SD Times July 2019

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:06 PM Page 2

003_SDT025.qxp_Layout 1 6/24/19 12:52 PM Page 3

Contents

VOLUME 2, ISSUE 25 • JULY 2019

FEATURES

NEWS 6

News Watch

18

CloudBees acquires Rollout to bring feature management to DevOps

18

GitLab 11.11 focuses on collaboration and visibility

Reskilling developers for the new software landscape

page 8

The rise of Kotlin page 14

Web development: So many choices to get the right fit

COLUMNS 44

GUEST VIEW by Kristy Sherman How to create a data-driven culture

45

ANALYST VIEW by Mark Driver Artificially intelligent “co-developers”

46

INDUSTRY WATCH by David Rubinstein Beware the dark patterns of privacy

BUYERS GUIDE Testing all the time

page 20 page 35

Low-code/no-code development heats up

page 26

Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 80 Skyline Drive, Suite 303, Plainview, NY 11803. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2019 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 80 Skyline Drive, Suite 303, Plainview, NY 11803. SD Times subscriber services may be reached at subscriptions@d2emerge.com.

004_SDT025.qxp_Layout 1 6/21/19 5:12 PM Page 4

®

Instantly Search Terabytes

www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Christina Cardoza ccardoza@d2emerge.com

dtSearch’s document filters VXSSRUW ‡ SRSXODU ILOH W\SHV ‡ HPDLOV ZLWK PXOWLOHYHO DWWDFKPHQWV ‡ D ZLGH YDULHW\ RI GDWDEDVHV ‡ ZHE GDWD

SOCIAL MEDIA AND ONLINE EDITORS Jenna Sargent jsargent@d2emerge.com Jakub Lewkowicz jlewkowicz@d2emerge.com ART DIRECTOR Mara Leonardi mleonardi@d2emerge.com CONTRIBUTING WRITERS Alyson Behr, Jacqueline Emigh, Lisa Morgan, Jeffrey Schwartz

2YHU VHDUFK RSWLRQV LQFOXGLQJ ‡ HIILFLHQW PXOWLWKUHDGHG VHDUFK ‡ HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ ‡ IRUHQVLFV RSWLRQV OLNH FUHGLW FDUG VHDUFK

'HYHORSHUV ‡ 6'.V IRU :LQGRZV /LQX[ PDF26 ‡ &URVV SODWIRUP $3,V IRU & -DYD DQG NET ZLWK 1(7 6WDQGDUG 1(7 &RUH

.

.

.

‡ )$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH DQG PRUH

CONTRIBUTING ANALYSTS Cambashi, Enderle Group, Gartner, IDC, Ovum

ADVERTISING SALES PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com SALES MANAGER Jon Sawyer jsawyer@d2emerge.com

CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi adtraffic@d2emerge.com LIST SERVICES Jourdan Pedone jpedone@d2emerge.com

Visit dtSearch.com for ‡ KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV ‡ IXOO\ IXQFWLRQDO HQWHUSULVH DQG GHYHORSHU HYDOXDWLRQV

The Smart Choice for Text Retrieval® since 1991

dtSearch.com 1-800-IT-FINDS

REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com

PRESIDENT & CEO David Lyman CHIEF OPERATING OFFICER David Rubinstein

D2 EMERGE LLC 80 Skyline Drive Suite 303 Plainview, NY 11803 www.d2emerge.com

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:07 PM Page 5

006-7_SDT025.qxp_Layout 1 6/21/19 3:23 PM Page 6

6

SD Times

July 2019

www.sdtimes.com

NEWS WATCH CockroachDB changes its open-source licensing model

Report: Python aims to replace Java atop language ranking

Cockroach Labs has announced that it is switching CockroachDB away from the Apache License version 2 (APL). According to Cockroach Labs, companies are offering other companies’ open-source products as their own service. “We’re witnessing the rise of highly integrated providers taking advantage of their unique position to offer “as-a-service” versions of [open-source software] OSS products, and offer a superior user experience as a consequence of their integrations,” Cockroach Labs wrote in a blog post. A recent example of this is Amazon’s forked version of ElasticSearch, the company explained. As a result of these changes in the industry, CockroachDB will now be offered under a permissive version of the Business Source License (BSL). What this means is that CockroachDB can be scaled to any number of nodes, used or embedded in applications, or run as an internal service, but it cannot be offered as a commercial version without the purchase of a license.

Java’s reign as the top programming language is in jeopardy as Python has been steadily rising in the charts. In TIOBE’s June 2019 programming language Index, Python has surpassed C++ and is now in the top three programming languages. Java still holds the top spot while C is second. According to TIOBE, if Python keeps this pace up it could replace both Java and C in three to four years.

People on the move

Apple introduces new framework to build UIs using Swift Apple announced its new SwiftUI framework, a UI coding structure that lets developers create UIs with less Swift code using declarative syntax and the new graphical design tools Xcode 11. “SwiftUI is built in Swift for Swift and it’s designed to help you build better apps with way less code,” said Craig Federighi, the senior vice president of software engineering at Apple. “SwiftUI truly transforms user

n The DevOps Institute has announced Eveline Oehrlich will be joining as a chief research analyst. Oehrlich was an inaugural part in researching and analyzing the DevOps Institute’s 2019 report, “Upskilling: Enterprise DevOps Skills.” She will continue to drive the overall DevOps research strategy for the institute and participate in the 2020 Upskilling report . Additionally, she will support the SKILL Framework, which includes skills, knowledge, ideas and learning in the form of research, case studies and other industry content.

interface creation by automating large portions of the process and providing realtime previews of how UI code looks and behaves in-app.” Developers will be able to choose certain UI components and get real-time visual feedback on how the code works in the app. Xcode can recompile changes instantly and inserts them into a running version of a developer’s app. In addition, changes are visible and editable at all times, according to Apple.

Apollo Federation brings GraphQL to microservices The Apollo team wants to help developers adopt GraphQL within their microservice architectures with the announcement of its open-source project Apollo Federation. According to Apollo’s engineering manager James Baxley III, developers want to be able to access data through a single GraphQL query even if that data lives in separate places. Before Apollo Federation, Baxley explained that type of action was only really possible in a monolithic architecture.

n Square 9 Softworks announced a new director of digital transformation strategies is joining its team. Keith Snyder will be responsible for leading a new team focused entirely on digital transformation products and services within the company. Snyder has more than 25 years of experience in the document capture and management industry ranging from business process outsourcing, hardware manufacture, document management software manufacture and document management resell.

Salesforce Lightning Web Components now open sourced Salesforce is opening up its Lightning Web Components to a wider developer audience. The company has announced the JavaScript framework is now open sourced, expanding developers’ ability to create web components across a variety of platforms. According to Salesforce, Lightning Web Components are custom elements built with HTML and modern JavaScript. The framework is based off of core Web Component standards, and provides only the features necessary for performing well in browsers. “Because it’s built on code that runs natively in browsers, the framework is lightweight and delivers exceptional performance. Most of the code you write is standard JavaScript and HTML,” the company wrote.

Angular 8 released with builder APIs and web worker support The Angular team has announced a major release of its mobile and desktop framework.

n Current Linux Foundation board member and former Bitnami COO and co-founder Erica Brescia is joining GitHub as its new chief operating officer. Most of Brescia’s career has been focused in the open-source world, giving her the unique understanding and appreciation for developer collaboration. As GitHub’s COO, Brescia will work on growing and optimizing how the GitHub team works. Her immediate focus will be on scaling the company’s support, business development and workplace experience teams.

006-7_SDT025.qxp_Layout 1 6/21/19 3:23 PM Page 7

www.sdtimes.com

Veritas Technologies finds more than 50 percent of data remains in the dark A majority of organizations are vulnerable to hack attacks because they are still in the dark when it comes to their data. A newly released report reveals more than half of all data within organizations remains unclassified or untagged, which results in an organization’s inability to assess the risk or value of more than half of its data. The Value of Data study was conducted by the research firm Vanson Bourne for enterprise data management provider Veritas Technologies. It looked at responses from 1,500 IT decision managers and data managers globally. According to the study, 67 percent of companies surveyed said that less than half of their mobile device data is classified and 61 percent of companies said their public cloud data experiences the same amount of neglect. This poses a large security risk and the potential for companies to violate increasingly stringent data protection laws such as GDPR, Veritas explained. “When data is fragmented across an organization and has not been properly tagged, it is more likely to go ‘dark’, threatening the company’s reputation and market share if it falls foul of data protection regulations such as GDPR,” said Jyothi Swaroop, the vice president of product and solutions at Veritas. “So it’s vital that organizations take full responsibility for ensuring their data is effectively managed and protected.” Angular 8 spans the entire platform and includes updates to Angular Material, the CLI, improved application startup time, and more web standards. One significant feature is the addition of differential loading by default. According to Angular developer advocate Stephen Fluin, differential loading enables browsers to choose between modern or legacy JavaScript based on its capabilities. By enabling this by default, users will automatically get the necessary bundle. Additionally, Fluin explained developers are finding their apps are able to save between 7 to 20 percent of their bundle size depending on the modern JavaScript features available. Version 8’s new builder APIs are similar to Schematics in that they allow developers to use ng build, ng test, and ng run to perform processes. “Builders are functions that implement the logic and behaviour for a task that can replace a command,” the team

wrote in a blog post. The team is also introducing a new API to make it easier for developers to use Schematics to open and modify their angular.json files. The workspaces API is designed to make it easier to read and modify the file. Other features include AngularJS migration improvements, support for ECMAScript dynamic, and CLI telemetry.

Spring Runtime released to support Java environments Cloud-native platform provider Pivotal has announced the release of Pivotal Spring Runtime, a support package designed for Java environments like OpenJDK, Spring, and Apache Tomcat. According to the company, the release is meant to address recent changes in the Oracle Java SE distribution, which have spiked uncertainty over the rights to use Oracle JDK vs Oracle OpenJDK builds and

OpenJDK builds from other providers. The Spring Runtime includes a Pivotal Distribution of OpenJDK with ongoing support and regular security and performance updates. Additionally, the company is now a platinum sponsor of AdoptOpenJDK. As part of its Spring support, Pivotal offers commercial support for Spring projects including Spring Framework, Boot, Cloud and Cloud Dataflow. In addition, Pivotal Spring Runtime contains Pivotal tc Server, its distribution of Apache Tomcat.

W3C and WHATWG collaborate on single HTML, DOM specs The World Wide Web Consortium (W3C) and the Web Hypertext Application Technology Working Group (WHATWG) have decided that the web community will be best served by a single development stream for each of HTML and DOM specifications. According to the

July 2019

SD Times

organizations, diverging the specifications and splitting the community to focus on different documents has been costly and inefficient. As a result, the groups are signing a Memorandum of Understanding, handing most of the developing power to WHATWG and putting W3C in the roll of providing input and endorsements. According to the agreement, WHATWG will maintain the HTML and DOM Living Standards, while W3C will facilitate community work directly in the WHATWG repositories. In addition W3C is ending its publishing of its designated list of specifications and will work to take WHATWG Review Drafts to W3C Recommendations.

Salesforce to acquire data visualization company Tableau Salesforce is acquiring data analytics and visualization platform Tableau for a whopping $15.7 billion in an all-stock transaction. The acquisition follows Google’s purchase of the analytics startup Looker for $2.6 billion last week and shows that the industry is willing to pay huge sums for effective data analytics. With the acquisition Salesforce will be able to integrate Tableau’s data visualization and analytics capabilities into its intelligent view service, Customer 360 and AI for CRM service, Einstein. Tableau will still operate independently under the Tableau brand and will remain headquartered in Seattle, Washington with current CEO Adam Selipsky at the helm. z

7

008-13_SDT025.qxp_Layout 1 6/21/19 4:44 PM Page 8

8

SD Times

July 2019

www.sdtimes.com

008-13_SDT025.qxp_Layout 1 6/21/19 4:49 PM Page 9

S

BY JAKUB LEWKOWICZ oftware changes fast, and developers will need to vigilantly reskill their workers to maintain competence in the highly competitive arena. Reskilling includes learning new programming languages, containerization, big data

www.sdtimes.com

advancing industries like development and data science. These companies will need to look toward implementing training programs that can more quickly retool the labor force rather than toward multi-year degrees, according to the most recent McKinsey Global Institute report on the state of jobs: “Jobs lost, jobs gained: Workforce transitions

