FC_SDT054.qxp_Layout 1 11/19/21 5:08 PM Page 1
DECEMBER 2021 • VOL. 2, ISSUE 54 • $9.95 • www.sdtimes.com
IFC_SDT054.qxp_Layout 1 11/17/21 11:09 AM Page 2
®
Instantly Search Terabytes
www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Jenna Sargent jsargent@d2emerge.com MULTIMEDIA EDITOR
dtSearch’s document filters support: popular file types emails with multilevel attachments
Jakub Lewkowicz jlewkowicz@d2emerge.com SOCIAL MEDIA AND ONLINE EDITOR Katie Dee kdee@d2emerge.com
a wide variety of databases
ART DIRECTOR
web data
Mara Leonardi mleonardi@d2emerge.com CONTRIBUTING WRITERS
2YHU VHDUFK RSWLRQV LQFOXGLQJ efficient multithreaded search
Jacqueline Emigh, Elliot Luber, Caryn Eve Murray, George Tillmann CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx
HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ forensics options like credit card search
CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi mleonardi@d2emerge.com
Developers: 6'.V IRU :LQGRZV /LQX[ PDF26
LIST SERVICES Jessica Carroll jcarroll@d2emerge.com
&URVV SODWIRUP $3,V FRYHU & -DYD and recent NET (through NET 6)
.
.
)$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH $:6 DQG PRUH
REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com
ADVERTISING SALES
Visit dtSearch.com for KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV IXOO\ IXQFWLRQDO HQWHUSULVH DQG developer evaluations
PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com MARKETING AND DIGITAL MEDIA SPECIALIST Andrew Rockefeller arockefeller@d2emerge.com
The Smart Choice for Text Retrieval® since 1991
dtSearch.com 1-800-IT-FINDS
PRESIDENT & CEO David Lyman
D2 EMERGE LLC www.d2emerge.com
CHIEF OPERATING OFFICER David Rubinstein
003_SDT054.qxp_Layout 1 11/19/21 4:56 PM Page 3
Contents
VOLUME 2, ISSUE 54 • DECEMBER 2021
FEATURES
NEWS 8 21
News Watch
The Fungible Fallacy
Progressive release management
Social impediments to effective project management
COLUMNS 36 GUEST VIEW by Ravi Duddukuru Take the customer’s perspective
37 ANALYST VIEW by Shameen Pillai 5 lessons for an effective API strategy
38
page 6
INDUSTRY WATCH by David Rubinstein The State of Value Stream Management
BUYERS GUIDES
page 10
Developer Productivity page 16
AI-enabled tools might completely change development...one day
Testing in DevOps page 25
page 22 Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2021 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950. SD Times subscriber services may be reached at subscriptions@d2emerge.com.
004-5_SDT054.qxp_Layout 1 11/18/21 5:48 PM Page 4
4
SD Times
December 2021
www.sdtimes.com
NEWS WATCH .NET 6, VS 2002 generally available .NET 6 is a Long-term Support release, which means it will be supported for three years. Microsoft is recommending developers start to migrate their apps to this new version, and believes that the upgrade process is fairly simple from both .NET Core 3.1 and .NET 5. .NET 6 is supported in Visual Studio 2022, which also was released on the same day. According to Microsoft, the two main themes of Visual Studio 2022 are developer productivity and quality-of-life improvements. It includes IntelliCode, which is an AI-assisted tool that can complete whole lines of code and spot repeated edits and suggest similar fixes throughout the codebase. Visual Studio 2022 also includes Hot Reload, Web Live Preview, and cross-platform testing on Linux.
This release is the first 64bit version of Visual Studio, which allows it to leverage more modern hardware and reliably scale to more complex projects.
Google expands eligibility for Summer of Code Google announced that it is broadening the scope of Google Summer of Code (GSoC) by opening the program to all newcomers of open source that are 18 years and older. Previously, the program was focused only on university students or recent graduates. The goal of the 17-year-old program is to have these new contributors stay involved in open-source communities long after their Google Summer of Code program is over. This year the company introduced the concept of medium-sized projects and large projects in 2022. “For 2022, we are allowing
People on the move
n Manish Dixit is joining modular application composition platform Entando as a chief product officer. Previously Dixit held roles at Oracle, Sun Microsystems, and Spiceworks, where he most recently served as global SVP of product and engineering. According to Entando, Dixit’s specialty is in building and managing high performance teams as well as rebuilding technology stacks. At Entando, he will work to expand the product and engineering organization, specifically for Entando ACP. n DigitalOcean recently appointed Gabe Monroy as its new chief product officer. He is joining the team from Microsoft, where he was vice president of the Azure Developer Experience group. He joined Microsoft in 2017 when the company he founded, Deis, was acquired by the company. At DigitalOcean, Monroy will oversee product management and take ownership of the company’s product vision. n Mendix co-founder Derek Roos is stepping down as CEO, and will pass the role to Tim Srock on December 1. Srock joined the company three years ago and has served as CFO. Prior to joining Mendix, he spent over four years at Siemens.
for considerable flexibility in the timing for the program. You can spread the project out over a longer period of time and you can even switch to a longer timeframe midprogram if life happens. Rather than a mandatory 12week program that runs from June — August with everyone required to finish their projects by the end of the 12th week, we are opening it up so mentors and their GSoC Contributors can decide together if they want to extend the deadline for the project up to 22 weeks,” Stephanie Taylor, the program manager of Google Open Source wrote in a blog post.
NVIDIA goes all in on AI advancement At its virtual GTC event, NVIDIA announced a number of new technologies it believes will transform several industries. It expanded its virtual world collaboration platform Omniverse with the introduction of NVIDIA Omniverse Avatar and NVIDIA Omniverse Replicator. NVIDIA Omniverse Avatar can be used to create interactive AI avatars using the company’s speech AI, computer vision, natural language understanding, recommendation engines, and simulation technologies. NVIDIA believes these avatars will be useful in customer service interactions such as restaurant orders, banking transactions, and making personal appointments. NVIDIA Omniverse Replicator is a data generation engine that creates synthetic data that can be used to train deep neural networks. It is launching with two replicators, one of which is for NVIDIA DRIVE Sim and the other which is for
NVIDIA Isaac Sim. According to the company, these two replicators will enable developers to bootstrap AI models and fill in data gaps.
Veracode launches API vulnerability scanning tool Veracode launched an advanced scanning tool that enables organizations to find and fix vulnerabilities in APIs. The new capability leverages Veracode’s Dynamic Analysis (DAST) scanning engine to provide comprehensive security insights and remediation guidance for APIs. API scan results are grouped by severity and provide detailed remediation guidance within a single dashboard alongside other Dynamic Analysis scans. This makes it easy for security teams to prioritize vulnerabilities and access the details required for developers to fix insecure code quickly, facilitating smooth collaboration between security and development teams, according to the company on its website.
Angular v13 continues path to Ivy compiler The latest release of Angular, v13, is now available and it continues on Angular 12’s mission of transitioning the ecosystem to the Ivy compiler. As of this release, the View Engine compiler is no longer available, which means that the Angular team can focus more of their efforts on building Ivy-based features. The removal also enables the development team to reduce its reliance on the Angular compatibility compiler, ngcc.
004-5_SDT054.qxp_Layout 1 11/18/21 5:48 PM Page 5
www.sdtimes.com
GitHub update helps deal with spam pull requests GitHub has announced two new capabilities aimed at improving the developer experience for open source maintainers. The first new feature is aimed at stopping spam pull requests, which will allow maintainers to continue working with external contributors while cutting down time spent dealing with those spam requests. Maintainers can now limit who can request changes to only those who have been granted read or higher level access. Maintainers can also enable code review limits for all repositories that are associated with their user or organization account. Once a maintainer enables these limits, if an unauthorized user tries to start a code review, they’ll be given a message explaining why they can’t, but will still be able to leave a comment. Another new improvement is that it’s now easier to triage notifications from a mobile device. When a spam issue or pull request comes in, maintainers can now close the issue or block the user from their organization directly from their phone. Related to the removal of View Engine, there are also some changes to the Angular Package Format (APF). All View Engine-specific metadata has been removed and the team has begun standardizing on more modern JavaScript formats such as ES2020. According to the team, libraries that are built using the latest version of APF will not require use of ngcc. APF also now supports Node Package Exports. As a result of dependence on Ivy, the component API has been simplified as well. Prior to this release, creating components required a lot of boilerplate code, but now developers can instantiate components without creating an associated factory.
Digital.ai updates DevOps portfolio Digital.ai has announced several releases across its portfolio of Agile and DevOps products. Updates include Digital.ai Agility 21.3, Digital.ai Release 10.3, and Digital.ai Deploy 10.3. Digital.ai Agility 21.3 includes usability improvements, such as checking that required fields in tasks are
completed before a story or defect is closed, and columns that auto-collapse if empty in Portfolio Item Kanban, story, task, and test boards. Updates in Digital.ai Release 10.3 include a new multi-select Listbox for managing multiple application releases and a Kubernetes Operator for Digital.ai Release and Digital.ai Deploy. And Digital.ai Deploy 10.3 also adds a new redeployment capability that makes it so that applications don’t have to be undeployed before they are redeployed.
Progress releases troubleshooting tool Progress has announced the general availability of Progress Telerik Fiddler Jam, designed to provide users with a troubleshooting solution for support and development teams to address customer issues remotely. With this release, new features have become available, such as the option for video recording, capturing events during a session recording, and masking sensitive data. Progress Telerik Fiddler
Jam works to provide support teams with a secure and streamlined process to resolve issues remotely without requesting extra information or a reliance on additional tooling. The product allows non-technical end users to isolate issues by capturing HTTP(S) network logs, network activity, console logs, and screenshots within the customer’s own environment and then sharing them with support and development teams.
Android 12L, design system previewed The Android Developer Summit took place last month, and it gave developers a glimpse into some of the new changes coming to Android development. Some of the key highlights from this year’s summit include a developer preview for 12L, the introduction of Material You to Jetpack Compose, and a new Google Play certification. 12L is an update to the Android operating system designed specifically with larger screens in mind. 12L features an updated UI for large screens, multitasking capabili-
December 2021
SD Times
ties, and improved compatibility support. Material You is a new design system in Android and it will now be available in Android’s UI toolkit Jetpack Compose. The Android development team is releasing an alpha of Compose Material 3, as well as a beta of Jetpack Compose 1.1, which will include features like stretch overscroll, improved touch-target sizing, and lazy layout animations. The new Google Play certificate will enable developers to improve their store listings, and the course and exam covers mobile marketing, common store listing violations, and how to tell a story through store listing assets.
