duplicate code • Quality problems SMARTSM T
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 11@CoverosGene
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 12@CoverosGene
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 13@CoverosGene SMARTA
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 14@CoverosGene Which metrics? Get on with it already… SMARTR
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 15@CoverosGene WTFs per Minute SMARTXXX
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 16@CoverosGene Lines of Code • Used for estimating costs, for example COCOMO • Measures developer productivity
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 17@CoverosGene Lines of Code “Measuring programming progress by lines of code is like measuring aircraft building progress by weight.” – Bill Gates
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 18@CoverosGene Lines of Code • Used for estimating costs, for example COCOMO • Measures Doesn’t measure developer productivity • Rewards build-it-yourself instead of using existing solutions • What if I’m deleting code? • Using lambdas? SMARTX
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 19@CoverosGene Spell It All Out 1 boolean boolResult = false; 2 if (hashResult > 0) 3 boolResult = true; 4 else 5 boolResult = false; 6 assertEquals("HashCode returned was not returned", true, boolResult); as opposed to 1 assertTrue("HashCode should be a positive integer", hashResult > 0);
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 20@CoverosGene Number of Bugs Fixed • Fixing bugs is good • When does it become a bug? • What if you write bug-free code to start with? SMART/ / X
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 21@CoverosGene Code Complexity public List<Double> getAngles() { return Collections.unmodifiableList(angles); } public double getPerimeter() { double perimeter = 0.0d; for (double length : lengths) { perimeter += length; } return perimeter; } 1.0 2.0 SMARTRTAMS
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 22@CoverosGene Number of Unit Tests • Unit tests document the developer’s intent • We need enough • One test per path • Can use code complexity as guide • But don’t usually have it per method • Leads to guessing SMARTXX
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 23@CoverosGene Testivus on Code Coverage One morning, a programmer asked the master “I am ready to write some unit tests. What code coverage should I aim for?” The master replied, “Don’t worry about coverage, just write some good tests.”
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 24@CoverosGene Testivus on Code Coverage Later, a second programmer asked the master the same question. The master pointed to a pot of boiling water and asked “How many grains of rice should I put in that pot?” The programmer replied, “How can I possibly tell you? It depends on how many people you need to feed, how hungry they are, what other food you are serving, how much rice you have available, and so on.” “Exactly,” replied the master.
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 25@CoverosGene Testivus on Code Coverage Towards the end of the day, a third programmer asked the same question about code coverage. The master said sternly “Eighty percent and no less!”
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 26@CoverosGene Testivus on Code Coverage The apprentice asked the master why he gave the programmers three different answers to the same question. The master began to answer. “The first programmer is new and just getting started with testing. Right now he has a lot of code and no tests. He has a long way to go; focusing on code coverage at this time would be depressing and quite useless. He’s better off just getting used to writing and running some tests. He can worry about coverage later.”
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 27@CoverosGene Testivus on Code Coverage “The second programmer, on the other hand, is quite experienced both at programming and testing. When I replied by asking her how many grains of rice I should put in a pot, I helped her realize that the amount of testing necessary depends on a number of factors, and she knows those factors better than I do – it’s her code after all. There is no single, simple, answer, and she’s smart enough to handle the truth and work with that.”
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 28@CoverosGene Testivus on Code Coverage “I see,” said the apprentice. “But if there is no single simple answer, why did you tell the third programmer Eighty percent and no less?” The master laughed. “The third programmer wants only simple answers – even when there are no simple answers… and then does not follow them anyway.” Alberto Savoia http://www.artima.com/forums/flat.jsp?forum=106&thread=204677
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 29@CoverosGene Code Coverage • Measures code executed when unit tests run • NOT amount of code tested • Good tool to find untested code • Not covered == not tested • Covered == possibly tested
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 30@CoverosGene Test All The Things, Literally for (Method method : object.getClass().getMethods()) { if (method.getName.startsWith("set")) { if (method.getParameterTypes().length > 0) { Class paramClass = method.getParameterTypes()[0]; if (paramClass.getName.equals("java.lang.String")) { method.invoke(object, "JUNIT TEST"); } else if (paramClass.getName.equals("java.lang.Object")) { method.invoke(object, new Object()); } else if (paramClass.getName.equals("java.util.Date")) { method.invoke(object, new java.util.Date()); } else if (paramClass.getName.equals("java.math.BigDecimal")) { method.invoke(object, new BigDecimal(100));