July 2019

SD Times

9

always manually driven, they also drive a tremendous demand for employees that have the skills to work with that automation. “Artificial intelligence is meant to complement and enhance rather than displace human labor,” said Costas Spanos, director of the Center for Information Technology Research in

for the new software landscape Whether it’s a boot camp, a MOOC or college, programmers have options for keeping up with changes in development and working with the most significant tech disruptor: automation. “There’s a growing awareness that the half-life of any technology skill is about two to three years. Even if you are a skilled developer, [if] you don’t reskill and learn more, it’s hard to stay relevant,” said Leah Belsky, vice president of enterprise at Coursera, a massive open online course (MOOC). Luckily, there are many ways to do so. Bootcamps, college courses, conference training, in-house consulting and courses are just some ways to go about reskilling the workforce. Some of these educational methods can tailor specifically to companies and their goals and reskill their workforce accordingly. “Through a massive consumer database we have insight into what skills are trending and what competitors of companies and specific industries are investing in and how their employees are learning and performing,” Belsky said. “We’re now working on options for companies to actually offer their own content.” The speed of reskilling is one of the top priorities for companies in rapidly

in a time of automation.” Software development is still the most in-demand position for tech giants like Amazon, Google, Apple, Microsoft and Oracle, followed by the demand for data analysts, and the demand for these skills is only projected to grow in the near and far future, according to a report by personal career advisor Paysa. Basic knowledge in mobile development is also beneficial as companies are becoming more mobile-focused and need developers to build apps and mobile operating systems. Despite the notion that automation takeover is not nearly as prevalent in software development as in other fields, developers still need to take advantage of sharpening their skill sets to remain competitive since software changes fast. “We’re seeing that automation is now a must-have job skill,” said Ken Goetz, Red Hat’s vice president of training and certification. “We see what’s happening in the larger industry where improving efficiency to enable the move to go up in the hybrid cloud is pushing customers towards needing to have more automation in their infrastructure.” Ironically, while automation and AI are replacing specific tasks that were

the Interest of Society (CITRIS) and the Banatao Institute, which creates information technology solutions for society’s most pressing tech challenges between the UC campuses. Some businesses are taking the lead in some areas, providing on-the-job training and opportunities for workers to upgrade their skills, both through inhouse training and partnerships with education providers. One software company that’s reskilling its administrators in-house is Red Hat. Finding that 20 percent of Linux job postings require automation as a core skill was part of the impetus for creating the in-house training program, according to Goetz. The company announced that it was overhauling its Red Hat Certified Engineer (RHCE) certification to train Linux professionals. The new program is built around acquiring automation skills, mainly using Red Hat Ansible Automation, because it has become such a vital tool for Linux system administrators. The new course will teach admins how to automate tasks such as provisioning, configuration, application continued on page 12 >

008-13_SDT025.qxp_Layout 1 6/21/19 4:50 PM Page 10

10

SD Times

July 2019

www.sdtimes.com

Bootcamps and MOOCs are picking up STEAM

BY JAKUB LEWKOWICZ

Coding boot camps and massive online open courses (MOOCs) are often called a “fast track” to well-paying tech jobs. The courses cost significantly less for tuition, and they run for three to six months on average. The average boot camp tuition is around $11,874. “Learners need transformative learning and valuable credentials at an affordable price, universities need access to a world of learners at low cost, and companies need a steady flow of talent with competencies necessary to drive their businesses. As a platform, we are creating a network effect, a virtuous cycle among all three parts of the ecosystem,” said Jeff Maggioncalda, CEO of online learning platform provider Coursera, in an interview with Forbes. Leah Belsky, vice president of enterprise at Coursera explained the process of how a MOOC can work alongside a company to effectively reskill the company’s workforce tailored specifically to its needs. “We can come to a company and say ‘here are the skills that we recommend you invest in.’ The second thing we do is we’ve actually mapped these core skills to different goals and functions. So if you run a software development team or if you want to run a technology organization we can identify the courses based on the functions you have in

your company,” Belsky said. “Then the third thing we do is we’ve built collections which are groupings of courses mapped to specific skills and goals that allow people to pursue these learning tasks and these collections.” Coursera’s classes are mostly created by universities such as Yale and the University of London, but also offer a bunch of courses that are created by industry partners like IBM and Google. For example, Google created a certificate program on Coursera that can be applied for people who want to get a bachelor’s in Computer Science at the University of London, Belsky explained. In Course Report’s most recent study of 1,450 graduates, coding boot camp graduates earned an average of $70,698, but this increase as developers gain seniority in the industry. On average, graduates earned $79,944 at their second job after boot camp, and $90,421 at their third job after, so salaries typically increased by 25 percent as boot campers progressed in the industry. Boot camps that are explicitly tailored to coding include App Academy, Actualize, Bitmaker General Assembly, BrainStation, Code Fellows and Code Platoon. While some boot camps conduct their courses solely on premises, some options don’t require you to deplete your workforce for months on end while reskilling. For example, Actualize is a 12-week

software development boot camp that is available online and also in Chicago with both part-time and full-time options. Instructors with professional educational experience teach students full stack web development including Ruby, Rails, JavaScript, VueJS, SQL and Git. MOOCs have also recently been picking up steam. In this age of borderless classrooms, the realization of these online courses has further improved the level of education delivery, even to those places that have been underdeveloped over the years due to lack of educational facilities. “Finding an inexpensive but highquality way to retrain is turning out to be a historic challenge,” said Maggioncalda. The global market for MOOCs is projected to grow from $3.9 billion in 2018 to $20.8 billion in 2023. The unique value MOOCs provide over something like a boot camp is their scale. Although online courses are increasingly seen as a disruptor to traditional education with universities investing more than ever in their online programs, Belsky says the courses are meant to complement traditional education. ‘What we’re actually seeing is that universities will incorporate some of the industry content into university programs to make them more relevant,” Belsky said. z

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:07 PM Page 11

008-13_SDT025.qxp_Layout 1 6/21/19 4:50 PM Page 12

12

SD Times

July 2019

www.sdtimes.com

< continued from page 9

deployment and orchestration in addition to teaching the core Linux skills. They can then install and configure Ansible as well as learn how to prepare managed hosts for automation. The size, volumes and the efficiencies needed to run a modern data center or to run a modern cloud — whether it’s a public or private cloud — have grown to levels that only automated software can handle. In the past, developers would have

eration of technologies,” said Goetz. In addition to automation, the growth of mobile and smart devices and the spread of the IoT have made connected devices commonplace, creating vast datasets that need to be stored and secured and heightening the demand for data science skills such as machine learning and statistical programming, according to the Coursera Global Skills Index 2019. “People who have the ability to use the latest tools to analyze big data sets

Skills in highest demand based on 2019 Global Skills Index, Coursera TECHNOLOGY

DATA SCIENCE

Data structures

Python

Web scraping

Bigtable

Database model

Support vector machine

SQL

Data stream management system

Apache Beam

Artificial neural network

Blockchains

NumPy

Data model

Multi-task learning

Cloud computing

Word2Vec

CSS framework

Word embedding

Mobile ad hoc network

Speech transfer

to write shell scripts to program that automation to do a specific set of tasks. This laborious task was a huge problem standing in the way of productivity. “The problem with that is that you’re basically reinventing the wheel,” said Red Hat’s Goetz. “You’re not taking advantage of where the industry is and the work that others have done and so every time someone goes in and builds to the script they’re building it on their own, and they’re maintaining it on their own. It’s just not scalable.” To solve that burdensome loop, DevOps teams are increasingly adding automation tools like Ansible to end repetitive tasks, speed productivity and scale all in an easily readable language. Puppet and Chef are similar automation solutions for managing infrastructure and applications. “Every business right now is trying to think about how they can automate more of what they do and so having a baseline of skill around automation enables these other things to occur in the infrastructure to be able to support that next gen-

are in demand now,” said CITRIS’ Spanos. “Just like using Word, PowerPoint and Excel became a generic skill that everybody needs to know regardless of what they do, data analytics is going to be similarly pervasive. Data science at UC Berkeley is emerging as a huge new movement that is transforming the way we train everybody and not just engineers.” Currently, there is a significant deficit of people with the skills to work with the vast troves of data, relegating the untapped information to a category called “dark data.” A recent report by Splunk, a provider of software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface, found that over 60 percent of organizations believe that more than half of their data is dark, while a third of them believe that over 75 percent of their data is dark. “I think a lot of the technological problems of data processing are increasingly solved by commercial tools and open source and so it’s not really the pro-

cessing of the data so much as the understanding of what the data represents and what are some of the biggest barriers to access and to be able to access our data,” said Tim Tully, CTO of Splunk. “I think a lot of it is it’s just people are collecting data from devices and laptops and servers in the enterprise and are not doing anything with it.” The top challenges to recovering dark data include the ever-growing data volume and a lack of necessary skill sets and resources, the report found. Ninety-two percent of employees said that they are willing to learn new data skills. Surprisingly, 69 percent responded that they want to continue doing what they’re already doing, regardless of the impact on the business or their career. “Data wrangling is hard. Disks are getting larger and larger in terms of capacity. What that’s doing is sort of exacerbating the problem with dark data because now we’re getting more granular with the data we collect. Most people consume the data in a dashboard but they don’t actually know where the data came from,” Tully said. “I think the important thing is to make it a priority to understand that this concept of dark data exists and there’s potential data that you can do something with. The other thing is making sense of the data that was collected.” In addition to automation and dark data, the importance of new programming languages is a cause for reskilling. As the programming industry evolves, programming languages do too. According to writer Arani Chatterjee in an article on simpleprogrammer.com called “4 Reasons Why Your Choice of Programming Language Doesn’t Matter Much,” some of the popular programming languages like Perl and Ruby are falling out of favor and new programming languages like Swift, Kotlin and R are gaining popularity. Developers are always creating new programming languages (e.g., R), frameworks and tools to make development better and faster.

Tech workers in high demand The rapid evolution of software has created a massive demand for technical

008-13_SDT025.qxp_Layout 1 6/21/19 4:51 PM Page 13

www.sdtimes.com

workers to work as developers and IT professionals in companies that span all industries. A 2017 Singlesprout report projected a shortage of 1.1 million STEM workers by 2024. Traditionally, secondary schools and colleges carried the onus of preparing workers for the jobs, but they have been unable to do so quick enough in today’s rapidly changing tech economy. According to Coursera’s 2019 Global Skills Index, the United States ranks 23rd in the world when it comes to technology. It lags far behind countries that are leading the category such as Finland, Switzerland and Austria which have heavy institutional investment in education via workforce development and public education initiatives, the report explains. “I think [government] policy has to play a major role in that as well because the free market is not going to get everything right, especially when it comes to mid to late career workers that need to be reskilled. There is a danger that they may be left out,” suggested CITRIS’ Spanos. “So I think that

there should be a policy that should first create the appropriate incentives on the appropriate skills. Meanwhile, the McKinsey report projected that as many as 375 million workers (around 14 percent of the global workforce) might need to switch occupational categories as digitization, automation, and advances in artificial intelligence disrupt the world of work. A recent research report by the Society for Human Resource Management states that nearly 40 percent of hiring managers cited a lack of technical skills among the reasons why they can’t fill job openings. One of the largest companies to recently pull out all the stops for reskilling and arming its employees with the technical skills they needed is AT&T. Early last year, the mobile giant discovered that half of its 250,000 employees lacked the necessary STEM skills to keep the company in the ring against TMobile, Verizon and Sprint. Meanwhile, the switch from hardware to cloud-first operations at the company would render the work of 100,000 employees obsolete.

July 2019

SD Times

As a response, AT&T invested a whopping one billion dollars in retraining its employees. Projections showed that hiring new software and engineering workers would have cost the company significantly more. “It’s often impossible to find the type of talent you need in the market and the cost of hiring and training can be upwards of 50, 60, 70 thousand dollars and sometimes much more for each new hire,” Coursera’s Beslky said. Moreover, while high employee turnover creates a fiscal black hole, there are more reasons to avoid escorting employees to the door. Employees uphold the structure and culture of an institution. They know the lingo of the work they do and they know who is who. Belsky explained that investing in reskilling can motivate the staff with credentials and certificates that can have a lasting impact on their careers and make them engage in their learning. This investment leaves the company executives with a skilled workforce and employees who feel fulfilled: the best of both worlds. z

13

014-17_SDT025.qxp_Layout 1 6/21/19 4:52 PM Page 14

14

SD Times

July 2019

www.sdtimes.com

The rise of Kotlin Kotlin Interest in the language

skyrockets as it begins to dominate Android app development

and go beyond mobile BY CHRISTINA CARDOZA New programming languages are created every year, but seldom do they gain the attention of developers like JetBrains’ Kotlin has over the last couple of years. Kotlin is a general-purpose, statically typed programming language designed for the Java Virtual Machine (JVM), Android, browsers and native solutions. It was created by JetBrains’ language designer Andrey Breslav and officially announced by JetBrains in 2011. Today, Kotlin has become one of the most loved languages on Stack Overflow, one of the fastest growing programming languages on GitHub, and the language of choice for Android application development. Kotlin has also been featured in this year’s Thoughtworks’ Technology Radar for its rise across platforms and tools. “Developers who haven’t yet checked out Kotlin would be well advised to have a look at what it can do. It’s a genuinely good language with solid features and a growing ecosystem,” said Rebecca Parsons, chief technology officer at ThoughtWorks.

But why and how has Kotlin captivated so much interest from developers in such a short period of time? For starters, it is open source, which resonates with a majority of the software development community, according to Fausto de la Torre, head of technology for Thoughtworks. Additionally, it has the support from one of the top technology giants in the industry. Google announced support for the programming language at its Google I/O conference in 2017. But, even before Google’s announcement, many developers were already starting to switch their development efforts to Kotlin. According to Chet Haase, chief advocate for Android at Google, Kotlin breaks a pattern that too many traditional programming languages have become accepted. “The more established something is, the slower it tends to move,” he said. “After a few years, [language providers] don’t want to completely change things and adopt new paradigms into the language that are going to force things onto developers that they are not ready for.” This was also a main concern

for Google when thinking about adopting Kotlin. “We [didn’t] want to jolt Android developers and make them change everything by introducing some new concept,” Haase explained. Kotlin takes a different approach because it is completely interoperable with Java, allowing Kotlin developers to take advantage of Java’s existing ecosystem of libraries and frameworks.