Talend Fall 2021 release introduces data health concepts Talend has announced the release of Talend Fall 2021, which adds data health concepts across Talend Data Fabric. The new version includes Stitch Unlimited, which offers industry-first, non-consumption-based pricing for unlimited users and integrations. Users will also have access to a Trust Score so that everyone can know that they’re making the right decisions based on high-quality data. Native Trust Score for Snowflake now generates an automated Trust Score on all rows of data across all datasets in one’s Snowflake data warehouse. The new Talend Studio 8 allows users to tailor their development user experience with in-app updates and notifications. Two new features to the Talend Data Inventory include self-service Data API sharing that gives non-technical users the power to create APIs quickly. z
5
006-8_SDT054.qxp_Layout 1 11/19/21 3:06 PM Page 6
6
SD Times
December 2021
www.sdtimes.com
The Fungible Sociological impediments to effective project management BY GEORGE TILLMANN
P
art 1 of this article focused on the structural issues of how staff fungibility (the concept that one staff member can be substituted for another) can impede project management. The project management notions of project-month and full-time equivalent, are used to apply simple mathematical operators to people (e.g., two half-time people equals one full time person). However, the math only works if we assume that all people have the same experience, skills, and work ethic. The project planner relies on the fungibility of staff because actual people are not usually assigned to a project until project approval or kickoff. The project planner has no other choice. However, the first fungibility problem, and the core of the fallacy of fungibility, is assuming the fungibility of staff when building, managing, or assessing a team after project kickoff. Applying fungibility to real people is error-prone and can lead to eventual project failure. Second, Fred Brooks, in his book “The Mythical Man Month,” points out that the larger the team, the more individual effort is required to interact with other team members. Multiple people on a team require resources for dividing up work, coordinating effort, and just ensuring that everything that has to be done is being done consistently. The time required to coordinate work is called communication overhead. Fungibility does not take communication overhead into account. The conclusion of part 1 is that while the concept of the staff fungibility might be a necessary evil for project planning, which traditionally takes place before any staff are assigned to a project or before actual team size is known, it should not be used without significant caution after project approval. Part 2 points out a sociological problem with assuming staff are fungible, discovered by a 19th century French farmer conducting a tug-of-war.
George Tillmann is a retired programmer, analyst, systems and programming manager, and CIO. His most recent book is Logical Data Modeling: An Introduction to the Entity Relationship Model. (Stockbridge Press, 2021). He can be reached at georgetillmann@gmx.com.
PART 2: Where none is better than half a loaf In the 1890s, Maximillian Ringelmann, a French professor of agricultural engineering, was studying the work accomplished using early farm machinery, and comparing it to the work produced by horses, oxen, and humans. One of his experiments involved a tug-of-war between a man and a scale used to calculate the human’s pulling power. After testing many individuals, he discovered that a single man tugging a rope exerted an average force of 85.3 kg. However, when the same subjects were placed in teams of two, the average force per team member dropped to 93% of when the subject worked alone. When the team size was increased to four, then the force exerted by each team member averaged only 72% of when they worked alone. That number dropped to only 49% for a team of eight. Ringelmann found that an individual, who is part of a team, puts out less effort to accomplish a task than when he works alone. Further, the effort of the individual diminishes as the team gets larger. This is known as the Ringelmann effect, later renamed, and more popularly called, social loafing. Unfortunately, it took more than 60 years for anyone to show interest in Ringelmann’s work. Then it launched a firestorm becoming a
SECOND OF TWO PARTS Scan to read Part 1: The Fungible Fallacy: Structual Impediments to Project Management
006-8_SDT054.qxp_Layout 1 11/19/21 3:54 PM Page 7
www.sdtimes.com
Fallacy
December 2021
SD Times
gone unnoticed by the IT profession. One important finding of the research completed since Ringelmann is that social loading is not inevitable. It is possible to mitigate the effects of social loafing through some social psychology techniques.
What’s a project manager to do?
...an individual, who is part of a team, puts out less effort to accomplish a task than when he works alone. Further, the effort of the individual diminishes as the team gets larger. founding pillar of the new science of social psychology. Subsequent studies by modern researchers found that social loafing is present whether the task is physical (pulling a rope) or intellectual (such as solving math problems). Researchers also found that the level of social loafing was based on a number of factors, not simply team size. Social loafing, they discovered, was most prevalent when team members feel that: 1. Their individual efforts did not matter. When one is part of a group, they can feel that their contributions to the group are insignificant and that they have little effect on the outcome of the task. These feelings can lead to worker apathy. 2. Assigned tasks are unchallenging. Team members can feel that others on the team are assigned the choice or important tasks, while they were left with the boring or unimportant tasks. Feeling your job is unimportant or that
you are not treated fairly in team assignments can lead to social loafing. 3. Little satisfaction performing assigned tasks. Being assigned simple and/or unimportant tasks can rob team members of any personal satisfaction of a job well done or appreciation for their contributions. Karl Marx, it turns out, had it right — performing tasks that do not provide personal satisfaction can lead to the alienation of the worker. Alienated workers simply do not work as hard as those who find personal satisfaction in what they do. 4. A lack of a united team. Social loafing is more prevalent in team members who feel they are more part of a crowd than of a unified team. They feel little need to help the guy next to them or to “win one for the Gipper.” Social loafing is certainly a problem for any project manager, playing havoc with the notion of staff fungibility — that all staff produce equal work. Unfortunately, this problem has largely
Understanding the causes of social loafing can help the informed project manager reduce its effect by applying a number of remediation techniques. 1. Team size. As mentioned in part 1 of this article, team size is an important contributor to project success—small teams are more productive than large teams. This conclusion is also straight out of Ringelmann and many other researchers. (See “The Big Bang Bust, or Size Does Matter,” SD Times, July 2021) Small teams give individuals an opportunity to shine. Team member work products are more visible to others and they are often more inline with team goals. Social loafing can be reduced by partitioning big teams into a number of smaller teams, when possible. However, partitioning a team can be a difficult and trying task. Each sub-team needs to provide meaningful and unique work for its staff while minimizing the communications needed across sub-teams. 2. Team spirit. The team should function as a single-minded unit. One of the functions of military basic training is to instill a sense of camaraderie among new recruits — a feeling that they are all in it together. Shared experiences, even negative ones, bond disparate recruits into a unified team that supports and trusts each other. In the business world the same is accomplished with team building exercises. A crowd is a group of individuals in the same place at the same time. A team is a group of people working together to achieve a common goal. Projects work better with teams than with crowds. Unfortunately, people assigned to a new project might not have previously worked together or even know each other. For all practical purposes they are a crowd. If things go well, over time, the crowd will learn about each other, idencontinued on page 8 >
7
006-8_SDT054.qxp_Layout 1 11/19/21 3:07 PM Page 8
8
SD Times
December 2021
www.sdtimes.com
< continued from page 7
tify strengths and weaknesses, instill trust, and eventually coalesce into a team. The purpose of team building exercises is to shorten the time it takes to turn a crowd into a team. A good team building exercise can start, if not achieve, that in as little as an afternoon. Team building exercises can be complex, requiring a large indoor space, considerable props, and overseen by outside behavioral experts; or as simple as an hour or two spent in a conference room with an HR trainer. In both cases, the participants are asked to work with others on small and ideally amusing tasks that demonstrate the benefits of working together. In addition, the hopefully fun nature of the exercise, will generate a sense of camaraderie and familiarity among the participants. Team building exercises have successfully built team esprit de corps or group spirit through simple shared experiences. Formal team building exercises work well at the beginning of the project. Mid-project pizza parties, softball games, laser tag, and Friday night “programmer meetings” at a local pub, can contribute to a well-oiled team. 3. Challenging individual tasks. Each team member should be assigned unique challenging tasks. One of the project manager’s most important jobs is staffing — assigning team members to project tasks. For many project managers staffing consists of two components: (1) examining the task to be performed and (2) finding someone who can do the job. Sort of plugging work holes with people. But there is more to staffing than that. Project managers also need to (3) be aware of the individual’s personality and work history (too heavy, too many boring tasks, not in the team members skill set, etc.) and assign work based on team member personal dynamics as well as skills. And don’t forget development needs. Some tasks should be dead set in the individual’s strike zone — what they do best. But other tasks should stretch the individual, to learn new skills or expand existing ones. Every project has boring and workaday tasks that need to be completed.
Managers should ensure that these less popular tasks are evenly distributed among team members. No one should be assigned only boring tasks or only the more popular or challenging ones. 4. Measure, evaluate, and communicate each team member’s performance. The performance of every team member should be objectively assessed and feedback provided to the team member. In these modern times, project managers are very familiar with HR. There was a time when the personnel department was only involved in hiring and benefits. Now there are a whole range of HR activities that involve the project manager. Have a problem worker? Well HR will require that you document the poor behavior or work. Detailed documentation is necessary before formally chastising or firing a worker. But the good worker? Well HR’s folder on him or her is much smaller. The fact is we spend far more time on the problem child than on the good one. This is a grave disservice to the good worker. Every team member should know exactly what his or her team leader and project manager thinks of their work. This evaluation should be objective and conveyed to the team member in a timely manner. It is of little use if their only assessment is at the end of the project. The team member should have sufficient time to correct deficiencies and improve performance before the project ends. 5. Recognize individual work. IT loves praising work. We have done our share to keep the tee-shirt, coffee mug, and mousepad industry in business. Every milestone — project kickoff, first
system test, starting beta etc. — involves another tchotchke. However, users and IT management praise usually stops at the team level. Individual praise is less common. No one is suggesting that you praise mediocre performance. This is not summer camp where everyone wins a trophy. However, there is a lot of good work going on between star performer and deadbeat. The yeomen on the team should be recognized for their individual contributions and given a little pat on the back for their achievements. You don’t need to award a tee-shirt, but you should recognize individual contributions. Praise is good but can be overdone. The operative word is more recognition than praise. Individual team members should feel that project management knows who they are, what they do, and their contribution to the project.