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 31@CoverosGene Code Coverage • Measures code executed when unit tests run • NOT amount of code tested • Good tool to find untested code • Not covered == not tested • Covered == possibly tested SMARTX
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 32@CoverosGene Mutation Testing • Reruns unit tests against modified versions of your code • If tests still pass, code isn’t tested • Tests quality of tests public int foo(int i) { i--; return i; } public int foo(int i) { i++; return i; } SMARTRTAMS
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 33@CoverosGene Number of Failing Unit Tests • Unit tests document the developer’s intent • What is an acceptable number of failing tests? SMARTRTAMS
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 34@CoverosGene Legacy Code • Greenfield code = your mess • Legacy code = someone else’s mess that you have inherited • Consider applying • Quality gates to new code • Watch trends on existing code • As you modify existing code • Leave the code cleaner than it was when you found it
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 35@CoverosGene Technical Debt “You can have things early in a development and gain experience and that’s a good strategy, as long as you have a plan to pay it back. If you don’t pay it back then you get a compounding – learning that you’ve consciously avoided comes back to hurt you. ” – Ward Cunningham
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 36@CoverosGene Qualities of Good Code Cohesive non-Redundant Encapsulated Assertive Testable Explicit David Bernstein @ToBeAgile https://tobeagile.com/
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 37@CoverosGene Technical Debt • Bugs and potential bugs • Coding standards violations • Duplications • Lack of unit tests • Bad distribution of complexity • Not enough or too many comments • Spaghetti design ← redundant ← not testable ← not cohesive ← not cohesive ← not explicit not assertive not encapsulated SonarQube measures technical debt as:
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 38@CoverosGene Technical Debt • Bugs and potential bugs • Coding standards violations • Duplications • Lack of unit tests • Bad distribution of complexity • Not enough or too many comments • Spaghetti design SonarQube measures technical debt as: SMARTRTAMS
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 39@CoverosGene Normalization of Deviance “The gradual process through which unacceptable practice or standards become acceptable. As the deviant behavior is repeated without catastrophic results, it becomes the social norm for the organization.” – Diane Vaughn
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 40@CoverosGene Continuous Integration • The act of frequently integrating different developer’s code, building, and testing each commit to find any problems quickly • The goal is that software is always in a working state • The developer codes, commits, and then waits for the automated build, unit tests, and static analysis to run • If anything fails, the developer is on hand to fix it before anyone else is disrupted
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 41@CoverosGene Build Time • Time to complete cycle • Automated build • Unit tests • Static analysis • CI cycle should be no more than 10 minutes • Keep it short to encourage more frequent exercise
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 42@CoverosGene
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 43@CoverosGene
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 44@CoverosGene Build Time • Time to complete cycle • Automated build • Unit tests • Static analysis • CI cycle should be no more than 10 minutes • Keep it short to encourage more frequent exercise SMARTRTAMS
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 45@CoverosGene Escaped Defects • Defects that are found after “done” • Could be • Bugs • Functional defects • Security issues • Usability problems • Unacceptable performance • What is an acceptable number of escaped defects? SMARTX
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 46@CoverosGene Escaped Defects • Zero isn’t realistic • Zero may not be desirable • Watch the trend • Hold even or decrease • Adjust process and definition of done • As you improve • In order to improve • Best measure of team quality SMARTRTAMS
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 47@CoverosGene Retrospectives • Regularly reevaluate • Metrics • Are they still relevant? • Are we missing metrics we should be watching? • Quality gates • Are they achievable? • Could we be stricter? Would that add value? • Use escaped defects as a guide
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 48@CoverosGene Wrap Up
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 49@CoverosGene #Coveros5 • Metrics should be SMART Specific, Measurable, Achievable, Relevant, and Timely • Use metrics to set quality gates If you can't commit to the metric, don't bother tracking it • Code coverage doesn't tell the whole story use mutation testing too • Trends are usually more important than absolute values except for 0 failing unit tests • Escaped defects is the most important metric no matter where your boundary of “escape” is
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 50@CoverosGene Development Metrics Good Escaped defects 0 failing unit tests Technical debt Mutation testing coverage Build time BAD Lines of code Number of bugs fixed Number of unit tests Code coverage (alone)
© COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 51@CoverosGene Questions? Gene Gotimer gene.gotimer@coveros.com @CoverosGene Come see my Lightning Talk Thursday at 3:45pm in Wekiwa 3&4 for Creative Solutions to Already Solved Problems