How it compares to other languages That interoperability can be a tradeoff when it comes to Kotlin, though, Thoughtworks’ de la Torres explained. Because most developers adopting Kotlin are Java developers, they tend to write Kotlin in a Java style, but there are some Java behaviors, keywords and features that don’t translate well when using Kotlin. “Kotlin can use the entire ecosystem of Java. That is one of the strongest things it has, but to try to use it in the same way is challenging,” he said. “You cannot use it as straightforward as you think.” Stephanie Cuthbertson, director of continued on page 16 >

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:08 PM Page 15

014-17_SDT025.qxp_Layout 1 6/21/19 4:53 PM Page 16

16

SD Times

July 2019

www.sdtimes.com

< continued from page 14

product management for Google’s Android, argues that Java is no longer a state-of-the-art language. About half of the Android development community is using Kotlin because of its ability to provide more modern capabilities. When you look at the other languages in the Android ecosystem, C++ and Java represent a certain state of the art at a given time. For instance, C++ represents data structures and algorithms, and Java represents an object-oriented language that introduced things like automatic memory management; but Kotlin represents a more modern way of working today, Cuthbertson explained. “What developers told us they love about Kotlin is all of its modern idioms,” she said. Some examples of these include: coroutines and nullability. Coroutines introduce a new way to write asynchronous and non-blocking code. Kotlin also enables the ability to declare something explicitly null and ensure developers don’t run into null reference exceptions that can cause quality issues later on. Cuthbertson also believes the lan-

“Once you get the hang of writing Kotlin, you write less code. Because you have less code, that code is more maintainable. Because of things like nullability, you have higher quality code. And because of modern idioms, it is much more enjoyable.” —Stephanie Cuthbertson, director of

product management for Google’s Android

guage is set up to evolve more quickly over other languages because instead of being committee driven, the Kotlin language is stewarded by the Kotlin Foundation and the language design itself is done by the lead language designer Breslav. Breslav has been running a community process where he takes in a lot of input from other developers, but he is the single person who looks after it. “What that means is the language is continuing to evolve rapidly in a way that

Google’s five reasons for adopting Kotlin Adopting a new programming language to an existing and established platform like Android could be startling for developers because it can create a disjointed environment between existing apps, libraries, code, the new language and new APIs. “It is always a consideration of whether or not a platform should adopt another language, and the answer has always been no because of that jolt effect,” said Chet Haase, chief advocate for Android. “However when we floated the idea of Kotlin to developers, they were very [interested].” According to Stephanie Cuthbertson, director of product management for Google’s Android, there were five main drivers that brought Google to announce its support in 2017. 1. “It is a beautiful programming language,” said Cuthberthson. Because it is a modern programming language, it takes advantage of many new best practices developers are already familiar with. 2. It is completely interoperable with Java, allowing developers to call back and forth between languages. 3. Maturity. By the time Google decided to adopt Kotlin, it had already been around for five years and had reached 1.0 stability. 4. IDE support. Kotlin is created by the creators of JetBrains’ IntelliJ IDEA, the underlying platform of Android Studio, so it provides enhanced support for both the IDE and language. 5. Community. “We adopted Kotlin to Android because the community really wanted it,” said Cuthbertson. In fact, Cuthbertson explained there was an open letter to Android from the community asking the team to adopt it shortly before Google made its announcement. “It is not just growing, people really love it,” said Cuthbertson. “It was this set of things… that caused us to tip the balance and say ‘it is really time to lean in.’” z

has a coherence to it,” said Cuthbertson. “The Kotlin language is intentionally designed so we can evolve rapidly, but evolve in a way that protects the purity of the language while taking in community input in a really healthy way.” Additionally, Android’s Haase explained the strength of Kotlin is the fact that it was designed and developed by the IDE company JetBrains. “The features of the language at its core as well as the new features are tightly integrated into the development environment that developers use. While other languages have IDEs that are very good at development with that particular language, the language itself is independent of those IDEs,” he explained. IntelliJ IDEA is the underlying platform of Google’s IDE Android Studio. Thoughtworks’ de la Torres finds its team drawn to Kotlin because it increases developer productivity and provides a better developer experience than other languages. Kotlin has the ability to achieve the same things as other languages, but with less lines of code in a more modern way, he explained. “Once you get the hang of writing Kotlin, you write less code. Because you have less code, that code is more maintainable. Because of things like nullability, you have higher quality code. And because of modern idioms, it is much more enjoyable,” said Cuthbertson. De la Torres did add that the Kotlin community isn’t currently as strong as other languages. “While it continues to grow, it is still not very mature yet and there are some gaps still needed to be

014-17_SDT025.qxp_Layout 1 6/21/19 4:53 PM Page 17

www.sdtimes.com

filled,” he said. De la Torres added he would like to see more work done with testing frameworks and continuous delivery. Google is currently working on investing and growing the community as well as providing training to help developers understand how Kotlin can be integrated into their code and solutions. “Not only do we think it is better for our developers, but we think it is also better for us,” explained Haase. Google is currently using Kotlin in its Android Jetpack and other libraries.

Beyond Android development Right now, Kotlin is well known for its rise in Android app development, and while Google is still making strong investments in other languages, it is pushing for Kotlin. “If you are making a new project, we recommend you start in Kotlin. We are starting a Kotlin-first approach in the Android OS,” said Android’s Cuthbertson. But Thoughtworks’ de la Torres sees the language demonstrating its value beyond mobile development. Thoughtworks currently sees teams

building microservices and deploying software into production with Ktor, a framework for building asynchronous servers and clients using Kotlin. MockK is another Kotlin solution used for mocks and testing Kotlin applications. “As a native library, it helps our teams to write clean and concise code on testing Kotlin applications instead of using the inconvenient wrappers of Mockito or PowerMock,” Thoughtworks wrote in its Technology Radar. In addition, Thoughtworks uses Detekt for static code analysis in Kotlin, and http4k for serving and consuming HTTP services in Kotlin. The Kotlin team is also working to bring the language beyond mobile app development with Kotlin/Native, a solution for compiling Kotlin code to native libraries without running a virtual machine. “Kotlin/Native is primarily designed to allow compilation for platforms where virtual machines are not desirable or possible, for example, embedded devices or iOS. It solves the situations when a developer needs to produce a self-contained program that

July 2019

SD Times

does not require an additional runtime or virtual machine,” JetBrains wrote on its website. Kotlin/Native currently supports iOS, MacOS, Android, Windows, Linux and WebAssembly. Google is also trying to move Kotlin beyond Android development with the adoption of Kotlin for cloud development. In a recent Kotlin Consensus report conducted by JetBrains, the company found 39 percent of respondents use Kotlin as their primary language, 46 percent use Kotlin for server-side production code and 10 percent use it for data science. The report was based off of more than 4,000 responses from Kotlin users. “Today more than 2 million people use Kotlin on every kind of platform, for the development of all possible types of software. More than 250 contributors help drive development and the ecosystem forward. We are very happy with the dedication and hard work of our community who have contributed so much to the Kotlin learning materials and spreading Kotlin knowledge,” the Kotlin team wrote in a blog post. z

New report shows shakeup among top programming languages BY CHRISTINA CARDOZA

JavaScript and Java continue to dominate the software development world as the top programming languages, but newly released reports indicate the times are changing. JetBrains released its State of Developer Ecosystem 2019 report, which found while Java is still the most popular primary language and JavaScript is the most used overall, Python is gaining speed. The report surveyed about 7,000 developers worldwide, and revealed Python is the most studied programming language, the most loved language, and the third top primary programming language developers are using. Looking at other languages, JetBrains also found an increased interest in Kotlin. Sixty-six percent of Kotlin developers are using the language to target Android while 57 percent are targeting JVM. Additionally, more than a third of developers are beginning to migrate existing projects over to Kotlin, while 71 percent are using it for work and

69 percent are using it for personal projects. Compared to other reports, Stack Overflow found Kotlin to be in the top five most loved and wanted programming languages. But, according to the TIOBE Index, Kotlin still has a way to go as it is only number 40 on its list of top programming languages. Compared to other recent language reports and analysis, TIOBE found Python had surpassed C++ and entered the top three programming languages in its TIOBE Index, and Stack Overflow’s developer report found Python was the fastestgrowing major language and the second most-loved language. Additionally, Stack Overflow reported Python is the most wanted language among developers. “For the seventh year in a row, JavaScript is the most commonly used programming language, but Python has risen in the ranks again. This year, Python just edged out Java in overall ranking, much like it surpassed C# last year and PHP the year before,” Stack Overflow wrote in its analysis.

TIOBE also predicts Python will surpass Java as the top language in the next couple of years. The top use cases developers are using Python for include data analysis, web development, machine learning and writing automation scripts, according to the JetBrains report. The JetBrains report also found while Go is still a young language, it is the most promising programming language. “Go started out with a share of 8% in 2017 and now it has reached 18%. In addition, the biggest number of developers (13%) chose Go as a language they would like to adopt or migrate to,” the report stated. Other key findings from JetBrains’ State of Developer Ecosystem included: l Forty-four percent of JavaScript developers use TypeScript, and a quarter of all developers are using it this year compared to only 17 percent last year l Java 8 is still the most popular programming language, but developers are beginning to migrate to Java 10 and 11 z

17

018_SDT025.qxp_Layout 1 6/21/19 3:19 PM Page 18

18

SD Times

July 2019

www.sdtimes.com

DEVOPS WATCH

CloudBees delivers on feature management Rollout acquisition will help organizations release software with less risk BY JAKUB LEWKOWICZ

CI/CD software provider CloudBees wants to help developers release software with more flexibility and less risk with the acquisition of the secure feature management company Rollout. “Our goal is to help organizations deliver great, feature-rich software efficiently while minimizing risks associated with the deployment process,” said Sacha Labourey, CEO and co-founder of CloudBees. “The acquisition of Rollout gives CloudBees customers the flexibility to decouple features from software versions. Using Rollout on their trusted enterprise platform allows developers to test and merge changes with more confidence than ever before.” With Rollout, developers can control

both the roll out and roll back of features instantly on any platform, including mobile, regardless of deployment restrictions, according to the company. “New features or fixes can be rolled out to specific target customers or customer segments to gather focused feedback or to help address issues faced by specific customers in advance of wider availability,” Ben Williams, the vice president of products at CloudBees, wrote in a blog post. “You can even securely give control of this to nondeveloper users to remove yourselves from being a bottleneck in the process.” Williams went on to explain that this acquisition is just another step in the company’s mission to simplify the lives of developers and cater to their delivery and deployment needs. “Whether you

are creating your own solo projects, are part of a nascent startup, or are contributing to the products in organizations with thousands of developers — we got you,” he added. Going forward, users can expect greater investment in Rollout and benefit from CloudBees’ expertise when it comes to DevOps. Rollout’s cofounders will remain a part of Rollout. “Feature management has a huge opportunity ahead of it, it is one of the simplest yet powerful mechanisms you can have in your toolbox. Long term, we believe feature management is not only going to change software delivery but also software as a whole, making software adaptive to its customers,” Rollout’s co-founders Erez Rosovsk and Eyal Keren wrote in a blog post. z

GitLab 11.11 focuses on collaboration and visibility BY CHRISTINA CARDOZA

In an effort to increase collaboration and enhance visibility throughout the entire DevOps lifecycle, GitLab has announced version 11.11 with multiple assignees for merge requests and automated deployment event notifications. Multiple assignees for merge requests enables teams to assign all parties responsible for a change to a merge request. Multiple assignees are also available for issues, lists, notifications and APIs. “We know that many people may be working/collaborating in the same merge request to make sure things are on track, and Multiple Assignees for Merge Requests provides an environment to do just that,” the team wrote in a blog post. Teams can also automatically get

In GitLab 11.11, merge requests allow multiple assignees so that all people who are responsible for the change can be assigned to the merge request.

deployment notifications for Slack and Mattermost chat integrations. According to the company, this will help provide teams with visibility into important activities. “Adding to the list of push events for these two collaborative environments allows a notification to kick off near real-time to update your

team every time a deployment occurs,” the team wrote. Other features of this release include: deprecating support for Windows batch command line jobs, support for a Windows Container executor for GitLab Runners, and guest access to releases. z

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:08 PM Page 19

Bad address data costs you money, customers and insight. Melissa’s 30+ years of domain experience in address management, patented fuzzy matching and multi-sourced reference datasets power the global data quality tools you need to keep addresses clean, correct and current. The result? Trusted information that improves customer communication, fraud prevention, predictive analytics, and the bottom line. • Global Address Verification • Digital Identity Verification • Email & Phone Verification • Location Intelligence • Single Customer View See the Elephant in Your Business -

Name it and Tame it!

www.Melissa.com | 1-800-MELISSA

Free API Trials, Data Quality Audit & Professional Services.