Fungibility: The reality of the situation First, fungibility and its associated concepts of person-month and full time equivalent, are useful when estimating the work required to complete a project. However, their value diminishes significantly once the project starts. Actual team members and actual team size are not fungible. Keeping the fungibility notion alive after project planning can be a costly mistake. Second, recognizing the causes of the fungible fallacy can help the project manager mitigate them, even if they cannot be eliminated. When to use fungible concepts, attention to team structure and size, and the proper treatment of staff can go a long way to minimizing the fungible fallacy. z
Full Page Ads_SDT052.qxp_Layout 1 9/23/21 5:07 PM Page 27
010-14_SDT054.qxp_Layout 1 11/19/21 3:27 PM Page 10
10
2021 The Y Year ear in Review
An unsettled year This year started out in much the same way 2020 ended — with people still uncertain about the future of work, whether or not their offices would reopen, and figuring out how to work from remote offices in their homes. To address these issues, we’ve seen huge growth in certain market segments — collaboration tools such as Slack, Zoom and Teams; new digital platforms for hosting conferences replete with virtual exhibit halls, meetup rooms and other experiences (SD Times produced two this year, on value stream management and low code/no code development); and more digital transformations that include big moves to the cloud. Once development teams got the work part of it down, those people had to manage their time — what hours should they work, what hours are family time, as part of the worklife balance people seek. What we’ve seen is that people are actually working more hours from home than they
would at an office in an attempt to keep pace with the organizational demands for software delivery quickly and that will delight users. This has been a big challenge for development managers, who can’t simply walk over to a desk to assess where a developer is at with a project. Often, a Teams message or Google Meet invite will go unanswered for hours, putting a drag on the development effort. This is the new work reality, and why, in the January issue of SD Times, we’re declaring 2022 The Year of Hybrid Work. Now that developers have settled in to their new normal, this series will look at how workers can improve on software delivery and how managers can do a better job keeping the team humming. But first, here’s a look back at what made news in 2021. We wish you all a joyous holiday season and all the best for the new year. z — The editors of SD Times
Breaches put security on center stage BY JAKUB LEWKOWICZ
2021 was a tumultuous time for security, marking both massive breaches — a trend that sped up during the pandemic — and widespread action for trying to fix the problem. On May 7, 2021, the Colonial Pipeline, an American oil pipeline system, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. In response, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity that includes sweeping measures on how cybersecurity in the federal government is handled. The order requires contracts with IT and OT service providers to conduct an array of day-to-day functions on Federal Information Systems. The government plans to take “decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties.”
Automation, modernization trends in testing BY KATIE DEE
Coming out of the COVID-19 pandemic, 2021 has been a year of acceleration and enhancements in the technology industry. In the testing space, we have seen a strong pull towards testing automation and the overall modernization of the way software teams conduct tests. This year, financial services teams have felt this push towards automation and modernization of testing in response to increasing customer expectations. Back in January, an SD Times story showed that several financial services teams made the move to an open-source, technology-agnostic, test automation framework with the capability to span the
entirety of the DevOps life cycle. The primary reasons financial services organizations found themselves flocking towards modernizing testing are the improvements in performance and efficiency that came as a result. It was reported that modernizing and automating testing led to a 10% improvement in developer efficiency as well as a significant improvement in application performance. Also in the testing space, in February of this year, BlazeMeter released BlazeData in order to make generating test data simpler. This allowed users of varying skill levels to quickly and synthetically generate data for any UI functional test. This came as a
response to user demand for an easier way to create reliable test data. This release provided many benefits to the developer community such as ease of use, not requiring specialized training to create test data, lower costs, and the ability to reuse the data once it's been created. This release served as a one-stop shop solution in the marketplace for the users entire testing process. Months after this release, in October of this year, BlazeMeter was acquired by Perforce Software. Also in October of 2021, the UI testing framework Selenium was updated with the release of Selenium 4. This release introduced several new features, including relative locators, which
010-14_SDT054.qxp_Layout 1 11/19/21 3:27 PM Page 11
11
However, security initiatives at organizations will still need to evolve to gain wholesale developer support. According to the VMware-commissioned Forrester survey called Bridging the Developer and Security Divide, over half of the developers feel that current security policies stifle innovation. “Organizations expect developers to be more involved with security tasks in the future, particularly among cloud and workload tasks. However, developers currently aren’t very involved in security strategy planning or execution,” the report stated. The best way around these bottlenecks, according to Forrester, is to make sure security is no longer a specialization at an organization and that security tasks should be embedded across people, teams processes, and technologies like in DevSecOps. As employees left their companies throughout the year’s “Great Resignation”, they oftentimes — intentionally or otherwise — took valuable source code, patent applications, and customer lists with them, resulting in data leakage. Code42, an insider risk detection and response company, unveiled these findings from its Incydr software solution, reporting that insider data leaks and theft contribute to losses up to 20% allows testers to describe where an element is on a page using human language. In addition, Selenium 4 added support for handling authentication, intercepting and stubbing out network traffic, and capturing JavaScript errors. Furthermore, this release brought testers new support for Chromiumbased Edge out of the box. Along with this trend, PractiTest’s 2021 State of Testing report from April of this year showed that 90% of organizations were actively implementing testing automation into their processes throughout 2021. In addition, 96% of respondents reported that they believe test automation patterns, principals, and practices are now critical for businesses. The report also showed that 97% of those surveyed believed that functional
of revenue annually and due to widespread job exits, this problem might get worse before it gets better. From April-June of 2021 there were 61% more data exposure events than the previous quarter, and that same time frame accounts for 86% of all exposure events experienced by organizations throughout the first half of the year, according to Code42. The best way to prevent these types of leaks is for organizations to give employees thorough training on their data and handling policies so that everyone knows what guidelines they are expected to follow, and also, new cloud-based insider risk management technologies can verify whether people are working within those guidelines, according to Joe Payne, CEO of Code42. testing automation has become important for a company’s success. The report also showed that there is a divide among testing teams as 59% shifted left in 2021 while 40% shifted right with practices such as testing in
Another shift in the security landscape are the vulnerabilities that now pose the biggest threat. The latest edition of the OWASP Top 10 showed that all of the highest-priority vulnerabilities since 2017 have shifted and new ones have been introduced. Broken Access Control has dethroned Injection as the top vulnerability, whereas it previously held fifth place. Also, new categories of top 10 vulnerabilities this year included Insecure Design, Software and Data Integrity Failures, and Server-Side Request Forgery. Mobile usage skyrocketed throughout the pandemic and as a result, created a larger attack surface. Android recognized the additional security needs required for the medium and with the release of Android 12 in October 2021, the company introduced more security features and services for enterprise customers, including improving password complexity controls. The features make it easier to protect company data and disable USB signaling on company-owned devices to limit USB-based attacks. Android also launched the Enterprise Vulnerability Rewards Program with the offer of up to $250,000 for a full exploit on a Pixel device running Android Enterprise. z production or chaos engineering. However, when the report was published in April, the number of teams shifting right was on a downward trend. Following the shift software teams are seeing towards automated testing, earlier this year SmartBear, a provider of software development and quality tools, expanded its support of codeless, automated testing for mobile and ERP applications. The company integrated its UI test automation tool, TestComplete, with its native mobile device cloud, BitBar. This integration allows TestComplete users to create a codeless mobile test and then use that test in BitBar across devices. With this, the company also increased its support for testing enterprise applications such as Salesforce, Oracle EBS, and SAP. z
Full Page Ads_SDT054.qxp_Layout 1 11/19/21 2:20 PM Page 12
S
Build experiences users love with low-code.
Get your idea off the ground and into an app. ServiceNow can help you design, build, and launch a low-code app to drive business innovation in just 72 hours. servicenow.com/lowcode
© 2021 ServiceNow Inc. All rights reserved.