Recommended

Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?
Gene Gotimer
 
Get to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGet to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy Code
Gene Gotimer
 
Continuous Security: 5 Ways DevOps Improves Security
Continuous Security: 5 Ways DevOps Improves SecurityContinuous Security: 5 Ways DevOps Improves Security
Continuous Security: 5 Ways DevOps Improves Security
Sonatype
 
DevOps Connect: Josh Corman and Gene Kim discuss DevOpsSec
DevOps Connect: Josh Corman and Gene Kim discuss DevOpsSecDevOps Connect: Josh Corman and Gene Kim discuss DevOpsSec
DevOps Connect: Josh Corman and Gene Kim discuss DevOpsSec
Sonatype
 
A Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryA Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software Delivery
Gene Gotimer
 
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene Gotimer
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene GotimerDevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene Gotimer
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene Gotimer
DevOpsDays Baltimore
 
DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityDevOps: Security's Big Opportunity
DevOps: Security's Big Opportunity
Timothy Jarrett
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingTests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing
Gene Gotimer
 

Recommended

Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?
Gene Gotimer
 
Get to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGet to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy Code
Gene Gotimer
 
Continuous Security: 5 Ways DevOps Improves Security
Continuous Security: 5 Ways DevOps Improves SecurityContinuous Security: 5 Ways DevOps Improves Security
Continuous Security: 5 Ways DevOps Improves Security
Sonatype
 
DevOps Connect: Josh Corman and Gene Kim discuss DevOpsSec
DevOps Connect: Josh Corman and Gene Kim discuss DevOpsSecDevOps Connect: Josh Corman and Gene Kim discuss DevOpsSec
DevOps Connect: Josh Corman and Gene Kim discuss DevOpsSec
Sonatype
 
A Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryA Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software Delivery
Gene Gotimer
 
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene Gotimer
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene GotimerDevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene Gotimer
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene Gotimer
DevOpsDays Baltimore
 
DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityDevOps: Security's Big Opportunity
DevOps: Security's Big Opportunity
Timothy Jarrett
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingTests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing
Gene Gotimer
 
Code Coverage
Code CoverageCode Coverage
Code Coverage
Return on Intelligence
 
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCShifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Tom Stiehm
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
Tom Stiehm
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
Gene Gotimer
 
A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the government
Gene Gotimer
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
Gene Gotimer
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
Tom Stiehm
 
DevOps for Leadership
DevOps for LeadershipDevOps for Leadership
DevOps for Leadership
Gene Gotimer
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
Rogue Wave Software
 
What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?
Rogue Wave Software
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
All Things Open
 
Top Agile Metrics
Top Agile MetricsTop Agile Metrics
Top Agile Metrics
XBOSoft
 
BSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static AnalysisBSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static Analysis
Lewis Ardern
 
Software Quality
Software QualitySoftware Quality
Software Quality
Luis Cisneros
 
Jennifer Scandariato: Transform Your Team from QA to Test Engineering
Jennifer Scandariato: Transform Your Team from QA to Test EngineeringJennifer Scandariato: Transform Your Team from QA to Test Engineering
Jennifer Scandariato: Transform Your Team from QA to Test Engineering
Anna Royzman
 
Transformation from QA to Test Engineering
Transformation from QA to Test EngineeringTransformation from QA to Test Engineering
Transformation from QA to Test Engineering
Jennifer L. Scandariato
 
Lean Security
Lean SecurityLean Security
Lean Security
Ben Johnson
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Gene Gotimer
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Coveros, Inc.
 
10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration
Coveros, Inc.
 
System Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationSystem Event Monitoring for Active Authentication
System Event Monitoring for Active Authentication
Coveros, Inc.
 

More Related Content

Similar to Which Development Metrics Should I Watch?

A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
Gene Gotimer
 
A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the government
Gene Gotimer
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
Gene Gotimer
 
DevOps for Leadership
DevOps for LeadershipDevOps for Leadership
DevOps for Leadership
Gene Gotimer
 
Jennifer Scandariato: Transform Your Team from QA to Test Engineering
Jennifer Scandariato: Transform Your Team from QA to Test EngineeringJennifer Scandariato: Transform Your Team from QA to Test Engineering
Jennifer Scandariato: Transform Your Team from QA to Test Engineering
Anna Royzman
 
Transformation from QA to Test Engineering
Transformation from QA to Test EngineeringTransformation from QA to Test Engineering
Transformation from QA to Test Engineering
Jennifer L. Scandariato
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Gene Gotimer
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Coveros, Inc.
 