020-24_SDT025.qxp_Layout 1 6/21/19 3:25 PM Page 20

20

SD Times

July 2019

www.sdtimes.com

Web development: So many choices to get the right fit BY CHRISTINA CARDOZA t is an interesting time to be a web developer. On one hand, the web today provides a wealth of information, giving developers easy access to a number of resources useful when running into a problem or wanting to update their skills. Additionally, there are so many advancements being made to programming languages and technologies that web development provides a rich ecosystem for developers to build powerful solutions. “The horizon for web developers has really widened in the last couple of years where we are able to choose literally what type of app we want to build and what type of experience we want to have,” said Sam Basu, developer advocate for app development solution provider Progress. On the other hand, that rich ecosystem can also be fatiguing because there are now so many different technologies and languages to choose from. It can be difficult to decide what tools development teams and organizations should invest in — not to mention all the different form factors and other user demands web developers have to worry about. “If you are new to the game, you may struggle with the number of options available to you. There are new frameworks coming up every day, so it ends up becoming a problem of too many options and too many riches,”

I

Basu said. “For web developers, the canvas is broadening. We have other things to keep in mind as we are building applications and our code is reaching new forms that were never really meant for the web.” Luckily, these problems are not going unsolved and there are currently a number of trends and solutions underway aimed at making web developers’ lives easier.

Progressive Web Applications You may be a web developer, but your web development strategy can no longer just be the web, according to Jason Wong, VP analyst at the research firm Gartner. Users are accessing solutions on so many different form factors that organizations are now expected to provide a mobile experience. An emerging trend developers and organizations are turning to is Progressive Web Apps (PWAs). PWAs have been on the rise for the past couple of years now, with 2018 being reported as the breakout year for PWAs. When Apple announced support for service workers in the beginning of last year, it paved the way for PWAs. Now that we are in 2019, Wong explained we are now entering Gartner’s trough of disillusionment on the hype cycle. “It is just a matter of time, maturity and formation of standards across browsers and operating systems that is going to ulti-

mately drive the entry into mainstream and slope of enlightenment,” he said. PWAs give development teams the ability to use web technologies to build a mobile experience without having to go through the app store. According to Wong, PWAs are not meant to be a replacement for mobile applications. They are a replacement for bad mobile applications and can be a stepping stone to a broader mobile strategy. “Organizations that simply want to have a presence in the app store go about it backwards.

020-24_SDT025.qxp_Layout 1 6/21/19 3:25 PM Page 21

www.sdtimes.com

They take what is already available or mobile friendly, and they wrap it and publish it as a hybrid app or a very basic mobile app to the app store. They don’t get the adoption or engagement they were looking for because they didn’t really think of mobile as a strategic investment,” said Wong. “The PWA approach allows them to take more of a toe-in-the-water approach to really understanding what it means to build an app-like experience.” With PWAs, developers can take

advantage of offline caching, notifications and more advanced capabilities users are looking for. Once they are comfortable with creating these types of experiences, they can go on to creating a mobile application. PWAs are a way to get familiar with mobile experiences without wasting time, resources or investment, Wong explained. “Not everything needs to be a native app on mobile devices. If your application is mostly data-driven, you can get away with a PWA and have a nice

July 2019

SD Times

immersive experience that is engaging to the user,” said Progress’ Basu. Another strategy for PWAs is to retain users, added Max Lynch, CEO and co-founder for the web development solution provider Ionic. For instance, a website like Pinterest also has a mobile application available, but since they have a strong search engine presence, it doesn’t make sense to require users to download their app. “You don’t want to risk sending users to continued on page 22 >

21

020-24_SDT025.qxp_Layout 1 6/21/19 3:26 PM Page 22

22

SD Times

July 2019

www.sdtimes.com

< continued from page 21

an app store when they can get the information right away in a quality way with a PWA,” Lynch said.

Programming languages JavaScript is currently the de facto language for the web, according to Ionic’s Lynch. “JavaScript is going to continue to dominate the web for a number of reasons. A majority of developers know it. It is easy to use, and there is a bunch of momentum and inertia around it,” he said. Angular developer advocate Stephen Fluin of Google added that JavaScript just provides the ability to be everywhere. “You can run JavaScript on the web, on the server, and on mobile devices. That pervasiveness of a single technology makes it very attractive for developers,” he said.

However, JavaScript wasn’t really intended for all of these different purposes when it was originally created, Fluin explained, so a new programming language has been on the rise to help add to the credibility, maintainability and accessibility of JavaScript. TypeScript is an open-source programming language developed by Microsoft and designed to be a typed superset of JavaScript that compiles to plain JavaScript. According to Fluin, it enables developers to use existing JavaScript skills, and since it is a superset of JavaScript, it allows developers to gradually migrate to TypeScript without having to worry about a big rewrite. The reason developers are using TypeScript is because it provides the ability to write in modern JavaScript while taking advantage of types for things like static checking and code refactoring.

Open-source language automation Bart Copeland, CEO of open-source languages company ActiveState, argues web development teams shouldn’t rely on using a single programming language. “There are so many different languages to work with today, it really depends on your specific use case, what you want to accomplish and the role of the organization,” he said. For instance, the Python programming language is currently on the rise as developers are beginning to add things like artificial intelligence and machine learning in their applications as well as deal with the data analytics and data science that goes into building an application. However, it can be difficult to convince large organizations to invest in Python tools because it can be a costly investment. “As developers are working on new applications, they want to use the latest and greatest technology, but organizations are saying we can’t have more disparate technology stacks so there is often a push to build your web app with a set of technology stacks that the organization has already invested in,” said Copeland. A way around this is through open-source language automation, according to Copeland. Open-source language automation has four phases: 1. Defining policies to ensure compliance across the entire organization; 2. Centralizing open-source language dependencies to track languages and packages and access usage; 3. Automating language builds to reduce vulnerabilities and increase app quality; 4. Deploying and managing open-source language artifacts so your test, staging and production servers get automatically updated with the latest language builds. “We believe you should be able to track when and where your applications were vulnerable, and respond with automatic enforcement of your open-source language policies. Management should gain security and stability and your development teams should attain greater velocity,” said Copeland. z

“Types are optional, and type inference allows a few type annotations to make a big difference to the static verification of your code. Types let you define interfaces between software components and gain insights into the behavior of existing JavaScript libraries,” according to the TypeScript website. TypeScript 3.5 was recently released with new type-checking features and incremental build optimizations to improve speed. According to Progress’ Basu, while JavaScript will pretty much do everything other languages can do, picking a programming language is still a matter of choice and convenience for developers and they may be more comfortable using other languages for the web. As a result, WebAssembly is gaining more interest. WebAssembly is an open web standard that enables higher level languages like C, C++ and Rust to run natively in the browser. “So far, for web applications to run natively in the browser, the only option has been JavaScript,” said Basu. “WebAssembly for the first time is opening up some other choice. It is essentially a low-level assembly language for the web.” WebAssembly is currently supported by four major browser engines: WebKit, Firefox, Chrome and Edge. According to the WebAssembly team, WebAssembly will not replace JavaScript; it is designed to complement it. “While WebAssembly will, over time, allow many languages to be compiled to the Web, JavaScript has an incredible amount of momentum and will remain the single, privileged dynamic language of the web,” the team stated on its website. “WebAssembly modules will be able to call into and out of the JavaScript context and access browser functionality through the same web APIs accessible from JavaScript.” A new standardization effort is currently underway to bring WebAssembly outside the browser. The WebAssembly System Interface (WASI) will provide the ability to run WebAssembly across different operating systems. “WebAssembly is already transforming the way the web brings new kinds of compelling content to people and continued on page 24 >

020-24_SDT025.qxp_Layout 1 6/21/19 3:29 PM Page 23

www.sdtimes.com

July 2019

SD Times

Advice for web developers BY CHRISTINA CARDOZA

In addition to new trends and strategies, there are a number of things developers need to consider when it comes to developing for the web in 2019 and beyond. SD Times asked industry thought leaders what advice they would give their developers: Focus on web standards: If you aren’t sure about which framework to pick, your best bet is to focus on web standards, according to Max Lynch, CEO and co-founder for the web development solution provider Ionic. “What is going to change the least? We can’t afford to keep changing, rewriting or rebuilding our solution every time there is a new framework,” he said. “If you are thinking long-term, it is probably a good bet to target things like web components instead of being tightly coupled to a specific third-party framework.” Look at web standards like web components, custom elements and shadow DOM because those are the things that are going to work everywhere and last, Lynch explained. Pick a technology and stick with it: If you have to pick a tool or technology, it all comes down to what you are trying to build, according to Sam Basu, developer advocate for app development solution provider Progress. “Frameworks, IDEs and SDKs have come a long way, so the platform you pick doesn’t matter. Developers are walking into a richer ecosystem that is much more collaborative and the frame-

works and tools have evolved quite a bit. Pick the technology stack that works best with your expertise and the type of app you are trying to build,” he said. Stay connected to your users: “I would really recommend that developers try and stay as focused as possible on the user. It can be very hard to get wrapped up in the features you are trying to deliver and the day to day of software and maintenance,” said Stephen Fluin, developer advocate for Angular at Google. “If you go back and figure out what is the value you are trying to deliver to your users and what is the best way to deliver that value, you will often get a different answer from the status quo.” Plan for change: Languages are going to get better, frameworks are going to improve, and the standards and expectations of users are going to change, Fluin explained. “The applications we have to build in 2019 are harder to build in some ways than the apps we had to build in 2018 because users expect more,” he said. “That is going to continue to change so developers have to try to be flexible and forward looking with what they build.” Think in terms of multi-experience development: It is no longer a matter of mobile development or web development. According to Gartner Research VP Jason Wong, the future of development is multi-experience. Wong explained in today’s modern and digital world, developers need to have a more

holistic approach when it comes to their digital development strategy and experiences. “Multi-experience breaks down the channel thinking such as the web channel or mobile channel. You may have a mobile development team, web development team, development team for chatbots, voice, VR, AR and more. But what the multi-experience term is all about is the end user and trying to solve their problems,” said Wong. As users move across devices and apps and other modalities of interaction, development teams need to consider the digital user journey they are going to take. For instance, Wong explained users that are booking a flight or going on vacation may start researching flights through a web portal, but then decide to book their flight through a mobile app. From there, they can get notifications on their smart watch, save their flight information in their wallet app and get flight notifications through their messaging app. Additionally, once they arrive at their destination, they may use their mobile devices to call an Uber or connect to a car service. So there are all these different touch points the user is interacting with that developers need to be considering, Wong added. Code share as much as possible: “Developers are known to be lazy, and we like to do things once that we can share in other places,” said Progress’ Basu, “Think about what else you are doing and the path you are going to take apps to mobile or desktop.” z

23

020-24_SDT025.qxp_Layout 1 6/21/19 3:27 PM Page 24

24

SD Times

July 2019

www.sdtimes.com

< continued from page 22

empowers developers and creators to do their best work on the web. Up to now that’s been through browsers, but with WASI we can deliver the benefits of WebAssembly and the web to more users, more places, on more devices, and as part of more experiences,” said Sean White, chief R&D officer of Mozilla.

Top web frameworks jQuery React.js Angular/Angular.js ASP.NET Express Spring

Performance By now, the framework development area has matured with popular frameworks like Angular, React and Vue giving developers the ability to develop powerful solutions, according to Ionic’s Lynch. Developers may still feel overwhelmed at times because of the fragmented framework landscape, but Google’s Fluin explained that is actually a good thing because as the major frameworks become more popular they are focused to stay up to date, innovative and flexible. “If we just stay static, we would keep shipping the same product year after year and not learning from the ecosystem, building on top of the ecosystem and working with the ecosystem,” said Fluin. The problem is those frameworks ended up throwing a ton of code into developers’ applications, causing slow load times. While the app or solution may provide a bunch of cool and engaging features, it won’t mean anything to users if they have to wait for it to load, Ionic’s Lynch explained. Google has also started to crack down on slow apps especially in its search engine result rankings, so developers are now trying to optimize for performance by sending as little data or code as possible to get the app running. Google created the Accelerated Mobile Pages (AMP) Project, an opensource initiative that aims to speed up web pages and improve user experiences across all devices and platforms. “Today, the expectation is that content should load super fast and be easy to explore. The reality is that content can take several seconds to load, or, because the user abandons the slow page, never fully loads at all. Accelerated Mobile Pages are web pages designed to load near instantaneously — they are a step

Vue.js Django Flask Laravel This is according to Stack Overflow’s annual developer survey, which looks at responses from nearly 90,000 developers worldwide. While a broad number of developers are using jQuery, this year more and more developers are switching to React.js and Angular, the report revealed. Additionally, the report looked at the most loved, dreaded and wanted web frameworks. The top loved frameworks included React, Vue, Express and Spring, while the most dreaded frameworks included Drupal, jQuery, and Ruby on Rails. When it comes to the most wanted web frameworks for developers, the top frameworks included React, Vue and Angular. z

towards a better mobile web for all,” according to the project’s website. Ionic’s open-source project Stencil combats performance issues by generating reusable web components with a small code footprint. If a company is using a variety of frameworks, they no longer have to build different components for each one, Lynch explained. “Web development has yet to pick a framework winner. React is very popular, but if you call it a winner then you are missing most of what is happening in the enterprise where Angular is king. Then there are a whole bunch of people using things like jQuery,” said Lynch. “We aren’t achieving our mission, which is to empower every single web developer to build awesome mobile, desktop and web apps with our components, if we only work with one framework.” The use of web components is

attractive because it enables developers to reuse code as much as possible, according to Gartner’s Wong. Web components consist of three main technologies — custom elements, shadow DOM and HTML templates — which are capable of being used anywhere without having to worry about code collisions. “The reality is these frameworks require specific knowledge. Web components aim to level the playing field a little bit for web developers because they don’t require them to have to learn a specific framework. It is all about understanding the underlying principles and the right architecture to consider in building a website or web app. Web components are a path for standardization and the ability to switch frameworks without having significant impacts,” said Wong. In addition to Google’s AMP and Ionic’s Stencil, Salesforce recently released its open-source solution, Lightning Web Components, for creating web components across a variety of platforms. “The benefits are significant: you only need to learn a single framework and you can share code between apps,” Christophe Coenraets, principal developer evangelist at Salesforce, wrote in a post. Another problem with web performance today is there are just too many versions of a language available. For example, Google’s Fluin explained older versions of JavaScript like ECMAScript 5 are required for older browsers while more modern browsers take advantage of modern versions of JavaScript. That becomes problematic because older versions of JavaScript don’t have all the same features so as part of the transpilation developers end up creating more code. “You would express a really simple concept like there is a class and then what would happen is that class would get translated into a language that didn’t have classes, which ends up adding a lot of burden size and performance impacts,” said Fluin. As a result, Angular created differential loading, a process that enables browsers to choose between modern or legacy JavaScript depending on the capabilities it supports. z

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:11 PM Page 48

026-33_SDT025.qxp_Layout 1 6/21/19 3:17 PM Page 26

26

SD Times

July 2019

www.sdtimes.com

Low-Code/No-Code Development Heats Up BY LISA MORGAN

igital transformation is driving higher demand for low-code/no-code tools. As more business tasks and processes are translated into software, the pace of business is accelerating further. Without low-code and no-code development, organizations are going to find it increasingly difficult to keep pace with their competitors.