010-14_SDT054.qxp_Layout 1 11/19/21 3:28 PM Page 13
2021
13
The Y Year ear in Review
Low code solutions come of age BY JENNA SARGENT
At the start of the year, we declared that 2021 would be the year of low code. It turned out to be a fairly accurate prediction. Low code was used throughout the past two years by small businesses needing to quickly open online storefronts, companies needing to create tooling to support remote workers, and by developers looking to save some time by turning to a low-code solution rather than having to write out unique code that would have taken much longer to produce. When interviewed for our Year of Low Code story last December, Shane Young, PowerApps guru at consulting company PowerApps911, said: “What it’s really been a lot of is people realized that they have a lot of processes that required paper, walking it over to somebody’s desk and saying ‘hey, sign this’ or ‘do this,’ and when we’re all working from home, you can’t walk over to my desk and have me sign this, or share some information with me. So a lot of the app uptake has been just trying to [create] simple apps, which lends itself so well to low code, but just things that facilitate conversations, or facilitate approvals, or what are the processes that used to be paper or hand-driven that now need to be electronically driven?” When low code was first introduced, it didn’t have quite the stellar reputation it does now. People who worked in tech-
nical roles scoffed at it, believing that there was no way a tool could handle the complex tasks they had to do on a daily basis. And for a while low code was mainly used for simpler tasks, like creating something as simple as a vacation scheduler. But now low-code platforms are much more hefty and can be used to create some pretty powerful applications. One way in which low code has changed the face of development is that it allows for the creation of better UIs. Traditionally, a lot of development time is spent writing the user interface, while the core application code only takes up a small portion of the codebase as a whole. According to Kiasco Research analyst Michael Azoff, low-code tools can be used as a cross-platform UI builder. This will eliminate much of the repetitive work relating to the UI that needs to get done on many development projects. “It is no surprise to me to see the rise of LCNC, taking the burden out of cross-platform UI development is a great opportunity, I think this sector of appdev will continue to grow,” Azoff wrote in an article for SD Times. The idea of low code doesn’t necessarily mean that no code is written at all, just that a lot of the work can be accomplished through drag-and-drop interfaces. Earlier this year, Microsoft actually released an open-source lowcode programming language called Power FX. Power Fx is based on Microsoft Excel and it uses a lot of for-
mulas that people are already familiar with, which opens up the language to a broad range of users and skill sets. “With Power Fx, we can amplify the impact of developers by many multiples over the same time horizon. By offering citizen developers a familiar and approachable way to express logic, we’re dramatically expanding who can build sophisticated solutions. By delivering Power Fx with the tools a professional expects, including the ability to directly edit apps in text editors like Visual Studio Code and use source control, we’re making it possible for developers to go faster and find common ground with millions of makers,” Ryan Cunningham, director PM of Power Apps at Microsoft, wrote in a post. A lot of new folks are interested in learning about low-code if they’re not already implementing it. D2Emerge, publishers of SD Times, produced a conference about low code in October called Low-Code/No-Code DevDay and nearly 600 people attended to learn more about the subject. Here are some of the sessions we had at our 2021 event: • Designing a developer-led culture • Text nudges, chatbots, self-service and more: Why now is the time for low-code CX • Maximizing the value of hybrid dev teams in remote environments • Mastering Power Apps & SharePoint related lists z
010-14_SDT054.qxp_Layout 1 11/19/21 3:29 PM Page 14
14
2021 The Y Year ear in Review
Next phase of DevOps should take pressure off devs, focus more on value BY JENNA SARGENT
As the workplace we once knew changed over the past two years, so did the way DevOps teams worked. While the initial goal of DevOps was to facilitate greater collaboration between developers and operations teams, a lot of recent focus has been on how DevOps teams can measure the value they are providing to the business. New trends like value stream management and BizOps have begun to gain popularity as a means to this end. Another interesting trend is the declaration by GitLab that we are now in the fourth wave of DevOps. According to GitLab, the four phases of DevOps include: 1. Silo DevOps, where each team selects their own tools 2. Fragmented DevOps, where organizations utilize the same set of tools for different life cycle stages 3. DIY DevOps, where teams use toolchains built with parts not designed to work together
4. Platform DevOps, where tools have advanced capabilities that allow developers to build software with velocity, trust, and visibility “There’s an old expression, ‘If you want to go fast, go alone and if you want to go far, go together,’” said Sid Sijbrandij, cofounder and CEO of GitLab, during his keynote at GitLab Commit earlier this year. However, going together often means that developers are asked to do things they aren’t trained to do — involving areas like testing, security, and governance — and organizations have been
slow to actually provide the training needed to learn those skills. On top of this, traditional IT operations have been sidelined and precautions they would take before releasing an application are now only being dealt with after the fact. This leads DevOps to feel like “The Bad Place,” and open up organizations to risks. And even though today more and more departments are coexisting with each other and collaborating, a lot of silos still exist. So rather than DevOps breaking down silos as it originally intended, more tend to get created. One potential solution to some of these problems is to take some of that burden off untrained developers and onto specialists. It won’t solve all of DevOps’ current problems, but it could be a start. Another struggle with DevOps is that though a lot of new developers come into the industry fresh out of college programs, a lot of universities still aren’t incorporating DevOps into their curriculums. In an episode of the What the Dev? podcast,
Microsoft goes all in on open source, security BY JAKUB LEWKOWICZ
This year, Microsoft went all in on open-source and security and launched a plethora of new solutions aimed at bettering the lives of developers working remotely and on-premises. Microsoft launched its flagship Visual Studio 2022 and .NET 6. in November. .NET 6 is a follow-up to the notable .NET 5, which merged .NET Framework and .NET Core in 2019. .NET 6 is a long-term support release meaning it will be supported for three years. .NET 6 dunked Microsoft into the world of macOS’s Apple Silicon, in addition to its support on Windows Arm64. The open-source platform now includes Hot Reload, which allows code changes to be viewed without needing to restart the app, OpenTelemetry and dotnet
monitor support, and much more. Meanwhile, Visual Studio 2022 received a feature called IntelliCode, an AI-assisted tool that can complete whole lines of code and spot repeated edits and suggest similar fixes throughout the codebase, and many other features. Microsoft, known for its dominion of the collaboration space with Microsoft Teams, which grew tremendously during the pandemic, created other means through which developers can share ideas. The company recently announced the .NET Tech Community Forums for all .NET developer topics and discussions. Developers can then receive updates on the forum through email, RSS feeds, or on the user’s tech community homepage. In November, Microsoft signed the
Java Specification Participation Agreement (JSPA) to officially join the Java Community Process. Microsoft also advanced its hardware sphere by announcing its new Surface Duo 2 and is now inviting developers to start building or enhancing apps for dual-screen devices. As the owner of GitHub since 2018, Microsoft shared its views this year on how open-source and software development can improve moving forward. The major points of improvement included seeking different perspectives and feedback on what the community requests, finding a balance between policy and autonomy, securing every link in the supply chain as open can contain security defects since attackers can become maintainers and introduce mal-
010-14_SDT054.qxp_Layout 1 11/19/21 3:29 PM Page 15
15
Illustration courtesy of Microsoft
Christina Hupy, senior education program manager at GitLab said: “I would say that most college graduates who are studying computer science and learning coding come out of their degree program with a very solid grasp of the fundamentals of coding, usually with a specific language or two. They learn how to build code, how to run code, how to compile it, and do some testing. Generally speaking we find that the DevOps process itself is not being taught.” Some courses are available to help developers fill in those gaps in their knowledge. Recently, the Linux Foundation and Continuous Delivery Foundation partnered to provide the DevOps Bootcamp. The bootcamp provides an overview of DevOps and Site Reliability Engineering, goes into detail about specific DevOps toolsets, and explains more specific topics such as GitOps and DevSecOps. In addition, to help companies assess how well they’re doing at DevOps compared to similar organizations, this year the DevOps Institute announced its Assessment of DevOps Capabilities (ADOC), which does take into account the human aspect of DevOps. It looks at five different areas: human aspects, process and frameworks, functional composition, intelligent automation, and technology ecosystems. z
ware. Last but not least is that communication is key, especially in a remote work environment. Likely one of Microsoft’s biggest moves this year was in the field of security. In September, Microsoft announced that consumers can now completely remove passwords from their accounts, predicting that “the future is passwordless.” Some of the alternative authentication methods that now offers include the Authenticator app, Windows Hello, a security key, or a verification code sent to you. z
Java 2021: Latest LTS released, Oracle updated Java license BY JENNA SARGENT
This year, there were two major releases of Java — Java 16 and Java 17. Java 17 is also a long-term support (LTS) release, the last of which was Java 11. The next LTS release of Java will be in 2023 with Java 21. This will change the LTS release cadence from three to two years. Java 16 introduced a number of new enhancements, such as an incubator model for expressing vector calculations that are compiled at runtime (JEP 338), C++14 support (JEP 347), warnings for value-based classes (JEP 390), and more. Additions to Java 17 included a new macOS rendering pipeline (JEP 382), strong encapsulation for JDK internals (JEP 403), sealed classes (JEP 409), and more. Another major change to the programming language this year is that Oracle updated the Java license. Starting with Java 17, releases will be provided under a free-to-use license until one year after the next LTS release. Oracle also announced Java Management Service in order to accelerate Java adoption in cloud settings. The service provides visibility over Java deployments, highlights unplanned Java applications, and ensures that the latest security patches have been applied. A survey from the Eclipse Foundation in September revealed that there had been an increasing interest in enterprise Java in cloud native spaces. Sixty percent of respondents use Spring or Spring Boot as a cloud native Java framework, and 48% use Jakarta EE. Adoption of Eclipse MicroProfile, which offers a microservices architecture for
enterprise Java, also grew to 34% use — up from 29% the year before. Another survey from July, conducted by Snyk, revealed that developers began to move away from Java 8 and onto Java 11, the most recent LTS release prior to Java 17. Previous reports of the Java community had found that developers were mainly using Java 8 rather than upgrading to newer releases. According to the survey, 61.5% of respondents use Java 11 somewhere in production, while 12% used the latest Java version at the time, which was Java 15. Half of the respondents who use Java 11 also still use Java 8 somewhere in their production stack, according to the survey. Last month, Microsoft announced its support of the Java community. It officially joined the Java Community Process, which is the mechanism for developing specifications for the programming language. This followed the company’s April announcement of its Microsoft build of OpenJDK, since which use of Java within Microsoft grew significantly. “Java is one of the most important programming languages used today — developers use Java to build everything from critical enterprise applications to hobby robots. At Microsoft, we’ve seen increasing growth in customer use of Java across our cloud services and development tools. We’re continually working to broaden and deepen our Java support for customers and developers,” Bruno Borges, principal program manager of the Java Engineering Group at Microsoft, wrote in a post announcing the build. z
16
SD Times
December 2021
www.sdtimes.com
BY DAVID RUBINSTEIN
W
hen developers lie awake at night, they’re likely not thinking that they didn’t turn around enough tickets that day, or write a certain number of lines of code. Their fear is that they’ve broken something, and that they’ll be in trouble. In the meantime, C-level managers are primarily concerned with innovation, creating new products and enhancing old ones. So there is a natural divide when it comes to assessing how productive developers are. Eric Minick, vice president and head of product at CodeLogic, said, “I think what a lot of our developers would celebrate most is, if someone said, ‘Today, I took 300 lines of code that were a mess, and I consolidated it down to 40 lines of code that are clean. And so my net code for the day was minus 260 lines. And that would be celebrated wildly. And so lines of code is about as toxic a measure as you could come up with, as it encourages bad behavior.” “You know, a development team or an IT shop, looking at that developer who took that 300 lines of mess and turned it into 40 lines of elegant clean code, as being productive,” he continued. “Somebody in a business suite, however, might say, ‘You are not advancing our product, you added no new features, nothing happened. How are you being productive?’ “ Gartner analyst Thomas Murphy explained, “We advise clients that they should not be focused on individual productivity metrics — software is about teams — thus we look at team productivity and things are measured more in agile terms of Story Velocity, but that is useful more to understand a backlog and how long it will take.” It’s this misalignment between the business and IT that continues to exist — despite the ideals of Agile development and DevOps that should bring the sides closer — that makes defining developer productivity difficult. It is Minick’s opinion that from a measurement point of view, most development teams have yet to make business outcomes their goals. Organizations might be using OKRs or KPIs to say that in the
Developer Productivity As modern applications grow more complex and developers are taking on more tasks, gauging productivity isn’t as simple as counting lines of code anymore next six months, we’re going to improve conversion rates by 5%. But developers are saying, ‘We’re still closing 100 tickets a week, we are good at our jobs.’ Minick said, “I don’t think most organizations have really tightened up the alignment to bring the business metric into the definition of success for the application team. But we’re starting to see the beginnings of that.”
Murphy explained, “From a metrics perspective you should be shifting away from metrics that are ‘output’ driven and to metrics that are ‘outcome’ driven. Thus are we delivering the business outcomes — which means it isn’t just an engineering thing.” One thing that organizations have started to embrace in an attempt to make developers more productive is
www.sdtimes.com
the notion of the developer experience, with the belief that giving developers the best possible employment experience increases their productivity. That experience can range from things like the chair they sit in, the size of the monitors they use while working, the software tools they are given to do their jobs, and the hours they put in. “There’s nothing more frustrating than having to close down a bunch of apps just to start running your tests and get your own software to run, and being constrained by a cheap laptop, or a monitor that’s too small or anything like that,” Minick said. “You want loyalty from your developers. Give them a powerful box and a big screen, like step one. Step two … big investment in better chairs, standing desks, all of these things that set up the developer to be comfortable, alert, helping and able to concentrate for a long time on their code and be effective.” After that, he said, make sure they’ve got the right tools at their disposal. Make sure they’ve got a good development environment, that they’ve got the other software packages they need.