Similar to Which Development Metrics Should I Watch? (20)

Code Coverage
Code CoverageCode Coverage
Code Coverage
 
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCShifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDC
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
 
A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the government
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
 
DevOps for Leadership
DevOps for LeadershipDevOps for Leadership
DevOps for Leadership
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
 
What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
 
Top Agile Metrics
Top Agile MetricsTop Agile Metrics
Top Agile Metrics
 
BSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static AnalysisBSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static Analysis
 
Software Quality
Software QualitySoftware Quality
Software Quality
 
Jennifer Scandariato: Transform Your Team from QA to Test Engineering
Jennifer Scandariato: Transform Your Team from QA to Test EngineeringJennifer Scandariato: Transform Your Team from QA to Test Engineering
Jennifer Scandariato: Transform Your Team from QA to Test Engineering
 
Transformation from QA to Test Engineering
Transformation from QA to Test EngineeringTransformation from QA to Test Engineering
Transformation from QA to Test Engineering
 
Lean Security
Lean SecurityLean Security
Lean Security
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
 

More from Coveros, Inc.

Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
Coveros, Inc.
 
Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and Puppet Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and Puppet
Coveros, Inc.
 
Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a Time Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a Time
Coveros, Inc.
 
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC) DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)
Coveros, Inc.
 
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Coveros, Inc.
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing
Coveros, Inc.
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to Go Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to Go
Coveros, Inc.
 

More from Coveros, Inc. (11)

10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration
 
System Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationSystem Event Monitoring for Active Authentication
System Event Monitoring for Active Authentication
 
Increasing Quality with DevOps
Increasing Quality with DevOpsIncreasing Quality with DevOps
Increasing Quality with DevOps
 
Building Security in Using CI
Building Security in Using CIBuilding Security in Using CI
Building Security in Using CI
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and Puppet Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and Puppet
 
Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a Time Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a Time
 
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC) DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)
 
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to Go Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to Go
 

Recently uploaded

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
anilsa9823
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
anilsa9823
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

Recently uploaded (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 

Which Development Metrics Should I Watch?