D

026-33_SDT025.qxp_Layout 1 6/21/19 3:17 PM Page 27

www.sdtimes.com

“If we look at basic issues companies have now, what we often hear is, ‘I can’t build applications fast enough and by the time I build them the specs have changed’,” said Rob Koplowitz, VP and principal analyst at Forrester. Clearly, Agile, DevOps, and CI/CD have all helped accelerate software development and deployment. Lowcode and no-code tools provide additional assistance for both developers and “citizen developers.” continued on page 28 >

THE FIRST OF

July 2019

SD Times

THREE PARTS

27

026-33_SDT025.qxp_Layout 1 6/21/19 3:18 PM Page 28

28

SD Times

July 2019

www.sdtimes.com

No-Code/Low-Code: Not Your Dad’s RAD The earliest seeds of application development by business users difficult it can get in an organization when anyone can create (aka “citizen developers) can be traced back to the days in which their own application,” said Justin Rodenbostel, executive direcwaterfall was the norm. Like today, the business wanted capabil- tor at the digital transformation agency SPR. “The thing about ities available sooner than developers were able to deliver. While Access and Notes and tools like that was that anybody could use development methodologies and tools have advanced signifi- them, anybody could deploy them. They provided ways to work cantly in the last three decades, the core concepts are not new around IT or provide your own shadow IT, which was ripe for ones. Take Rapid Application Development (RAD) for example, abuse. Low-code/no-code tools are built to play by the rules of information technology. They fit in. There’s a way to deploy exemplified by Lotus Notes, Microsoft Access and Excel. them, there’s a way to man“I cut my teeth on Lotus age them.” Notes. If you want to pick on ‘The true need for low-code RAD tools and lowthat, we can say there were cercode/no-code tools also diftainly mission-critical applicacomes in when you’re fer in terms of the generations built in Lotus Notes, but building hundreds or tions of technology they they tended to be fairly tradipotentially thousands of represent. RAD tools tional types of IT development applications in service of required relatively deep efforts,” said Rob Koplowitz, VP understanding of the tool and principal analyst at Fordigital transformations.’ versus the drag-and-drop rester. “The true need for low—Rob Koplowitz simplicity no-code tools code comes in when you’re provide, for example. Over building hundreds or potentially thousands of applications in service of digital transformations. the years, there’s also been a major shift from on-premises softThe tools we have now are better, but the acceptance of the ware to software-as-a-service. “RAD tools were IDEs installed on the local desktop and you tools is also better because we really need them.” RAD applications are still alive and well in many organiza- needed some fairly technical expertise to really use them to tions. They share a common target audience with low-code/no- their fullest and then you’d build the apps and you kind of lose code tools, which is power users working in lines of business track of them. It was hard to know how often [RAD tools] were used, if there were duplicates of app functionality if they were (aka “citizen developers”). “I don’t think it’s a question of success versus failure, it’s a built by multiple people,” said Jason Wong, VP analyst at Gartquestion of whether these [newer] tools will be considered a ner. “With cloud and SaaS, it’s easier to set up, monitor and critical element of an architecture and an overall software track, and apply security and governance, so a lot of it has to do development portfolio,” said Koplowitz. “There’s a lot of excite- with all these new cloud-based platforms that are out there.” Mobile application development is also fueling the need for ment about this space. Will that translate into the way a global insurance company develops software across its portfolio? low-code/no-code tools. “They can’t build mobile apps with code-centric tools That’s a big bridge to cross.” Using RAD tools, power users were able to solve some of because it’s still too burdensome for them to maintain so they their own problems outside IT, which in some cases created go to a low-code approach which makes it easier in terms of the lifecycle management of the apps to maintain,” said Wong. z problems that low-code and no-code adopters should consider. “I used Lotus Notes for a while. I can tell you firsthand how — Lisa Morgan

< continued from page 27

Who are citizen developers? A citizen developer is a power user working in a line of business who is capable of using no-code tools. It’s the same type of individual who was most likely to take advantage of Rapid Application Development (RAD) tools. The Gartner IT glossary defines a citizen developer as “a user who creates new business applications for consumption by others using development and runtime environments sanctioned by corporate IT. In the past, end-user application development has typically

been limited to single-user or workgroup solutions built with tools like Microsoft Excel and Access. However, today, end users can build departmental, enterprise and even public applications using shared services, fourth-generation language (4GL)-style development platforms and cloud computing services.” The definition stresses an important point: Governance, since the barrier to SaaS use is low. “Citizen developers are end users whose full-time job is not development but they’re able to contribute in some way by building apps for their own use

or for the team or for their department,” said Jason Wong, VP analyst at Gartner. “We are seeing more interest from the client base around low-code and we are seeing success in a variety of large, international companies to small companies.”

The right tool for the right job The best way to ensure finest-grain control over an application is to write the code from scratch. Some developers dismiss low-code and no-code tools on the same basis they dismissed RAD tools in the past. Their sentiment tends continued on page 30 >

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:09 PM Page 29

026-33_SDT025.qxp_Layout 1 6/21/19 3:18 PM Page 30

30

SD Times

July 2019

www.sdtimes.com

< continued from page 28

to be, real developers code. “When professional developers say, ‘I’ll never use that tool, I need more power and flexibility,’ we sometimes refer to that as ‘developer machismo,’ ” said Forrester’s Koplowitz. “A lot of developer machismo is what killed Lotus Notes. It’s not a real development tool. We’ll never use it. But that’s falling by the wayside because we simply can’t train enough professional developers to do it the old-fashioned way. We’re going to have to do it faster, easier and better.” Forrester recognizes three types of developers: professional developers who will not use low-code or no-code tools, professional developers who will use low-code or no-code tools, and business developers (aka citizen developers). The distinction reflects two spectra: the level of coding expertise and a willingness to use low-code or no-code tools. The three classes are not mutually exclusive; in fact, most organizations need all three. “When it comes to low-code tools, I think organizations are proceeding with healthy caution, particularly in IT, but the business units and small, mediumsized businesses certainly look to lowcode tools as a way to even the playing field with larger competitors and as a way to get more efficiency and productivity out of their [organization’s] development efforts,” said Gartner’s Wong. That’s not to say that low-code or nocode tools solve all problems themselves; they’re not designed to do that. They’re designed to alleviate burdens where burdens can be alleviated so organizations have the luxury of using deep development expertise where it’s needed most. Justin Rodenbostel, executive director at digital transformation agency SPR, said his firm sees obvious lowcode/no-code appeal in environments where digital transformation is a goal and quick wins are needed to generate momentum for change. The tools also provide a quick means of validating a proof of concept. “It’s a way to show off what’s possible in terms of modern software engineer-

ing and break the cycle of bureaucratic hurdles that slow time to market,” said Rodenbostel. Low-code/no-code tools may not be the best option for providing unique user experiences that aren’t available anywhere else if one simply uses out-ofthe-box capabilities. “Low-code/no-code solutions are great at what they’re good at, but once you step outside that and you need to do something custom, customizing these solutions usually comes at a high price,” said Rodenbostel. “You have to be really cognizant of when these tools

built, that helps citizen developers support one another, that helps in applying some level of self-governance so all these things don’t fall back into IT’s lap,” said Gartner’s Wong. “Set up the citizen development environment and the policies in such a way that provides citizen developers with freedom once they get the basic training.” By a comparison, simply providing a login and telling citizen developers to build whatever they want without any governance or training isn’t a sound strategy from an organizational perspective.

‘Citizen developers are end users whose full-time job is not development but they’re able to contribute in some way by building apps for their own use or for the team or for their department.’ —Jason Wong, VP analyst at Gartner

are actually the wrong tool and when to reinvest in something custom. They’re great for quick wins, but not always great as a run-your-business-over-thelong-term platform.”

How to succeed with low-code/no-code Professional developers can’t write application code in a vacuum and simply hope for the best results in production. They have to consider the ecosystem in which the code will run, which fueled the DevOps movement. Citizen developers aren’t trained to think in the same way. Their approach to application development tends to focus on the problem at hand, such as simplifying a task or workflow. “Our position on citizen development is that they should be free to build the apps that they want to build. [However,] there needs to be a community of these citizen developers that shares knowledge, that shares what’s already

“When I tell [an audience] you’re going to have to build a whole bunch more software and you’re going to have to do it in the context of customer journeys and digital transformation, you’re probably going to have to standardize on this stuff because [you’re going to want] a single way of training people how to develop [applications] using the tools, a single way of accessing assets, a single way of controlling governance because what looks like your whole process today will begin to span broader processes,” said Forrester’s Koplowitz. “There’s certainly the mindset of just give me a cheap tool, let me use it and let it grow virally, which is fine from an experimental perspective, but ultimately you have to think of these things in terms of standards. Standards are going to be your friend in digital transformation because digital transformation touches continued on page 32 >

SubscriptionAd_2018_for PDF.qxp_Layout 1 8/28/18 2:08 PM Page 1

Discovery. Insight. Understanding. SD Times subscriptions are FREE!

SD Times offers in-depth features on the newest technologies, practices, and innovations affecting enterprise developers today — Containers, Microservices, DevOps, IoT, Artificial Intelligence, Machine Learning, Big Data and more. Find the latest news from software providers, industry consortia, open source projects and research institutions. Subscribe TODAY to keep up with everything happening in the ever-changing world of software development! Available in two formats — print or digital.

Sign up for FREE today at www.sdtimes.com.

026-33_SDT025.qxp_Layout 1 6/24/19 2:50 PM Page 32

32

SD Times

July 2019

www.sdtimes.com

< continued from page 30

so much of your organization.” A portfolio view across software development projects regardless of who’s building them and what tools they’re using is also advantageous. “If your low-code/no-code solution has a chance to morph into an additional or duplicate system of record, you have a problem on your hands,” said SPR’s Rodenbostel. “The idea that a business unit can bring their own product to market sounds great on paper but there should be the overarching perspective of how it fits into the rest of the ecosystem to avoid some of the problems that RAD created in the past. There still needs to be collaboration with IT to make sure that the solutions being built can be easily maintained.” There’s also the question of what “success” means because success at one level may create challenges at another level. For example, if a citizen developer built something that later became a business-critical app used by a much larger community or across departments or divisions, a project hand-off to IT may be wise. Similarly, if the functionality of a citizen developer app evolved to the point of needing to access customer data in the CRM via an API, it may be that the professional development team has to open up the API. Alternatively, a citizen developer may need IT’s help building a capability that can’t be accomplished in a nocode tool. “There are citizen developers that

Low-Code versus No-Code BY LISA MORGAN

Should organizations adopt low-code tools or no-code tools? The answer tends to have less to do with the tools and more about who will use them and for what purpose. According to Forrester, there are some developers who build everything from scratch, developers who use low-code tools, and business users who use the easiest of low-code tools, which are marketed as “no-code.” It should be noted that neither Forrester nor Gartner recognize no-code tools as a class distinct from low-code tools. Both consider low-code tools to encompass a spectrum ranging from visual tools to tools that require coding expertise. According to Rob Koplowitz, VP and principal analyst at Forrester, low-code is a more accurate description since the tools tend to require some professional development support to get them deployed. “There’s always this escape hatch out that you can write some script or write some module in Java or .NET or JavaScript and plug it back into the tool, so these no-code tools say they’re no code, but there’s always some way to get out and create something customized that plugs back in,” said Jason

will do fairly sophisticated things because they come from a technical background, so it kind of varies, but the IT organization has to work with the business to define those boundaries and what those feelings are when it comes to business-criticality and application complexity,” said Gartner’s Wong. “You

‘It’s a way to show off what’s possible in terms of modern software engineering and break the cycle of bureaucratic hurdles that slow time to market.’ —Justin Rodenbostel, executive director at digital

transformation agency SPR

Wong, VP analyst at Gartner. “Yes, of course, there’s code somewhere but the person building the app doesn’t care if the code is .NET, Java or some new language. A lot of times, it’s also tied to specific types of application use cases, so it’s already pre-built to work with SharePoint, Salesforce or SAP. A lot of times no-code is about ease of use and faster time to market.” Suresh Sambandam, CEO of no-code tool provider KiSSFLOW, draws a somewhat different distinction. In his view, software providers including ISVs build software from scratch while companies whose core competency is something else (retail, insurance, healthcare) are ripe for low-code and no-code tools. “When you try to do the entire SDLC (software delivery life cycle) for a simple process, it becomes prohibitive to do this automation and to go from manual to digital transformation,” said Sambandam “The coding effort may be two to three days, but the SDLC process is going to take two to three weeks. The same process can be done on a no-code platform in less than 30 minutes.” Following are some of the characteristics of low-code and no-code tools:

have to understand who your citizen developers are going to be, what is the range of apps they’re going to build and how are you going to set up the community so they’re self-supporting and at what point should IT step in and take over those apps if it becomes too much for the citizen developer to handle. When an app becomes too complex and when it requires too much testing then you ought to think about moving it to more of a professional developerowned application.” Citizen development initiatives are meant to remove some of the burden from IT so professional developers aren’t tasked with a backlog of apps that the business wants and needs. Apparently, some of Gartner’s clients are concerned that apps built by citizen developers will eventually burden IT with the app’s ongoing maintenance. To proactively manage the situation, some organizations are creating positions that oversee citizen development.