Changing roles for developers One of the difficulties in assessing developer productivity is the fact that their job is much broader than it was in the days when developers primarily wrote and maintained code. Now, they’re more involved in testing, more involved in security and in compliance and governance. Minick said measuring things like features delivered by the development team is better than measuring the amount of code generated. And, organizations that take productivity seriously will put in place measurements for ‘good behavior,’ such as how code coverage is changing, and is technical debt increasing or being reduced. Or, he noted, crediting developers for taking something highly complex and streamlining it to something simpler. While there was no feature added by that work, the technical debt score should go down, and that would be the productive activity. A productive development team, according to Minick, will deliver features, mitigate risk, and fix bugs. “You
want to make sure you’re balancing your investment in a development team pretty well across those things,” Minick said. “If you’re delivering no features, you’re probably failing. At the same time, if you’re delivering only features and accumulating a tremendous amount of technical debt and risk, you’re setting yourself up for failure in the future. And it’s really a business decision how to weigh that investment, but that should be done consciously, and too often, it’s not.”
How to make development teams more productive One of the ways organizations can increase feature flow is through value stream management, with which they can identify the impediments that slow productivity and work to remove them. “So metrically, this is where the DORA metrics come in, or the Flow Framework, and this is what comes into a ‘Value Stream Management’ system,” Murphy said, “but with this you are also looking at what are the bottlenecks. ‘Ahh, it takes two hours to provision a test system, that limits how quickly we can build and test software — how can we make that faster.’” This is especially true as it pertains to the various tools developers need to be productive. There are communication tools such as Teams and Slack, CI tools, IDEs, test tools, code repositories and security tools. Some of this tool sprawl is necessary, Murphy said. “I have to have an IDE, a compiler and such,” he said. “The hope would be that I don’t have Teams and Slack and email for communications.” Many organizations have more than one tool for continuous integration, which could be because teams have the freedom to select the tool they feel is best to do their job. Murphy noted that Gartner has seen a shift toward choosing standard solutions and tools that take a more integrated approach. “More clients are buying Jira/Confluence/Bitbucket/Bamboo… than did in the past, where it may have been Jira/ Confluence/Git-something/Jenkins/ Artifactory,” he said, adding that this will be a slow evolution, because of
December 2021
SD Times
sunk investments and personal preference, but that organizations want to control their spend, be more efficient and have the ability to move resources between teams. This is another aspect where the business and IT seem to be at odds, though organizations are recognizing the value of having business knowledge in and with the technology. The way many of them are meeting this challenge is through retraining. CodeLogic’s Minick said that’s the best way to go, as opposed to hiring more developers, “because you have the knowledge of business in those people, and you want to keep that in house.” This approach can keep the deep business under-
Keep it as simple as you can In the face of all this, Murphy suggests organizations do what they can to simplify things. Among the steps they can take are reducing the number of tools where possible, and being consistent in business direction/objectives so you have a unified set of activities that everyone is actioning toward. Going forward, organizations are looking to AI-assisted coding to help with productivity, but Murphy noted that will “take a while to perfect.” In the meantime, he said, “toolchains will be a bit messy, and our ‘legacy challenge’ of unforeseen needs of the future will always dog us.” z
standing of how the business works as close to the developers as possible. Gartner’s Murphy said organizations do a mixed job of providing time and resources to support learning and upskilling, which is leading to growth in informal training — communities of practice, dojos, use of StackOverflow, and more use of pairing and mentoring. “Entities are having to rethink strategies and tools to support how new people are onboarded, how to get effective knowledge transfer and how to evolve employees,” he said. “But this also means you have to be prepared to train continued on page 18 >
17
18
SD Times
December 2021
www.sdtimes.com
How does CodeLogic help make developers more productive? Eric Minick, VP, Head of Product at CodeLogic CodeLogic helps developers surface risky dependencies in their code. We know the feeling when the latest feature changes something that might break something else: What could break? What do we review? Whether a feature requires a change to an attribute in a database column, or you’re considering pulling some module out into its own service, the question is “What’s using this?”. As applications have grown in complexity over time, teams have become ever more reliant on a handful of experienced developers who know the dependencies. Other developers end up either waiting for their help or crushing those senior developers with requests. Either way, the team’s productivity slips. CodeLogic believes that if every developer had a clear view into dependencies within and across their applications, they could make changes more confidently and more quickly. CodeLogic combines static scans of binaries with active scans of systems under test to form a comprehensive graph of dependencies from APIs, through code and down into database dependencies. With a clear view of dependencies, developers can avoid miserable break-fix cycles where each change seems to cause something new and unexpected to break. CodeLogic makes these ripple effects more predictable, leading to more peace of mind, faster development, more confidence in quality, and more senior developers that get to write code again. Get dependency insights today. Visit https://codelogic.com/ for more information. z
A guide to productivity tools Developer productivity encompasses the use of many different kinds of tools — a comfortable chair and two big monitors, for example. On the software side, developers need tools for writing code, integrating code changes, testing, putting security around their work, and more. What follows is a sampling of tools in each productivity category.
Code repositories
DevOps platforms
Communication tools
Bitbucket ClearCase Codebase Eclipse Git GitHub GitLab IntelliJ IDEA Java.net Netbeans Perforce SourceForge Subversion Visual Studio
Atlassian Bamboo AWS Code Pipeline Azure Pipelines Bitbucket Pipelines Broadcom CircleCI CloudBees Codefresh Digital.ai Harness.io Jenkins LaunchDarkly Optimizely Split Software TeamCity
Google Mail Google Meet Microsoft Teams Slack Trello Zoom
Collaboration tools Codenvy CodeLogic Codestream Engine Yard JetBrains SmartBear
Security tools Aqua Security Bridgeview Checkmarx Contrast Security Sonatype
Testing tools Applitools Applause Eggplant HCL Software Mabl Parasoft Progress Software Sauce Labs Testim Tricentis
< continued from page 17
them in the new hot technology, pay them more, or (risk losing them).”
A matter of trust It’s critical that IT and the business have trust, so that when the business asks IT why something will take six months to complete, the answer is framed in such a way that the business can decide if it wants to proceed down that path or not. According to Minick, you’re starting to see more product management people put into that intersection. Business talks about how quickly features and bug fixes can be released. But developers talk about velocity. Velocity, as any student of physics would recall, is different than speed. “Velocity is a vector, velocity has direction,” Minick said. “And what we really need is speed in the right direction. That’s why people are pulling in the SME [subject matter expert] knowledge to business, to better make sure that when we write a lot of code… it’s what the business wants — and more specifically, what they need. And that often requires someone who has a good understanding of the business to translate from what the business says, which may not be precise enough or clear enough. There may be very ambiguous language to actual features that development can build that will actually push the application and therefore the business in the right direction.”
The crushing demand for modern apps The demand by the business for new applications and modern experiences far outstrips the availability of developers to do the work — a labor shortage that has plagued IT in the United States for going on two decades. Combine that with the growing complexity of modern applications and the near-constant introduction of new platforms, technologies and modes of interaction, and — Gartner’s Murphy said — overloaded engineers “have a feeling of, ‘Here, let me toss a few more bricks on the hod.’ This, he said, is part of the reason that there is such growth in low-code solutions, to ease the burden on “pro-code” developers. z
Full Page Ads_SDT054.qxp_Layout 1 11/17/21 6:09 PM Page 19
Full Page Ads_SDT052.qxp_Layout 1 9/23/21 5:06 PM Page 11
021_054.qxp_Layout 1 11/19/21 3:30 PM Page 21
www.sdtimes.com
December 2021
SD Times
DEVOPS WATCH
Plutora’s insights dashboard lets users focus on problem areas.