  • 1. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 1@CoverosGene Agility. Security. Delivered. Which Development Metrics Should I Watch? Gene Gotimer @CoverosGene
  • 2. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 2@CoverosGene About Coveros • Coveros builds security-critical applications using agile methods. • Coveros Services • Agile transformations • Agile development and testing • DevOps and continuous integration • Application security analysis • Agile & Security training • Government qualifications • DCAA approved rates and accounting • TS facility clearance Areas of Expertise
  • 3. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 3@CoverosGene Select Clients
  • 4. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 4@CoverosGene Why Metrics? “Without data you’re just another person with an opinion.” – W. Edwards Deming
  • 5. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 5@CoverosGene Metrics as Targets “People with targets and jobs dependent upon meeting them will probably meet the targets – even if they have to destroy the enterprise to do it.” – W. Edwards Deming
  • 6. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 6@CoverosGene Goodhart’s Law “When a measure becomes a target, it ceases to be a good measure.” – Charles Goodhart
  • 7. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 7@CoverosGene Managing to Metrics “Managers who don't know how to measure what they want settle for wanting what they can measure.” – Russell Ackoff
  • 8. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 8@CoverosGene What Makes a Good Metric? S Specific M Measurable A Achievable R Relevant T Timely
  • 9. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 9@CoverosGene How Many Metrics? to at least to actively pay attention to
  • 10. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 10@CoverosGene SonarQube • Software quality dashboard • Gives visibility into results of • Unit tests • Static analysis • Duplicate code • Quality problems SMARTSM T
  • 11. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 11@CoverosGene
  • 12. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 12@CoverosGene
  • 13. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 13@CoverosGene SMARTA
  • 14. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 14@CoverosGene Which metrics? Get on with it already… SMARTR
  • 15. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 15@CoverosGene WTFs per Minute SMARTXXX
  • 16. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 16@CoverosGene Lines of Code • Used for estimating costs, for example COCOMO • Measures developer productivity
  • 17. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 17@CoverosGene Lines of Code “Measuring programming progress by lines of code is like measuring aircraft building progress by weight.” – Bill Gates
  • 18. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 18@CoverosGene Lines of Code • Used for estimating costs, for example COCOMO • Measures Doesn’t measure developer productivity • Rewards build-it-yourself instead of using existing solutions • What if I’m deleting code? • Using lambdas? SMARTX
  • 19. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 19@CoverosGene Spell It All Out 1 boolean boolResult = false; 2 if (hashResult > 0) 3 boolResult = true; 4 else 5 boolResult = false; 6 assertEquals("HashCode returned was not returned", true, boolResult); as opposed to 1 assertTrue("HashCode should be a positive integer", hashResult > 0);
  • 20. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 20@CoverosGene Number of Bugs Fixed • Fixing bugs is good • When does it become a bug? • What if you write bug-free code to start with? SMART/ / X
  • 21. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 21@CoverosGene Code Complexity public List<Double> getAngles() { return Collections.unmodifiableList(angles); } public double getPerimeter() { double perimeter = 0.0d; for (double length : lengths) { perimeter += length; } return perimeter; } 1.0 2.0 SMARTRTAMS
  • 22. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 22@CoverosGene Number of Unit Tests • Unit tests document the developer’s intent • We need enough • One test per path • Can use code complexity as guide • But don’t usually have it per method • Leads to guessing SMARTXX
  • 23. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 23@CoverosGene Testivus on Code Coverage One morning, a programmer asked the master “I am ready to write some unit tests. What code coverage should I aim for?” The master replied, “Don’t worry about coverage, just write some good tests.”
  • 24. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 24@CoverosGene Testivus on Code Coverage Later, a second programmer asked the master the same question. The master pointed to a pot of boiling water and asked “How many grains of rice should I put in that pot?” The programmer replied, “How can I possibly tell you? It depends on how many people you need to feed, how hungry they are, what other food you are serving, how much rice you have available, and so on.” “Exactly,” replied the master.
  • 25. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 25@CoverosGene Testivus on Code Coverage Towards the end of the day, a third programmer asked the same question about code coverage. The master said sternly “Eighty percent and no less!”
  • 26. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 26@CoverosGene Testivus on Code Coverage The apprentice asked the master why he gave the programmers three different answers to the same question. The master began to answer. “The first programmer is new and just getting started with testing. Right now he has a lot of code and no tests. He has a long way to go; focusing on code coverage at this time would be depressing and quite useless. He’s better off just getting used to writing and running some tests. He can worry about coverage later.”
  • 27. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 27@CoverosGene Testivus on Code Coverage “The second programmer, on the other hand, is quite experienced both at programming and testing. When I replied by asking her how many grains of rice I should put in a pot, I helped her realize that the amount of testing necessary depends on a number of factors, and she knows those factors better than I do – it’s her code after all. There is no single, simple, answer, and she’s smart enough to handle the truth and work with that.”
  • 28. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 28@CoverosGene Testivus on Code Coverage “I see,” said the apprentice. “But if there is no single simple answer, why did you tell the third programmer Eighty percent and no less?” The master laughed. “The third programmer wants only simple answers – even when there are no simple answers… and then does not follow them anyway.” Alberto Savoia http://www.artima.com/forums/flat.jsp?forum=106&thread=204677