026-33_SDT025.qxp_Layout 1 6/24/19 2:50 PM Page 33

www.sdtimes.com

July 2019

SD Times

Low-Code

No-Code

Target Audience

Professional developers

Non-developers with business domain knowledge who have a deep understanding of related processes and tasks

Benefits (may vary depending on the vendor)

• Faster time to market • Can be supplemented with custom code easily • Visibility into application development • May connect to enterprise assets • May include built-in compliance and certifications

• Speed • Don’t have to wait for developers • Visibility into application development • May connect to enterprise assets • May include built-in compliance and certifications

Use cases

• POCs, prototyping • Applications that don’t require complete custom coding • Applications previously built with RAD tools that need greater functionality and scalability • Potentially complex, mission-critical applications

• Tasks, processes, applications that don’t require custom coding • applications previously built with RAD tools

Potential drawbacks (may vary depending on the vendor)

• Scalability, functional limitations without coding • UI limitations without coding • Security • May not be viable for very complex applications

• Scalability, functional limitations, UI limitations • Security • Likely not good for very complex applications

Vendor type

• Low-code platform or tool vendor • Traditional development tool vendor

• No-code platform or tool vendor • Traditional development tool vendor

Best practice tips

• Have good governance in place • TCO versus traditional development may vary

• Have good governance in place • TCO versus traditional development may vary

“Some companies have a manager or director of citizen development or a manager of low-code tools to oversee all the activity that’s going on to make sure that there is a mutual understanding between the business and IT of what’s happening, share best practices within different teams and groups and be a facilitator of that community,” said Wong. “That ultimately takes burden away from the IT organization and allows them to focus on some of the more strategic applications.”

The road ahead The U.S. Bureau of Labor Statistics expects software development jobs to grow by 24 percent between 2016 and 2026, which is 3.5 times the 7 percent projected for all jobs. Oft-cited numbers from 2013 projected 1.4 million developer jobs and only 400,000 developers to fill them by 2020. Naturally, the numbers have helped fuel the momentum of low-code and no-code tools.

“Just because Fred and Sally built a bunch of great applications doesn’t mean the rest of the organization is interested in that, so there’s a lot of work to be done between now and when we embrace low-code tools like we embrace Excel today,” said Forrester’s Koplowitz. “There’s a whole other aspect of this that says a company becoming a software company operates differently. A company adopting a software-first mindset has cultural change management challenges.” There’s an increasing number of educational programs for children and adults teach coding for professional or personal development purposes. “Even business degrees have [a coding] class, so the chances you’re going to have somebody in a business role write a little code are higher than ever,” said SPR’s Rodenbostel. “Everybody is better served by working in an environment where there’s a ton of collaboration between the business and IT. I

think if you want to go down the lowcode/no-code route, bring someone in IT so you don’t go off the rails so you know when to say when.” AI and machine learning are already influencing the direction of tools since they’re model-driven and collect a lot of data about how users are constructing processes, building UIs and connecting to different systems. “They’re going to use that information and provide more suggestions and more AI-augmented development which will enable both professional developers and citizen developers to build higher quality apps,” said Gartner’s Wong. “[The users of these tools] will also be able to build apps quicker because the tools will give you suggestions.” One helpful AI technique is natural language processing, which, when available, replaces visual commands such as dragging and dropping as well as pointing and clicking. z

33

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:09 PM Page 34

THIS IS

GigaFox. She’s begging for more tasty bugs to devour. Why don’t you feed her? She’s so hungry.

Mobile Labs GigaFox™ is the fastest mobile device testing platform available designed to accelerate mobile app development and continuous testing. Available on-premises on in a hosted environment, GigaFox comes with built-in Appium for increased performance and easier scripting.

Superfast speed, easy management of real devices and quality support makes Mobile Labs your partner for success. Find us online at www.mobilelabsinc.com/products/gigafox

035-43_SDT025.qxp_Layout 1 6/24/19 3:41 PM Page 35

www.sdtimes.com

July 2019

SD Times

Buyers Guide

Testing all the time Continuous testing enables organizations to keep pace with code changes and new features

C

ontinuous testing marks the evolution of software testing to where it can keep up with the rapid pace of development, while adapting to new software architectures and development methodologies such as DevOps and Agile. Relying on automated test execution as a cornerstone, continuous testing is the embodiment of the “shift left” craze sweeping the industry. Move everything up earlier in the lifecycle, so nothing is left behind. That means even at ideation, security people, business people and testers are considering their role in bringing that idea through to a final product. But for those just tipping their toes

BY DAVID RUBINSTEIN into the DevOps waters, it’s often hard to figure out how to put the pieces together and where to begin. “Where I normally start is talking about what does that mean to them? It has some different definitions,” explained Mark Lambert, vice president of products at testing software provider Parasoft. “Continuous testing is, in essence, you’re building testing into your pipeline so it’s running continuously as you’re doing your development, and it happens automatically. It goes beyond automated testing but this is where somebody starts. Somebody may start by building some automated tests and run-

ning them as part of the pipeline.” Mobile development creates its own challenges for organizations looking to begin continuous testing of their applications. Steve Orlando, senior director of product marketing at Mobile Labs, said you first should identify issues or bottlenecks. “Are you slow to release? Maybe you’re not getting fast enough answers from QA,” he said. “Once you identify these challenges, it’s important to set some goals. When you know what you want to do, such as improve turnaround time from testing or find bugs faster, it’s then important to find the right tools to aid your process and to get the job done. Look for tools in a build system, where continued on page 36 >

35

035-43_SDT025.qxp_Layout 1 6/24/19 3:41 PM Page 36

SD Times

July 2019

www.sdtimes.com

< continued from page 35

TE

TEST

TEST

Steve Orlando of Mobile Labs suggests four practices for effective continuous testing: n Set up a proper build system that stops on any error and provides a notification to all interested parties. This allows issues to be addressed immediately. n Integrate unit tests for the application into the build steps. n Upload applications to a mobile device testing platform so the application can be used by the testers. n Run functional automated tests against real devices by utilizing a mobile device testing platform. z

T Back in 2012, I wrote an Industry Watch column in SD Times ST titled, “Need for Speed? Take a look at DTO.” DevOps had become a thing by then, and I asked Tom Lounibos, then the CEO of SOASTA, what he thought of the term DevTestOps. “DevTestOps. DTO. I kind of like the speed element to it,” he said. “It sounds like a Camaro in the ‘70s.” It was catchy, and some in the industry tried to make it happen, but it was flawed, much as the term DevSecOps is flawed. In that 2012 column, I had even written, “Move over, DevOps. Well, more specifically, Dev, you slide over to the left, and Ops, you move a bit to your right. We’ve got to make room for Test.” The problem, of course, is that the term still implied steps in a process, and too closely resembled waterfall practices of the day. DevTestOps was a handy way to let development teams know that test should no longer wait until the end of the development process, when fixing problems is costlier and harder to deal with. It was the beginning of the thinking that development should not be a linear process but rather a collaborative effort to ensure code worked correctly and was secure at all times. In a continuous testing world, you’re testing during code creation, you’re testing during integration, you’re testing in your deployment pipeline, and you’re testing changes after software is delivered. That is why DevTestOps, as a term, has not stood the test of time. z —David Rubinstein

TE S

CT best practices for mobile apps

We have DevOps, and DevSecOps... Why not DevTestOps? TES

T TES

you can continuously build and integrate your code and tests. When code is checked in, it can then be built and compiled for continuous testing.” Brian Reed, chief mobility officer at NowSecure, describes three keys: First, catalog your applications and assign risk profiles, with the idea to test the highrisk apps at every build, every day. Next, plug security testing into your build tools, ticketing systems and vulnerability management tools. Finally, he said, “security and DevOps teams should review existing security processes and testing/repair criteria to create a tiered model that defines P1/P2/P3 service levels of what to fix when in a continuous testing program.” According to Eran Kinsbruner, mobile technical evangelist at mobile and web application test provider Perfecto, test automation is absolutely critical to continuous testing. Building tests to execute inside your continuous integration pipeline automatically ensures that each time code is checked in, it’s tested, at a place and time when it’s less expensive and easier to detect than later on in the software’s life. “Automation today, without even exaggerating, is the most important pillar of continuous testing,” Kinsbruner said. “Continuous testing, by its meaning, means you need to validate code changes as soon as possible to uncover risks and release faster. You cannot do that if you

T

36

are tied into a lot of manual testing. If you want to deliver fast, you want to release fast, you want to integrate new code changes, and the only thing you have is manual testing, it won’t be continuous and will actually slow you down.” Kinsbruner stressed that automation is not a one-time thing for each software iteration. Instead, he said, you need to continually build on the automation, lest you fall behind because much of your process remains manual. Automating as much as you can in testing also is important because it can give you greater code coverage than manual testing can offer. But Mobile Labs’ Orlando said how much you cover with tests is less important than what you’re actually testing. “Honestly, 100% code coverage is a lofty goal that I’m sure all developers and testers wish was easily achievable,” he said. “But, in reality I’ve found that it is most important to focus on the most used functions within your app. Sometimes certain functions are not able to be tested via automation — that’s where manual testing comes into play.” NowSecure’s Reed said that when considering code coverage for mobile

app security testing, you must examine the mobile app attack surface itself. That, he noted, “spans data at rest on the mobile device (DAR), data in motion between device and back ends (DIM) and code itself (including custom code and third-party included libraries). Traditional Static App Testing (SAST) looks at custom code before build and misses DIM, DAR and thirdparty libraries. Achieving 100 percent code coverage of the full mobile app requires dynamic testing (DAST) to actually install and run the app on a real mobile device in the real world.” Reed added that NowSecure benchmarks have found that more than 60 percent of mobile apps in the Apple AppStore and Google Play Store leak data via DIM, DAR and/or third-party code. The mere mention of test automation as the first step toward continuous testing begs the question: Are we talking about automating test creation or automating test execution? The answer, in fact, can be both. “If you would have asked me this question five or six years ago, it was very clear: You need to write scripts, and you continued on page 39 >

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:09 PM Page 37

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:10 PM Page 38

035-43_SDT025.qxp_Layout 1 6/24/19 3:41 PM Page 39

www.sdtimes.com

July 2019

SD Times

< continued from page 36

need to create them in a development language such as Java, VBScript, C#, Python and so forth,” Kinsbruner said. “In today’s IT, there are two ways of creating test automation. The first one is the traditional one, where you use the IDE, like Eclipse, IntelliJ and so forth, to write test automation scripts based on user stories or even functional specs. You go by the definition of the thing that you want to automate and you write code in JavaScript or other languages. That’s the creation.” The second way, he continued, involves artificial intelligence and machine learning. “With the rise of AI and machine learning tools, you can add to this creation activity a new method, which is record and playback,” Kinsbruner said. “You can point your tool into a website or mobile device, and based on supervised algorithms for machine learning, you can actually create test automation without really writing one line of code.”