Progressive release management Plutora updates platform with Insights Dashboard BY DAVID RUBINSTEIN
Plutora today is releasing updates to its platform with an emphasis on empowering progressive release management, a new practice that relies on analytics to focus on things that are problems. According to Plutora, progressive release management helps organizations scale and de-risk their release processes as they transition from traditional, project-based ways of working to current Agile and DevOps approaches. This role is also part of Value Stream Management, a practice that improves the flow of work from idea to realization by showing the progress of work across an organization to identify impediments to its flow, surfacing insights on how to improve it, and providing the control to guide continuous improvement. Where progressive release management is in place, it has been shown to double the
number of features organizations can deliver, even as they release software with a third fewer incidents, the company said. Today’s release includes a reworked Insights Dashboard that can direct teams to problem areas and hot spots, enabling release managers to manage by exception and free up their time and energy to improve process and efficiency, according to the company’s blog announcing the updates. The platform upgrade also introduces new build analytics to provide stability, quality and risk information for every pipeline. Further, there’s an initiative tracking analytics dashboard that matches initiatives to progress, utilizing flow metrics to predict delivery progress and enabling release managers to redirect resources to align with business priorities — something release managers today don’t actually take into
consideration. And, given that many of the traditional release management duties are being automated, release managers increasingly feel that their role is in question in a DevOps environment, Plutora said. To stay relevant and facilitate the evolution of software development, release managers know they need to be doing more, but they also need the tools and data to accomplish that. “The job of the release manager is going away in a DevOps world,” said Jeff Keyes, director of product marketing at Plutora, noting that current release management practices are likened to “hair on fire, reactive” situations. That’s because release managers are spending their time reactively gathering data or communicating. The key to progressive release management, he said, is to find the exceptions and
work to fix those, using data from the insights dashboard and the build analytics. This practice, according to Keyes, says, “I’m only going to focus on those things that are problems. Everything else that’s following the process, and I have tooling in place, I never have to worry about. I’m freeing up my time, and I’m using data to do it.” The Insights Dashboard allows users to see into all the releases across the portfolio and see what’s behind them, what’s being followed or not being followed. “You can see all the metrics in one place,” Keyes said, which is important because “the further along this journey a team is, the more efficient they are, and the lower risk they are. And they can help ‘unstick’ DevOps processes because they can identify precisely what the problem is. As one release manager said, ‘It was like finding a needle in the haystack. It just popped out. I saw my problem child right away.’ ” “I think modern release management, in fact, maybe should start being called Value Stream Management,” Keyes added cheekily. So, should there be a specific role of a value stream manager? There has been a lot of debate about that in the industry, and Keyes asked, “Who [in the organization] is it going to be? Are you going to hire somebody new? Will they have the knowledge to adjust the pipeline, manage the risk? That’s what we’re calling progressive or modern release managers. That’s what they’re doing.” z
21
022-23_054.qxp_Layout 1 11/17/21 10:59 AM Page 22
BY JENNA SARGENT
hile we’re not quite fully there yet, we may not be too far away from AI being a major part of the development process, helping developers eliminate some of the more mundane tasks of coding by suggesting code, autocompleting code, and making other useful suggestions. According to Chandra Kalle, VP of engineering at LeanTaaS, a company that provides software to healthcare organizations, much of software development is actually spent doing these mundane tasks, so handing those tasks over to a tool that can do it for them can free up an engineer to spend more time innovating. These mundane tasks Kalle is referring to can include installing third-party frameworks, writing test scripts, and other setup tasks required before coding. “We don’t need AI that will replace the developer,” said Kalle. “We don’t need AI that can really solve all the complex business logic problems that they go out to solve. But we could have AI that can keep the developer focused on working on the most important things. That will be huge.” According to Kryon’s 2021 Automa-
W
tion at Work survey, 32% of employees say they waste more than half of their day doing repetitive or mundane tasks. Seventy-nine percent report that those tasks take up to 30% of their time. Almost all employees (96%) report that these tasks negatively affect their productivity. Sixty-two percent wished they had more time for professional development, 52% wished they had more time for creative thinking, and 38% wished they had more time for strategizing. Kryon believes that this disconnect might be having a negative impact on job satisfaction. A number of IDEs have already been using AI to do autocompletion for some time, and new solutions, such as GitHub Copilot, are even able to suggest entire snippets of code. “That is one manifestation of what’s possible with the new generation of AI, which is quite exciting, even though it’s very nascent. I expect more companies to leverage this approach to solve all the repetitive and mundane things that developers do,” said Kalle. But in their current state, these more hefty solutions aren’t quite ready for mainstream use in production just
yet. However, that doesn’t mean they never will be. According to Ryan Jones, VP of software engineering at Jobber, which provides business management tools, incorporating AI into the development process may be one of the most important development changes that we see over the next decade. It will allow the developer workflow to stay more in the code editor, which will allow for greater focus and innovation. Currently, when a developer gets stuck and has a question, they have to leave their browser, open up Google, and come up with a search that might answer their question. Then they have to browse through those search results and pull out something helpful, then go back into the editor and make changes. New tools eliminate that step and accomplish the same thing all within the editor. GitHub Copilot is one such tool, and it allows a developer to type what they need as a comment in the editor and it will create a code snippet that might help. For example, typing “Get average runtime of successful runs in seconds” would result in a snippet of code with a function that accomplishes that.
022-23_054.qxp_Layout 1 11/17/21 11:00 AM Page 23
www.sdtimes.com
December 2021
SD Times
zontal learning. That is, these AI tools need to learn from a wide range of similar applications in order to come up with better predictions and suggestions. For example, there are a bunch of services that make it easy to do email marketing, such as MailChimp and SendGrid. If a developer wants to create a wrapper within their codebase to send email, that piece of code could be autogenerated because there is already a wide range of public use cases to learn from, Kalle explained. But there are a number of vertical use cases in which the AI needs to first get better at understanding your product, the problem you’re trying to solve, and putting things into perspective. “We haven’t seen any product in both dimensions that we would use today and say, ‘Oh, wow, this has really made my life easier.’ I think the excitement for us, for me, is the art of what’s possible,” said Kalle.
Cost also plays a role in adoption “If you think of all the steps that it just removed, you’re no longer having to go to Google, you no longer have to go to Stack Overflow,” said Jones. “I had mentioned that sometimes you’ll take an answer from Stack Overflow, and you’ll make changes to it. And within your code, tools like GitHub Copilot will actually be context-aware and pull variables from your code right into the solution.” Jones predicts that within 10 years all developers will be using a tool like that. He likens the current evolution that is going on with these tools to the changes that Gmail has gone through over the years. Google has been applying more AI to Gmail and now it’s gotten to the point where it can fairly accurately predict what you might type. “At the beginning it was kind of, it was kind of hokey, it didn’t give you the exact solution,” said Jones. “And then over time, it starts to get better and we use the tooling a lot more. And now when I use Gmail, it finishes whole sentences for me and I’m just totally taken aback where it’s like, holy cow, 10 years ago, this wasn’t even a thing. You know, spellcheck was good enough.”
One question that often comes up is the quality of suggestions, but Jones believes that’s not a concern if true quality assurance practices are in place. Ultimately, the developer is still responsible for actually accepting the solution from the tool. “In self-driving cars or assistive driving, at this point, you still have to keep both hands on the wheel as you’re driving. And I’d liken GitHub Copilot to a similar way where you still have to keep your hands on the wheel as you’re in your editor, and are making sure you understand what GitHub Copilot is giving you,” Jones said. The solution was only released over the summer, but over time Jones predicts eventually a developer might be working on a file in their editor and Copilot will say “hey, you’ve done this a couple of times - do you want to do it again here?” It will become more context aware, which will make it more useful.
Horizontal learning required to uncover true power According to Kalle, before these tools can be useful in a development environment, they need to do a lot of hori-
Another barrier to entry for many of these tools is cost, especially for smallto medium-sized businesses. “The issue is that, at least from my perspective, for fast growing companies like us, every project, every initiative we undertake, is very costly,” said Kalle. According to Kalle, at his company they have a very laser sharp focus on where they invest their time in engineering effort. “Now if I come across something like Copilot, which is still in very early nascent stages, you know, people play around with it. It’s pretty cool. Can that be productized in any shape or form today? Absolutely not. If there is a tool that will help us, you know, write secure code, I’ll definitely take the time to take a look into it because it’s something that keeps me up at night. But if there’s a tool that will make it easy for us to write code by automatically generating code, like a glorified autocomplete, if you will, we’re gonna take a very hard look at it and ask ourselves really what is this buying us and I can’t think of any tools out there today that meet any of these use cases,” said Kalle. z
23
Full Page Ads_SDT054.qxp_Layout 1 11/12/21 4:54 PM Page 24
6RIWZDUH WHVWLQJ WRROV VXSSRUWLQJ D 'HY2SV DSSURDFK
8, 7HVWLQJ 3HUIRUPDQFH 7HVWLQJ $3, 7HVWLQJ 'DWD )DEULFDWLRQ 6HUYLFH 9LUWXDOL]DWLRQ
5HTXHVW D IUHH WULDO QRZ +&/VZ FR 2QH7HVW7ULDO
025-34_SDT054 for PDF.qxp_Layout 1 11/19/21 5:14 PM Page 25
www.sdtimes.com
December 2021
SD Times
Testing in DevOps BY JAKUB LEWKOWICZ
T
esting in DevOps is as much about the people that are behind the tools as it is about the tools themselves. When they work in synchrony, organizations can see major benefits in the quality of their applications and SDLC process. However some organizations still struggle with how to advance their DevOps testing initiatives because they are also implementing containerization, microservices, and other cloud-native methods that can sometimes complicate the environment. In some organizations, those responsible for testing need to keep up with changes forced onto them by other teams, third-party applications, and platforms and also keep up with the growing list of regulatory compliance. Since most of the applications rest on the cloud, businesses also must quickly react when cloud-based platforms receive updates. The demand for speed and quality has prompted organizations to look towards a way to automate many of the facets of testing and changing the way that they define value. “DevOps requires that testing is fast, accurate, meaning low false positive and low false negative rates, and runs without human intervention. Fast can be achieved with more compute power but for the tests to be accurate they need to handle the dynamic and evolving nature of modern applications,” said Gil Sever, co-founder and CEO of Applitools. Traditional test automation requires frequent and human intervention to update the tests through assertions and
navigation, but AI has the ability to learn how the application behaves and respond appropriately, reducing the human intervention. “This makes AI essential for modern software development teams to keep pace with increased release frequency,” Sever added. But shifting everything to the DevOps mentality of automation is not an overnight process and in some cases, the ideal delivery story won’t even apply to every company or any project, according to Marcus Merrell, Senior Director of Technology Strategy at Sauce Labs. “Not all systems can do true
DevOps,” said Gareth Smith, general manager of Keysight Technologies. “If I am building a retail website, and it just requires a simple thing, then that’s fine. But if I’m rolling out something that needs to work with various IoT connectors, then not all platforms are able to automate all that.”
QA brings all hands on deck for testing Quality engineering is being elevated because the C-level sees quality engineering as a key enabler. While developers used to throw things over the wall to QA, they’re bringing QA into the concontinued on page 26 >
25
025-34_SDT054 for PDF.qxp_Layout 1 11/19/21 5:14 PM Page 26
26
SD Times
December 2021
www.sdtimes.com
< continued from page 25
versation and the industry is seeing much more collaborative DevOps teams, where quality is a shared responsibility between developers and QA and even product owners, according to Dan Belcher, co-founder of mabl. The interweaving of the maintenance and automation aspects of testing with the speed of DevOps has led to the new term QAOps. “Much in the same way that we would think of shifting left as looking at those defects early on because they are then cheaper to fix, now it’s a much greater level of having the whole structure of QA early on and throughout the DevOps cycle,” Belcher said. Belcher added that now the CTOs are driving the transformations. “Now it’s a mandate coming from the C-level, to make investments in quality engineering to enable these transformations, whether it’s digital, or DevOps, or UX.” While many large organizations keep a central QA department, we’re seeing more and more of a shift to automation developers and manual testers being assigned to individual Squads, with a Center of Excellence to support the tools. This allows testers to remain focused on business needs and not worry so much about test infrastructure or tooling, according to Merrell. While there are still people in the organizations who are responsible for testing as part of their job title, it has also become much more of an all-hands on deck approach in DevOps. In leading organizations, software quality has become everyone’s responsibility and has expanded beyond “does it work” to “is it the best customer experience”. Developers are increasingly involved, as well as others such as UI/UX designers and domain experts, to ensure the digital experience is not only working but that it is delivering on the goals of the business, according to Applitools’ Sever. “This approach of having all hands on deck is beneficial because with the fast feedback cycles of DevOps, it’s much easier for a developer to understand the impact of a change that they’ve made, possibly before it’s gone
through a dedicated QA cycle,” said Chris Haggan, product management lead at HCL OneTest.