  • 29. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 29@CoverosGene Code Coverage • Measures code executed when unit tests run • NOT amount of code tested • Good tool to find untested code • Not covered == not tested • Covered == possibly tested
  • 30. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 30@CoverosGene Test All The Things, Literally for (Method method : object.getClass().getMethods()) { if (method.getName.startsWith("set")) { if (method.getParameterTypes().length > 0) { Class paramClass = method.getParameterTypes()[0]; if (paramClass.getName.equals("java.lang.String")) { method.invoke(object, "JUNIT TEST"); } else if (paramClass.getName.equals("java.lang.Object")) { method.invoke(object, new Object()); } else if (paramClass.getName.equals("java.util.Date")) { method.invoke(object, new java.util.Date()); } else if (paramClass.getName.equals("java.math.BigDecimal")) { method.invoke(object, new BigDecimal(100));
  • 31. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 31@CoverosGene Code Coverage • Measures code executed when unit tests run • NOT amount of code tested • Good tool to find untested code • Not covered == not tested • Covered == possibly tested SMARTX
  • 32. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 32@CoverosGene Mutation Testing • Reruns unit tests against modified versions of your code • If tests still pass, code isn’t tested • Tests quality of tests public int foo(int i) { i--; return i; } public int foo(int i) { i++; return i; } SMARTRTAMS
  • 33. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 33@CoverosGene Number of Failing Unit Tests • Unit tests document the developer’s intent • What is an acceptable number of failing tests? SMARTRTAMS
  • 34. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 34@CoverosGene Legacy Code • Greenfield code = your mess • Legacy code = someone else’s mess that you have inherited • Consider applying • Quality gates to new code • Watch trends on existing code • As you modify existing code • Leave the code cleaner than it was when you found it
  • 35. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 35@CoverosGene Technical Debt “You can have things early in a development and gain experience and that’s a good strategy, as long as you have a plan to pay it back. If you don’t pay it back then you get a compounding – learning that you’ve consciously avoided comes back to hurt you. ” – Ward Cunningham
  • 36. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 36@CoverosGene Qualities of Good Code Cohesive non-Redundant Encapsulated Assertive Testable Explicit David Bernstein @ToBeAgile https://tobeagile.com/
  • 37. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 37@CoverosGene Technical Debt • Bugs and potential bugs • Coding standards violations • Duplications • Lack of unit tests • Bad distribution of complexity • Not enough or too many comments • Spaghetti design ← redundant ← not testable ← not cohesive ← not cohesive ← not explicit not assertive not encapsulated SonarQube measures technical debt as:
  • 38. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 38@CoverosGene Technical Debt • Bugs and potential bugs • Coding standards violations • Duplications • Lack of unit tests • Bad distribution of complexity • Not enough or too many comments • Spaghetti design SonarQube measures technical debt as: SMARTRTAMS
  • 39. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 39@CoverosGene Normalization of Deviance “The gradual process through which unacceptable practice or standards become acceptable. As the deviant behavior is repeated without catastrophic results, it becomes the social norm for the organization.” – Diane Vaughn
  • 40. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 40@CoverosGene Continuous Integration • The act of frequently integrating different developer’s code, building, and testing each commit to find any problems quickly • The goal is that software is always in a working state • The developer codes, commits, and then waits for the automated build, unit tests, and static analysis to run • If anything fails, the developer is on hand to fix it before anyone else is disrupted
  • 41. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 41@CoverosGene Build Time • Time to complete cycle • Automated build • Unit tests • Static analysis • CI cycle should be no more than 10 minutes • Keep it short to encourage more frequent exercise
  • 42. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 42@CoverosGene
  • 43. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 43@CoverosGene
  • 44. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 44@CoverosGene Build Time • Time to complete cycle • Automated build • Unit tests • Static analysis • CI cycle should be no more than 10 minutes • Keep it short to encourage more frequent exercise SMARTRTAMS
  • 45. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 45@CoverosGene Escaped Defects • Defects that are found after “done” • Could be • Bugs • Functional defects • Security issues • Usability problems • Unacceptable performance • What is an acceptable number of escaped defects? SMARTX
  • 46. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 46@CoverosGene Escaped Defects • Zero isn’t realistic • Zero may not be desirable • Watch the trend • Hold even or decrease • Adjust process and definition of done • As you improve • In order to improve • Best measure of team quality SMARTRTAMS
  • 47. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 47@CoverosGene Retrospectives • Regularly reevaluate • Metrics • Are they still relevant? • Are we missing metrics we should be watching? • Quality gates • Are they achievable? • Could we be stricter? Would that add value? • Use escaped defects as a guide
  • 48. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 48@CoverosGene Wrap Up
  • 49. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 49@CoverosGene #Coveros5 • Metrics should be SMART Specific, Measurable, Achievable, Relevant, and Timely • Use metrics to set quality gates If you can't commit to the metric, don't bother tracking it • Code coverage doesn't tell the whole story use mutation testing too • Trends are usually more important than absolute values except for 0 failing unit tests • Escaped defects is the most important metric no matter where your boundary of “escape” is
  • 50. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 50@CoverosGene Development Metrics Good Escaped defects 0 failing unit tests Technical debt Mutation testing coverage Build time BAD Lines of code Number of bugs fixed Number of unit tests Code coverage (alone)
  • 51. © COPYRIGHT 2017 COVEROS, INC. ALL RIGHTS RESERVED. 51@CoverosGene Questions? Gene Gotimer gene.gotimer@coveros.com @CoverosGene Come see my Lightning Talk Thursday at 3:45pm in Wekiwa 3&4 for Creative Solutions to Already Solved Problems