Continuing on the path After test automations have been created and put into the pipeline, where do you go from there? According to Parasoft’s Lambert, the next step is to take tests you’d normally created in the later stages of development and execute them continuously moving forward, during active and ongoing development. And that, he added, is often a conversation with the move from waterfall to Agile, “or staged development into an agile-ISH. “I would normally do load and performance testing at the end just before release,” he said, “and what I’m saying is, you can now do that because your cycles are compressed; you can now do that automatically as part of your CI process; and yes, you’re going to do a more complete end-to-end full system verification as things start coming together.” On the personnel side, getting people with different backgrounds and different skill sets to work together is a big challenge to overcome. As Perfecto’s Kinsbruner said, “While you want to make everyone work together, not

Model-based testing… Good or bad? Model-based testing, in which you define what an application’s functionality should be and test against that, can be used to augment more traditional test automation. “I define model-based testing where I’m more focused about defining a model or a business process that represents how my functionality should work,” said Mark Lambert, VP of products at testing software provider Parasoft. “Typically, modelbased testing works at the higher levels of the application architecture, so when I’m defining through a business use case, it runs into challenges when you start trying to apply it to code that is not developed with a model-centric view in mind.” So, should you be doing model-based testing? Here’s Lambert again: “Embedded safety-critical systems many times have a lot of models already … so therefore creating the test based upon the models is actually very logical. If you’re doing model-based testing for enterprise IT-type of applications, you’re trying to reverse-engineer the models, which sometimes can cause inconsistencies. But it also gives you a view of how the business flow should work. So there are pros and cons to it. I don’t view it as a good [method] for validating or building a regression against a business requirement, but I view it as a good way of fleshing out many different scenarios within the business use cases.” z —David Rubinstein

everyone is wearing the same T-shirt. Some come with a background in Java, some in Python, or C#, and if your technology does not match the different squads involved in the different activities, development and testing, then you’re starting to have some hiccups in the overall process. you need to assess and maybe try to even match the right people into the right dev team and feature and product to be developed, so they find it easier to implement test automation. Otherwise, you’re just causing delays and so forth.” Meanwhile, organizations have to be careful not to rush into plans or make promises that aren’t close to their reality, meaning: Are they using technologies such as artificial intelligence, or frameworks such as Cypress.io? “People are talking about those things, but whether they really match the activities the team needs to do is something to be determined. Just because it’s a popular thing, you don’t need to rush and choose these frameworks,” said Kinsbruner. Parasoft’s Lambert agrees that frameworks are critical, but suggests sticking with open source. “I’m an advocate of leveraging opensource frameworks where they exist. For web testing, I’m an advocate of leveraging Selenium. For testing in the Java world, it’s mostly JUnit. Leveraging a framework and an open-source

framework that has a significant amount of adoption is valuable because you can then take advantage of what other teams have done. In the JUnit world, for example, there are stubbing and mocking frameworks ... so you don’t have to reinvent the wheel. Frameworks are a fundamental instrument, as far as I’m concerned.” Perfecto’s Kinsbruner suggests aligning people with the right skill set, the right product and the right testing framework, because the framework the organization chooses needs to serve multiple personas. “Continuous testing is an activity that comes to validate your code quality upon each code change. It can be done by developers, or testers, performance engineers or by many other people who are involved in the process,” he said.

What should you test continuously? For testing mobile applications, the critical areas to test are those that provide its main functionality. Those, said Mobile Labs’ Orlando, are the ones you must continuously test. “What does your app do? What’s its purpose? If the app is intended to help travelers book a hotel room, then you need to continually test and make sure that the app is able to book a hotel room 100 percent of the time,” he said. “It’s important to nail the functionality of your app before continued on page 43 >

39

Your Continuous Testing Checklist. CLOUD-BASED LAB REAL DEVICES & DESKTOP BROWSERS CODELESS & CODE-BASED SCRIPTING SCALABLE EXECUTIONS FOR WEB & MOBILE SMART REPORTING & ANALYTICS Perfecto checks all your boxes.

Learn More

035-43_SDT025.qxp_Layout 1 6/24/19 3:42 PM Page 41

www.sdtimes.com

July 2019

SD Times

How does your solution help organizations find success with continuous testing? Eran Kinsbruner, mobile technical evangelist, Perfecto Perfecto has been playing in this space of software test automation and continuous testing for more than 12 years now, and we have seen so many different organizations of varied maturity levels struggling with continuous testing and just straight test automation. So what we’ve decided in the last year or so is to focus on specific tool suites to help practitioners with different skill sets starting from developers or software test engineers as well as manual business testers, giving them the right tools. If they are very skilled and can write code in Java, JavaScript and the like, we will give them full support for Selenium and Appium to create and execute their test automation in the cloud. Perfecto has a cloud for mobile and desktop web virtual machines. It is a software-as-a-service platform, so basically, if you have the skill set to create in Selenium and Appium, you can execute them on the Perfecto private cloud for enterprises with full security and governance. You don’t need to worry about the test environment yourself. You don’t need to build a Selenium grid, or you don’t need to buy smartphones and tablets and continuously maintain them. We provide the access from the cloud to all of these digital platforms to run your test automation grid. If you do not have the skill sets to create test automation in development languages, with Selenium and Appium, we just recently launched Perfecto Codeless. This is a record-and-playback solution for web and mobile testing in the cloud, based on machine learning algorithms that will reduce the headache for maintaining scripts if they change, or if an object has changed. That’s the other level of creation we added, so we can support any level of skill set that you have in your organization. We also provide a wide range of execution capabilities through CI. We integrate with all the CI servers. We allow you to execute in the cloud on multiple platforms — desktop browsers and mobile native devices — and at the end of the execution,

we provide a machine-learning based reporting and analytics solution so you can slice and dice the data. You can get root cause analysis out of each test report at cloud scale.

deep reliability and security issues in the code base before you start testing it in the traditional sense.

Mark Lambert, vice president of product, Parasoft

Mobile Labs’ mobile app testing platform, GigaFox helps organizations get started and maintain their continuous testing initiatives in a couple of ways. First, if testers are using Appium for automation, then GigaFox actually comes with built-in Appium, making it even easier for testers to run Appium scripts with faster speed and better performance. In addition, GigaFox enables teams to run more concurrent Appium tests and even makes iOS provisioning fast and easy. But, even if mobile app dev and QA teams are not using Appium, GigaFox works well with the majority of other commercial and open-source frameworks and tools available for automation. Through easy integration, speed, and management of real devices, GigaFox helps both dev and QA teams streamline and set up an effective continuous testing strategy that works. Available on-premises or in a hosted environment, GigaFox is the most open and flexible cloud in the mobile space, supporting continuous testing through DevOps integrations and the largest number of third party and open-source tools in the industry.

We align Parasoft’s offerings to the testing pyramid. The testing pyramid is advocated by two agile thought leaders, Martin Fowler and Michael Cohn. They talk about organizing your portfolio of tests in a pyramid. Do a lot of unit tests, that’s your base of the pyramid, big and wide. Then you’re going to try to cover as much as possible with those unit tests. Then, you’re going to do API or servicelevel tests, testing business logic. That’s your middle layer, big, but not as big as unit tests. Then you’re going to minimize your end-to-end UI tests as kind of the small piece at the top, because they’re brittle and hard to maintain, and you have all the external dependency infrastructure. What Parasoft does is we provide technology at each of these layers, so Jtest for unit testing, SOAtest for API testing, and we have technology within SOAtest for web UI testing. Service virtualization helps me take those top two layers of the pyramid and start isolating the code from its external dependencies in a similar way that you would get unit testing at the bottom of the pyramid. This pyramid gives you a really scalable way of maintaining your testing strategy, but it doesn’t actually address quality. It’s very good for CT, but CT is only part of the solution. CT doesn’t actually help you build quality into the application. What it does is help you detect a problem, and detect it sooner, when it costs less to fix. It’s all about shifting left defect detection. How you build quality into the process is through use of preventative techniques, such as deep code analysis, and that’s where our language products like Jtest. dotTEST, C++test come into play. They give you the ability to uncover

Steve Orlando, senior director, product marketing, Mobile Labs

Brian Reed, chief mobility officer, NowSecure The NowSecure automated security testing platform helps organizations overcome the limitations and time constraints of traditional mobile app security testing with the speed, accuracy and integrations required for continuous security testing. NowSecure helps organizations on the journey from Agile to DevOps as they scale to meet the volume and velocity of continued on page 43 >

41

035-43_SDT025.qxp_Layout 1 6/24/19 3:42 PM Page 42

42

SD Times

July 2019

www.sdtimes.com

A guide to continuous testing tools n CA Technologies offers next-generation, integrated continuous testing solutions that automate the most difficult testing activities — from requirements engineering through test design automation, service virtualization and intelligent orchestration. Built on end-to-end integrations and open source, CA’s comprehensive solutions help organizations eliminate testing bottlenecks impacting their DevOps and continuous delivery practices to test at the speed of agile, and build better apps, faster. n HPE Software’s automated testing solutions simplify software testing within fastmoving agile teams and for Continuous Integration scenarios. Integrated with DevOps tools and ALM solutions, HPE automated testing solutions keep quality at the center of today’s modern applications and hybrid infrastructures. n IBM: Quality is essential and the combination of automated testing and service virtualization from IBM Rational Test Workbench allows teams to assess their software throughout their delivery lifecycle. IBM has a market leading solution for the continuous testing of end-to-end scenarios covering mobile, cloud, cognitive, mainframe and more. n Micro Focus is a leading global enterprise software company with a world-class testing portfolio that helps customers accelerate their application delivery and ensure quality and security at every stage of the application lifecycle — from the first backlog item to the user experience in production. Simplifying functional, mobile, performance and application security within fast-moving Agile teams and for DevOps, Micro Focus testing solutions keep quality at the center of today’s modern applications and hybrid infrastructures with an integrated end-to-end application lifecycle management solution that is built for any methodology, technology and delivery model. n Microsoft provides a specialized tool set for testers that delivers an integrated experience starting from agile planning to test and release management, on premises or in the cloud. n Orasi is a leading provider of software

n

FEATURED PROVIDERS n

n Mobile Labs: Mobile Labs remains the leading supplier of in-house mobile device clouds that connect remote, shared devices to Global 2000 mobile web, gaming, and app engineering teams. Its patented GigaFox is offered on-premises or hosted, and solves mobile device sharing and management challenges during development, debugging, manual testing, and automated testing. A pre-installed and pre-configured Appium server provides "instant on" Appium test automation. n NowSecure: NowSecure is the mobile app security software company trusted by the world’s most demanding organizations. Only the NowSecure Platform delivers fully automated mobile app security and privacy testing with the speed, accuracy, and efficiency necessary for Agile and DevSecOps environments. Through the industry’s most advanced static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps and privacy issues in custom-developed, commercial, and business-critical mobile apps. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed. NowSecure offers the fastest path to deeper mobile app security and privacy testing and certification. n Parasoft: Parasoft’s software testing tool suite automates time-consuming testing tasks for developers and testers, and helps managers and team leaders pinpoint priorities. With solutions that are easy to use, adopt, and scale, Parasoft’s software testing tools fit right into your existing toolchain and shrink testing time with nextlevel efficiency, augmented with AI. Parasoft users are able to succeed in today’s most strategic development initiatives, to capture new growth opportunities and meet the growing expectations of consumer demands n Perfecto: Perfecto offers a cloud-based continuous testing platform that takes mobile and web testing to the next level. It features a: continuous quality lab with smart self-healing capabilities; test authoring, management, validations and debugging of even advanced and hard-to-test businesses scenarios; text execution simulations; and smart analysis. For mobile testing, users can test against more than 3,000 real devices, and web developers can boost their test portfolio with crossbrowser testing in the cloud. testing services, utilizing test management, test automation, enterprise testing, Continuous Delivery, monitoring, and mobile testing technology. n Progress: Telerik Test Studio is a testautomation solution that helps teams be more efficient in functional, performance and load testing, improving test coverage and reducing the number of bugs that slip into production. n QASymphony’s qTest is a Test Case Management solution that integrates with popular development tools. QASymphony offers qTest eXplorer for teams doing exploratory testing. n Rogue Wave is the largest independent

provider of cross-platform software development tools and embedded components in the world. Rogue Wave Software’s Klocwork boosts software security and creates more reliable software. With Klocwork, analyze static code on-the-fly, simplify peer code reviews, and extend the life of complex software. Thousands of customers, including the biggest brands in the automotive, mobile device, consumer electronics, medical technologies, telecom, military and aerospace sectors, make Klocwork part of their software development process. n Sauce Labs provides the world’s largest cloud-based platform for automated testing of web and mobile applications. Optimized for use in CI and CD environments, and built with an emphasis on security, reliability and

035-43_SDT025.qxp_Layout 1 6/24/19 3:42 PM Page 43

www.sdtimes.com

scalability, users can run tests written in any language or framework using Selenium or Appium, both widely adopted open-source standards for automating browser and mobile application functionality. n SmartBear provides a range of frictionless tools to help testers and developers deliver robust test automation strategies. With powerful test planning, test creation, test data management, test execution, and test environment solutions, SmartBear is paving the way for teams to deliver automated quality at both the UI and API layer. SmartBear automation tools ensure functional, performance, and security correctness within your deployment process, integrating with tools like Jenkins, TeamCity, and more. n SOASTA’s Digital Performance Management (DPM) Platform enables measurement, testing and improvement of digital performance. It includes five technologies: mPulse real user monitoring (RUM); the CloudTest platform for continuous load testing; TouchTest mobile functional test automation; Digital Operation Center (DOC) for a unified view of contextual intelligence accessible from any device; and Data Science Workbench, simplifying analysis of current and historical web and mobile user performance data. n Synopsys: Through its Software Integrity platform, Synopsys provides a comprehensive suite of testing solutions for rapidly finding and fixing critical security vulnerabilities, quality defects, and compliance issues throughout the SDLC. n TechExcel: DevTest is a sophisticated quality-management solution used by development and QA teams of all sizes to manage every aspect of their testing processes. n Testplant: Eggplant’s Digital Automation Intelligence Suite empowers teams to continuously create amazing, user-centric digital experiences by testing the true UX, not the code. n Tricentis is recognized by both Forrester and Gartner as a leader in software test automation, functional testing, and continuous testing. Our integrated software testing solution, Tricentis Tosca, provides a unique Model-based Test Automation and Test Case Design approach to functional test automation—encompassing risk-based testing, test data management and provisioning, service virtualization, API testing and more. z