AI and automation are key components of testing in DevOps AI automation tools are necessary to provide insight by ingesting data from a plethora of data sources. “Once you move to automated testing and a more integrated process, it enables you to check on things every step of the way and see whether you’re still on the right track,” said Joachim Herschmann, senior director and analyst on the Application Design and Development team at Gartner. “I can see the direct impact that my development, bug fixing and enhancements have whether they improve or make it worse.”
The more data that can be thrown at AI, the better the result is because it includes all of the subtle variants and different data from all the different sites that one connects it to. “You can also use it right now to auto generate the test asset universe, what we refer to as the digital twin,” Keysight’s Smith said. Users of the ‘digital twin’ can define what type of test they want and the AI will work out what the best test scenario for that situation is. Execution speed can be increased by assigning more resources to the problem, and the key benefit to AI is its ability to learn and improve the tests over time with minimal human intervention, Applitools’ Sever said. There are several areas where AI has the potential to help with testing: smart crawling, although it is still in its infancy; self-healing, which is already well
established and understood; and visual validation. “For visual validation to be effective, it must be accurate to ensure the team is not overwhelmed with false positives — a problem with the traditional pixel-based approach. It needs to handle dynamic content, shifting elements, responsive designs across different screen sizes and device/browser combinations — as well as provide developers and testers ways to optimize the review and maintenance of regressions,” Sever said. Automation can also help with typically manual-centric types of tests such as UX testing. UX testing still requires manual input because here the outcomes of a test are subjective. However, testers don’t need to run the tests manually for every device because they can watch tests being run on a desktop app and then decide whether the quality is acceptable or not in an assisted manual testing fashion, mabl’s Belcher explained. “A real simple example is if I’m halfway through entering my credit card details, and I talk to somebody, I roll forward my device, my device goes flat, it rotates and then I come back. Now with that accidental rotation of the device and back, does that still work,” Keysight’s Smith said. “And in many cases, that particular use case or between those, between filling in field six and field seven on a form, then you rotate the device; no one will test that particular combination, but those happen in the real world. That’s where AI can help look at those different combinations as you’re going through the usual continuous tests.”
DevSecOps now a top priority One of the biggest trends of 2021 is that security became a top priority for testing in the wake of massive breaches that resulted in tremendous costs. The Executive Order on cybersecurity that the Biden administration signed in May helped to put security awareness in the spotlight, according to Jeff Williams, the co-founder and CTO of Contrast Security. continued on page 30 >
Full Page Ads_SDT054.qxp_Layout 1 11/17/21 10:37 AM Page 27
Disrupting the Economics of Software Testing Through AI: An interview with Torsten Volk EMA (Enterprise Management Associates) recently released a report titled “Disrupting the Economics of Software Testing Through AI.” In this report, author Torsten Volk, Managing Research Director at EMA, discusses the reasons why traditional approaches to software quality cannot scale to meet the needs of modern software delivery. He highlights 5 key categories of AI and 6 critical pain points of test automation that AI addresses.
What’s wrong with the current state of testing? Many software development teams are struggling to deliver on the promise of Agile / DevOps and are faced with numerous technical challenges, such as rising application complexity and explosion of browsers / devices. Multiply this by the constant drive for faster releases to deliver increased customer value — without the ability to hire additional quality control staff — and you can quickly see why the traditional approach to software testing can no longer scale to keep up. We need to optimize the process with AI to eliminate the mundane and repetitive tasks and ultimately ensure business success.
How does AI help with software testing? There are five key capabilities AI provides to help improve human efficiency: smart test creation, self healing, coverage detection, anomaly detection, and visual inspection. In the report, I discuss the six critical pain points where these capabilities are delivering ROI today: false positives, test maintenance, inefficient feedback loops, rising application complexity, device sprawl, and tool chain complexity. Of the capabilities available, AI-driven visual inspection has the broadest reach and highest impact. This discipline aims to provide test engineers with an additional “pair of eyes,” leaving the engineer to focus on activities that really need human intelligence. It provides humans with the contextual information needed to accelerate their test and remediation efforts, recommending solutions wherever necessary and remembering human decisions.
“The world’s top brands are already adopting AI to transform their software testing ... focusing on the ROI gained from the speed and scalability of leveraging AI in the development process.” You talk about visual inspection having the highest impact. What pain points does it address? Traditional pixel-based comparison attempts to perform visual inspection but is plagued with false positives. Training deep learning models to inspect an application through the eyes of the end-user removes a lot of the mundane repetitive tasks that cause humans to be inefficient. Due to its accuracy, AI-driven visual inspection can enable teams to create a stable suite of automated tests with reduced false positives. Visual inspection can be further leveraged to drive cross-browser / cross-device validation at scale.
How are people adopting AI? Do I need to hire AI experts or develop an AI practice? The world’s top brands are already adopting AI to transform their software testing, but they’re focusing on the ROI gained from the speed and scalability of leveraging AI in the development process — not developing the AI itself. There are solutions on the market today that give you the ability to take advantage of fully trained models and several can be layered on top of your existing test automation. One of the solutions that seems widely adopted for visual inspection is Applitools, which is already trained on +1B images and delivers extremely high levels of accuracy.
How does the role of the developer / tester change with the introduction of AI? Developers and testers still need to make a decision about what and how something should be automated. AI minimizes the mundane and repetitive tasks, freeing the engineers to do more creative, interesting and valuable work. For example, what happens when a tester is reviewing thousands of webpages for accuracy? Some pages have differences, but they don’t matter. AI can filter those out and highlight only the subset that needs review. Auto-classification, grouping issues together, is another great example of being able to reduce your work and improve accuracy. If I’m looking at what looks like the same problem over and over again, I might miss a defect. Whereas if the AI categorizes and groups similar issues together it greatly reduces the possibility of a missed defect.
What’s the future state for software testing, and where do we start? Autonomous testing is the vision for the future, but we have to ask ourselves, why don’t we have an autonomous car yet? It’s because today, we’re still chaining together models, and models of models. We’re striving to get to the point where AI is taking care of all of the tactical and repetitive decisions and humans are thinking more strategically at the end of the process, where they are more valuable from a businessfocused perspective. I would recommend starting with the mature solutions available today in the areas of visual inspection and self healing — keeping an eye on the future and ongoing evolution of AI.
If you are interested in reading the full report you can download it here:
Full Page Ads_SDT054.qxp_Layout 1 11/12/21 4:55 PM Page 28
O Ik _ c k
c _ | _ A c c [ [ A 1 k 1 O I c q _ 1 k #S F B L U I S P V H I "Q Q M J D B U J P O 4F D V S J U Z G P S 4F S W F S M F T T & O W J S P O NF O U T
$P OU S BT U 4F S W F S M F T T "QQM J D B U J PO 4F D VS J U Z J T Q V S Q P T F C V J M U B T Q B S U P G B V O J m F E T F D V S J U Z Q M B U G P S N P G G F S J O H C V J M U U P H F U T F D V S F D P E F NP W J O H U I S P V H I U I F F O U J S F E F W F M P Q NF O U Q J Q F M J O F B O E D P O U J O V P V T M Z Q S P U F D U B D S P T T U I F D P NQ M F U F T P G U XB S F M J G F D Z D M F $P O U S B T U T E F W F M P Q F S G S J F O E M Z B Q Q S P B D I U P T F S W F S M F T T B Q Q M J D B U J P O T F D V S J U Z U F T U J O H J O D M V E F T Q J Q F M J O F O B U J W F B V U P O P NZ B O E B V U P NB U J P O 0S H B O J [ B U J P O T H B J O D P NQ M F U F T F D V S J U Z W J T J C J M J U Z G P S " 84 B NC E B G V O D U J P O T XJ U I O F B S [ F S P G B M T F Q P T J U J W F T 6T F $P O U S B T U 4F S W F S M F T T U P B D I J F W F $P NQ S F I F O T J W F P C T F S W B C J M J U Z "V U P NB U F E B Q Q M J D B U J P O T F D V S J U Z 4F B NM F T T S B Q J E E F Q M P Z NF O U B O E NB O B H F NF O U
7J T J U D P O U S B T U T F D V S J U Z D P N T F S W F S M F T T U P M F B S O NP S F
025-34_SDT054 for PDF.qxp_Layout 1 11/19/21 5:14 PM Page 29
www.sdtimes.com
December 2021
SD Times
How does your solution help organizations test applications in their DevOps environments? Gil Sever, co-founder and CEO of Applitools Applitools is helping over 400 of the world’s top digital brands accelerate the delivery of visually perfect digital experiences across all browsers, devices and screens through AI-powered test automation. Trained on 1B+ images to deliver 99.9999% accuracy, Applitools’ Visual AI mimics the human eye and brain to deliver reliable full page validation that integrates into your existing test automation — with 50+ SDKs supporting open source frameworks (such as Selenium, Cypress, Playwright, Appium, etc.) and integrations with commercial test automation tools. Applitools Eyes provides users with the ability to perform complete validation of the end user experience with a single line of code. Tests utilizing Applitools are 5.8x faster to create, 3.8x more stable and catch 45% more defects. The Applitools Ultrafast Test Cloud combines Applitools Eyes with the Applitools Ultrafast Grid to deliver a modern approach to cross-browser/cross-device testing that executes tests 18.2x faster than legacy cloud execution grids or device farms. Applitools’ Visual AI modernizes critical test automation use cases — functional and visual regression testing, web and mobile UI/UX testing, cross browser/cross device testing, localization testing, PDF testing, digital accessibility and legal/compliance testing — to transform the way businesses deliver innovation at the speed of DevOps without jeopardizing their brand.
Jeff Williams, co-founder and CTO of Contrast Security We provide a platform of products that are designed to help companies become good at building secure code, doing it fast and reliably. And we do it by giving instant feedback to the folks that need it through the tools they’re already using. Unlike scanners that plow through your whole application portfolio, Contrast runs in the background, a lot like an APM tool. It gathers a ton of telemetry across all your applications in parallel — APIs, cloud-native, and serverless functions — brings that all together, and gives you dashboards to show you exactly what you need. Most developers don’t really want another dashboard, what they’d really like, is their security results, right in JIRA or they’d like to fail a build or get Slack alerts or in their IDE. There’s a million ways to consume the data that we generate, but I think the most important thing is that we have super accurate data based on observing the actual application run. We’re not guessing about vulnerabilities. We offer Contrast Assess, which runs within the application
and uses instrumentation to find vulnerabilities in your custom code and in your libraries. We also have Contrast OSS, which finds the known vulnerabilities in all your open source so that you’re not using libraries that have known vulnerabilities. Then we added Contrast Protect. It’s the same instrumentation approach, but now we applied it in production so that it’s super high performance and it prevents vulnerabilities from being exploited. We also added Contrast Scan, which is a static analysis tool with a new algorithm called demand-driven static analysis, making it much more efficient at finding vulnerabilities and you can run it in your pipeline. As a result of the tremendous uptake in serverless, we launched our first security for serverless offering for AWS Lambda.
