CISQ is launching its State of the Nation survey on software quality. I sat down with Dave Norton, Executive Director of CISQ and lead author of the survey, to draw out his insights and rationale for launching the survey and its subsequent report. Continue reading... - Tracie Berardi, Program Manager, CISQ
Q: What is CISQ seeing in the market?
All of the indicators, from government papers to consultant reports, point to one thing: IT is in crisis when it comes to software security and systems quality. Globally we see increased numbers of cyber incidents and IT outages. Companies large and small are struggling with high levels of technical debt and associated costs and risk.
With so many organizations focusing on agile and DevOps, we have to acknowledge it many not just be new features we are delivering in a shorter time frame, it could also be vulnerabilities. There is a genuine danger of organizations becoming technical debt-generating machines, where we create as much technical debt in the next 5 years as we did in last 30.
Q: What should members of CISQ be doing?
If “Every Business is a Software Business” (Watts S. Humphrey), then all IT risk is business risk. Moving beyond that sound bite requires IT and Business working together with an aligned risk governance and management strategy.
The practical implication is software risk has to ‘shift-left,’ understood by the product owner and visible on the backlog. It also means teams need to think of code quality as just as necessary as the features and functions they deliver – an end to the non-functional requirements mindset.
Software quality has to be integrated into the continuous delivery process. Just as we talk of continuous integration (CI), we should be talking of continuous quality (CQ); with automated QA practices integrated into the development toolchain.
Q: What are you trying to look at with this survey?
We are aiming to have the first comprehensive study of software quality analysis that covers not only tool vendors and systems integrators, but also end-user organizations and includes managers and engineers.
The impetus for the study is the alarming increase in software quality-related incidents and CISQ member concerns that organizations are not getting the basics right. We want to see how the move to agile and DevOps is changing not only software quality practices but developer attitudes and behavior when it comes to code quality.
It is also important to see how software quality standards are being utilized by system integrator and end-user organizations; which standards are being used, which sectors are driving adoption and how organizations are deriving value from the standards. We also need to see where the gaps are regarding software quality standards so we at CISQ, and others, can start to look at filling those gaps.