< continued from page 39

you explore other areas such as network virtualization and other features that are present but not tied to the main functionality. Until you’ve pinned down your main functionality, these other areas do not require continuous testing.” According to NowSecure’s Reed, “Continuous Testing starts with the risk profile of the mobile app portfolio itself.” Most organizations have high, medium-, low-risk mobile apps matrixed by frequency of releases such as: • Tier 1 high risk apps typically are the primary customer-facing business apps on iOS and Android that have significant customer personal information, perform critical transactions and contain significant intellectual IP where continuous testing with automated security testing of every build (possibly every day) should be the default operating mode. In addition, an organization might add regular pen testing certification for these high-risk apps. • Tier 2 medium-risk apps may have substantial company information, HR and IP, perhaps used by employees only, that should be continuously tested based on what is typically a less frequent release cycle where builds might be weekly or biweekly. • Tier 3 low-risk apps such as conference room booking, cafeteria menus or parking, may not require continuous testing. In these cases, periodic but

< continued from page 41 their business. NowSecure tests mobile app binaries on real iOS and Android devices using a comprehensive approach of SAST, DAST and behavioral testing and prioritize findings by industry-standard CVSS scores. Automated dynamic and behavioral analysis eliminates the human error and false positives that are typical of manual assessments and source code analysis. The NowSecure solution enables organizations to speed development and delivery by returning accurate testing results in minutes rather than weeks and providing remediation instructions to developers directly into the tools they use. The NowSecure solution plugs directly into the SDLC, meaning there are no tools for developers to learn. They can config-

July 2019

SD Times

non-continuous testing strategy is most cost and risk effective. Parasoft’s Lambert suggests following the testing pyramid, created by Martin Fowler. “You should have a significant number of unit tests, typically developercentric, that typically don’t require service virtualization because they’re isolated by definition,” he explained. “Then as you start moving up the testing pyramid and up the technology stack, API testing ... and then you want to minimize your level of end-to-end UI tests. It’s not to say to eliminate them; you want to make them as efficient as possible, so you’ve got to worry about maintainability of those tests. And the higher up the pyramid you go the more complex the use cases are as well.” NowSecure’s Reed said to start small on one mobile application and in one DevOps pipeline, and then incrementally grow the continuous testing capabilities. Next, he said, “Partner across security, dev and DevOps to define SLA and process agreements to optimize for flow vs. perfect security, with incremental improvements over time.” Follow that with a focus on automation and integration into your existing toolchain, and finally, look for automated testing tools that “provide complete SAST+DAST test runs in 15 minutes or less to ensure full security coverage while meeting the DevOps speed requirements,” he added. z

ure the NowSecure platform once and run security tests on daily builds in parallel with functional tests. Plug-ins and APIs make it easy to integrate with a myriad of SLDC tools including Archer, Brinqa, CloudBees, CircleCI, Code Dx, Jenkins, Jira, Microsoft Azure DevOps and more. NowSecure provides interactive dashboards to analyze all app security testing results and trend lines across vulnerabilities, privacy and compliance trends. In addition, NowSecure maps findings to numerous compliance regimes including OWASP, NIAP, FFIEC, PCI DSS, HIPAA, GDPR, CWE, and more. Organizations can also feed testing results into vulnerability and compliance management systems to enable security and risk teams to analyze their overall portfolio. z

43

044_SDT025.qxp_Layout 1 6/21/19 3:21 PM Page 44

44

SD Times

July 2019

www.sdtimes.com

Guest View BY KRISTY SHERMAN

How to create a data-driven culture Kristy Sherman is cofounder at data analytics platform provider AerialScoop.

B

ecoming ‘data-driven’ has become the aspiration of every executive, founder and manager. Those that succeed see greater customer acquisition, retention and, as a result, major bottom line benefits. Companies are now investing more money than ever on big data tools, but 72 percent say they’ve failed to create a data-driven culture. Interestingly, the reason behind this may not be what you think it is. In NewVantage Partners’ 2019 AI and Big Data Executive Survey, 93 percent of respondents revealed it’s not the technology itself that’s blocking them from becoming data-driven, it’s processes and people. Simply purchasing more tools won’t automatically help people start making data-driven decisions. It takes a culture shift and a shift in mindset to truly take the guesswork out of your decision-making. Here are four essential, but often overlooked, changes that need to be made in order to create this culture:

In order to start making fast data-driven decisions, everyone should have a clear idea of what success is.

1. Democratize your data

‘Transparent technologies’ like Lemonade are ushering in an era of radical transparency in which all aspects of the business from pricing to leadership decisions are completely transparent. And this approach is working. A study by Label Insight found that 94 percent of consumers are likely to be loyal to a brand that offers complete transparency and 73 percent said they would even pay more for a product that offers transparency in all attributes. It’s important to drive transparency in all realms of the business, including data. The problem is, while the C-suite expects their organizations to become more data driven, many still keep organizational-level discussions around data and metrics behind closed doors.

2. Break down data silos Departmental silos are one of the worst growing pains companies face and one of the biggest barriers to agility. In fact, managing CRM systems and data across technology silos was reported as being moderately to extremely challenging for 72 percent of B2B marketers. Viewing two siloed data sources together can tell

a very different story than when you look at them separately. While marketing may be measuring their success based on leads, how many actually have the characteristics needed to become Sales Qualified Leads? In order to actually start making fast data-driven decisions, everyone should have a clear idea of what success is and how to get there using data.

3. Focus on relevant data According to the Pareto principle, 80 percent of your results will come from only 20 percent of your activities. This means that, instead of focusing on the overwhelming mass of data coming your way, you need to focus on the 20 percent of your data that will provide the insights you need to achieve 80 percent of your growth. This requires direction from leadership to identify which areas are most important for the business and an environment that supports smart ways of working. Develop a culture that helps employees identify and prioritize the really important stuff first.

4. Develop a data-driven mindset Making data more transparent, accessible and easier to understand are all steps that pave the way towards a data-driven culture. But the last and final step doesn’t just require a change in culture; it’s about changing mindsets. You’ve probably heard the saying, “You can lead a horse to water…” You can also lead people to data, but you can’t make them use it. But there are two ways you can help them adopt a data-driven mindset. Discuss the benefits. The best way to sell a product is to focus on the individual’s pain points. How will acquiring data skills help your employees grow and develop within their role? How will it impact their workload and success rate? Create a habit. Don’t end the conversation after your team meeting. Encourage your employees to create a habit of checking in on your data. The best way to form a habit is by making it daily, starting small, creating a routine and setting a trigger. With AI and machine learning on the rise, companies will need to start getting their workforce ready to leverage even more complex but insightrich data. Starting the shift towards a data-driven culture now will put you ahead of the curve. z

045_SDT025.qxp_Layout 1 6/21/19 3:21 PM Page 45

www.sdtimes.com

July 2019

SD Times

Analyst View BY MARK DRIVER

Artificially intelligent “co-developers” T

he relentless demands of digital transformation initiatives mean that application development (AD) teams have to find ways to increase their productivity. Artificial intelligence (AI) and machine learning (ML) are now good options to augment AD teams and increase their output. We predict that, by 2022, at least 40 percent of new AD projects will have an AI-powered ‘virtual developer’ on their team, since AI and ML have immediate potential in the realm of quality assurance and application testing. Automating these time-consuming tasks will support new ways of working in DevOps, mobile and Internet of Things environments. What’s more is that through 2023, human rather than technical factors (like AI and ML) will cause 90 percent of agile or DevOps initiatives to miss customer and product expectations.

Human experts should focus on specialized problems This next phase of software development is called augmented software development (ASD). This uses AI and ML to automate code preparation, validation and generation. ASD will allow human experts to focus on those specialized problems that are most in need of human intuition and creativity, while delegating the underlying “technical plumbing” to smart machines. The goal of ASD is for developers to spend less

time coding application infrastructure, and more time acting on the relevant insights. But it’s no panacea. Our AI co-developers will struggle to correctly interpret software requirements and user stories expressed in the ambiguous and contextsensitive ways that are typical of natural language. Human developers, therefore, must learn the

role of translator. They need to turn conversations with end users and stakeholders into precise tests and logic for their AI co-developers. To do so effectively, we recommend that developers and AD leaders advance and use their abilities in testdriven development (TDD) and behavior-driven development (BDD) techniques.

Mark Driver is a vice president and research director at Gartner.

Training AIs TDD and BDD techniques provide a framework to train the AIs that will carry out most of the repetitive labor in future development work. Moreover, these tests and techniques themselves can be automated. This will in turn accelerate the process of ML by providing immediate feedback on the success of AI-generated code. It’s certainly a shift in skills and culture to orient AD teams more toward training AIs to augment their own capabilities, but the shift will allow teams to better address the kind of skills shortages that will only get more pronounced in the digital world. AD workloads will increase exponentially in the coming years, which is why it’s crucial AD leaders begin the process now. AD leaders are left with a simple choice: Hire exponentially more employees to cope with the increased workload in a market already short on these skills, or make each developer exponentially more productive. The latter option is the one that will deliver the best outcome for both the entire organization and the AD team. For the organization, hiring and staff costs can be kept down while AD output increases. For the AD team, the human work becomes less routine and more about solving unique challenges, which is more rewarding for most people. This is why Gartner advocates an ASD approach as something for AD leaders to examine immediately and as a way to navigate the future of AD in their organizations. z

We predict that, by 2022, at least 40 percent of new AD projects will have an AI-powered ‘virtual developer’ on their team.

45

046_SDT025.qxp_Layout 1 6/24/19 11:53 AM Page 46

46

SD Times

July 2019

www.sdtimes.com

Industry Watch BY DAVID RUBINSTEIN

Beware the dark patterns of privacy David Rubinstein is editor-in-chief of SD Times.

Y

ou know how sometimes, when an app requires you to sign in, it will give you the option of signing in via Facebook, or Google mail? And you think, ‘Wow, this is nice of them to make it so convenient for me. I’ll have to send Facebook a card or something to thank them.’ (Well, maybe you don’t think that last part.) You sign into the app with Facebook, only to come to learn that by signing into the app that way, Facebook has gained access not only to your personal data — the things you buy, how you stand politically, what kind of food you like to eat when dining out, where you went to elementary school — but it now can take your list of friends as well and sell those name and their data to third parties hungering for people and data. So what appears to be a benign service actually represents what is known in the user experience design world as a ‘dark pattern.’ And that, said John Biondi, vice president of experience design at Nerdery, “is a UX not crafted to respect privacy.” Instead, he thinks companies — and the people who design their websites and applications — will gain more trust and have more success if they offer their users both agency to control their data and transparency into how their data is being used. “When I both tell you what I’m going to take from you and what my intentions are with that, and I give you the ability to opt in or out of it — the agency to make your own decisions — then that’s a respect of privacy,” Biondi said. Biondi speaks in terms of a privacy user experience. “When something says, ‘This ad wants to use your location,’ should you let it? That’s a privacy user experience ... I think when you talk about increasing privacy through user experience, you’re adding friction into a process, which is exactly the opposite of what user experience design usually does.” But many companies are loathe to do that, because selling data for profit, or using data to fine-tune marketing and sales leads to greater revenue. Mostly, though, it’s because users aren’t demanding that their data remain under their control and private. “To add friction into a process, you would have

‘If we’d have said Google will cost $50 a year, I don’t think we’d be having this conversation.’

to get to a point where people wanted privacy so much that they were comfortable with the additional friction, and it doesn’t seem like we’re at that point,” Biondi said. So how did we get here? Since the beginning of the internet, the world has wanted software to be free. So, if search is free, and sharing stories and photos with friends is free, these companies had to come up with ways to monetize their software. And what they came up with was to take data on all these users and then offer it to actual advertisers so they could sell them their products and services. “And we call that advertising, but I don’t think that’s advertising, Biondi said. “It’s an indirect, sneaky way of advertising, I guess. If we hadn’t gone down that path, if we’d have said Google will cost $50 a year, I don’t think we’d be having this conversation. I don’t think the Googles and Facebooks of the world would have been forced to be this sort of dishonest about the way they make money.” But does any of this actually hurt these companies? “It doesn’t seem to,” Biondi said. “We haven’t reached a tipping point where users are demanding it. There comes a point where people realize they’re being treated unfairly, and they demand to be treated fairly. And we’re not at that tipping point, I don’t think. Although we know our privacy is not being respected, the convenience we get from these products and services outweighs the concern.” Biondi said Nerdery has come up with a set of principles for designers to follow. First is to understand that design is an expression of intent, and designers need to understand when the intention is dark, or immoral. “Is it a UX designer’s job for a huge corporate giant to take the principled stance? I don’t know,” he said. “Somebody has to take a principled stance. I honestly believe that companies and designers need to think about these sort of dark patterns and make it everyone’s job to take a principled stance. And if we’re not giving transparency and agency, then we’re probably on the wrong side of the privacy issue.” Until people demand to know why such data as interactions with voice assistants or chats with friends are being saved, and what these companies are doing with them, their privacy will remain compromised. Is that worth the convenience? z

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:10 PM Page 47

Full Page Ads_SDT025.qxp_Layout 1 6/21/19 5:11 PM Page 48