Gareth Smith, general manager of Keysight Technologies Using artificial intelligence (AI), machine learning (ML) and real user data, Keysight’s Eggplant solution automates test creation and execution. The Eggplant Digital Automation Intelligence (DAI) platform tests and monitors user interface (UI) performance to improve software development, enhance quality, and elevate the customer experience at DevOps speed. Instead of testing the code, the DAI platform focuses on the end-to-end customer experience. It provides teams with unparalleled intelligence on where problems lie, significantly reducing the time to resolve these issues. This means organizations can meet customer experience demands and continuously deliver innovation faster while devising strategies to expand DevOps. Customers across aerospace and defense, automotive, education, financial services, healthcare, retail, and telecoms rely on the intelligent automation. The DAI platform automates over 95% of activities, including test-case design, test execution, and results analysis. This allows teams to rapidly accelerate testing and integrate with DevOps at speed. As environments grow more complex and interconnected and with workers distributed, organizations need continuous intelligent test automation that is easy to integrate and scale. Keysight Technologies’ Eggplant automation helps businesses rapidly create products that delight users, test the entire customer experience across any technology, and predict the quantified impact of new product versions on the user before release. By partnering with Keysight Technologies, enterprises can deliver better software at a faster pace that delights users. continued on page 30 >
29
025-34_SDT054 for PDF.qxp_Layout 1 11/19/21 5:14 PM Page 30
30
SD Times
December 2021
www.sdtimes.com
How does your solution help organizations test apps in DevOps? < continued from page 29 Chris Haggan, Product Management Lead, HCL OneTest A product that is rushed to market with little time for quality assurance can massively damage the reputation of even well-established organizations. Adopting new technologies, and the fastpaced work environment driven by users who expect more from the applications they work with, will not change. It is time to find testing solutions that evolve with changing landscapes. HCL OneTest supports UI, performance and API testing along with synthetic data generation and service virtualization to help meet the challenge of testing highly-integrated and complex applications. It features a script-less, wizard-driven, test authoring environment, and supports more than 100 technologies and protocols. HCL OneTest helps with the connections and dependencies between services and components to plan integration test strategies, and generates coverage reports to help identify which processes and services require further testing. Together, these HCL OneTest components help automate and run tests earlier and more frequently to discover errors sooner when they are less costly to fix. To achieve a successful DevOps strategy, software testing teams must automate regression testing to reduce the risk of deploying poor quality software into production. Effective test automation includes application programming interface (API) testing, user interface testing, and overall system testing. Employing service virtualization in conjunction with test automation allows these tests to be executed earlier, while covering a wider range of scenarios.
Dan Belcher, co-founder of Mabl We’ve seen a profound shift in how organizations view software testing and quality assurance. Historically QA received less focus and investment than other functions, but that is changing: CTOs and engineering leaders are looking to quality engineering as a key enabler of DevOps and digital transformation, which require a broader mandate to ensure that quality is embedded deeply throughout the soft-
< continued from page 26
“I think it’s a real harbinger of better security for apps in the future that they require a minimum standard for AppSec testing, much-improved visibility into what you’ve done to secure your code, including things like security labels,” Williams said. “I look forward to a day when you can go to your online bank, insurance company, social media, or your election system and if you want to know a little bit about how that software was built, and how it was tested for security, it should be available to you; that should actually be a
ware delivery pipeline. Mabl is the only test automation platform designed to fulfill this new mandate in the enterprise. Mabl features a low-code UI and framework that allows everyone, regardless of coding experience, to create automated tests with 80% less effort, spanning web UIs, APIs, and mobile browsers. Using artificial intelligence, mabl reduces test maintenance with autohealing, which detects and adapts to changes automatically. With functional test creation and maintenance streamlined, QE can spend time on broader quality attributes — including performance, accessibility, and UX — while keeping pace with DevOps. Mabl also integrates with popular tools such as Microsoft Teams, Slack, and Jira, so that users can incorporate testing information seamlessly into their workflows and benefit from rich diagnostic data from mabl. Rich reporting supports continuous improvement and improved collaboration across the software development pipeline by addressing one of the biggest inhibitors to DevOps: process changes. 1-in-3 development professionals cite the slow pace of change as their biggest DevOps challenge, making easy-to-adopt tools essential for success.
Marcus Merrell, Senior Director of Technology Strategy at Sauce Labs Continuous testing is a key enabler of digital confidence — the knowledge that you’re delivering the best possible user experience to your customers. Digitally confident organizations know that their web and mobile applications look, function and perform exactly as intended, every single time they’re used. Sauce Labs gives companies the confidence to deliver a flawless digital brand experience to their customers. The Sauce Labs Continuous Testing Cloud is designed to quickly identify code errors, accelerating the ability to release and update web and mobile applications that look, function and perform exactly as they should on every browser, operating system and device, every single time. Sauce Labs dramatically reduces the time and effort required to discover and fix errors using automated or manual tests, multiple frameworks, leading operating systems, and on real or virtual devices for faster, cleaner releases and more successful, trusted customer experiences. z
fundamental right. If you’re trusting your life, or your healthcare, or your finances, or your government to a piece of software, I think you have the right to know a little bit about how it was tested for security.” However, security isn’t always handled with the utmost care at organizations. A lot of this comes down to a lack of security expertise, according to Williams. There’s never enough attention being paid to security, in testing, or in development. As hard as test/security vendors work to keep up, the bad actors
always seem to be one step ahead — aided by the fact that they’ve been every bit as institutionalized as the products they’re subverting, according to Sauce Labs’ Merrell. Security testing has traditionally required a lot of expertise to run tools such as SaaS or desktop scanners, or even SCA scanning tools. “You can’t just take tools designed for security experts and hand them to developers early in the process and just say ‘Go,’” Williams said. “They’ll end up with tons of false alarms and tons of wasted continued on page 34 >
Full Page Ads_SDT053.qxp_Layout 1 10/27/21 9:49 AM Page 11
NEW NEW
NEW NEW
Full Page Ads_SDT054.qxp_Layout 1 11/17/21 10:38 AM Page 32
, W
V < R X U 6D O H V I R U F H { , W
V 1R W / L N H $Q \ 2W K H U V
7 K H Q H Z ( J J S O D Q W 6D O H V I R U F H 6R O X W L R Q D X W R J H Q H U D W H V W H V W D V V H W V W R D F F H O H U D W H \ R X U 6D O H V I R U F H D S S O L F D W L R Q U H O H D V H V
$V V H V V < R X U 6 D O H V I R U F H , Q V W D Q F H 7 R G D \ _ H J J S O D Q W V R I W ZD U H F R P V D O H V I R U F H V R O X W L R Q
025-34_SDT054.qxp_Layout 1 11/19/21 5:56 PM Page 33
www.sdtimes.com
December 2021
SD Times
A guide to DevOps testing tools n
FEATURED PROVIDERS n
n Applitools: Applitools is built to test all the elements that appear on a screen with a single line of code. Using Applitools’ Visual AI, you can automatically verify that your web or mobile app both functions correctly and that the digital experience is visually perfect across all devices, all browsers and all screen sizes. Applitools is designed to integrate with your existing test automation rather than requiring you to adopt a new tool and supports all major test automation frameworks and programming languages covering web, mobile, and desktop apps. n Contrast Security: Contrast Security is the industry’s most comprehensive Application Security Platform, removing inefficiencies and empowering enterprises to write and release secure code faster. The Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and guides fast vulnerability remediation, which enables application and development teams to collaborate more effectively. This is why many of the world’s largest organizations rely on Contrast to secure their applications in development and in production. n Keysight Technologies: Keysight Technologies Eggplant Digital Automation Intelligence (DAI) platform is the first AIdriven test automation solution with unique capabilities that make the testing process faster and easier. With DAI, you can automate 95% of activities, including test-case design, test execution, and results analysis. This enables teams to rapidly accelerate testing and integrate with DevOps at speed.
n Appvance is the inventor of AI-driven autonomous testing, which is revolutionizing the $120B software QA industry. The company’s patented platform, Appvance IQ, can generate its own tests, surfacing critical bugs in minutes with limited human involvement in web and mobile applications. n Digital.ai Continuous Testing (formerly Experitest) enables organizations to reduce risk and provide their customers satisfying, error-free experiences — across all devices and browsers. Digital.ai Continuous Testing provides expansive test coverage across 2000+ real mobile devices and web browsers, and seamlessly integrates with best-in-class tools throughout the DevOps/DevSecOps pipeline so developers can get test results faster and fix defects earlier in the process, allowing them to deliver secure, high-quality applications at-speed and atscale. Learn more at www.digital.ai/continuous-testing.
n HCL OneTest: HCL OneTest provides UI, API, and performance testing, as well as service virtualization and synthetic data fabrication, to support testers throughout the project lifecycle. It features a script-less, wizard-driven test authoring environment and support for more than 100 technologies and protocols. HCL OneTest belongs to the Secure DevOps portfolio of HCL Software, which is a division of HCL Technologies (HCL). HCL Software develops, markets, sells and supports more than 20 product families in the areas of Customer Experience, Digital Experience, Digital Solutions, Secure DevOps, Security, and Automation. n mabl: mabl is the intelligent test automation company that empowers high-velocity software development teams to integrate automated end-to-end testing into the entire development lifecycle. Mabl users benefit from a unified platform for easily creating, executing, and maintaining reliable tests that result in faster delivery of high quality, business critical applications. Learn more at https://www.mabl.com; follow @mablhq on Twitter and @mabl on LinkedIn. n Sauce Labs: Sauce Labs is the leading provider of continuous testing solutions that enable customers to deliver digital confidence. The Sauce Labs Continuous Testing Cloud delivers a 360-degree view of a customer’s application experience, ensuring that web and mobile applications look, function, and perform exactly as they should on every browser, OS, and device, every single time.
n HPE Software’s automated testing solutions simplify software testing within fast-moving agile teams and for continuous integration scenarios. Integrated with DevOps tools and ALM solutions, HPE automated testing solutions keep quality at the center of today’s modern applications and hybrid infrastructures. n IBM: Quality is essential and the combination of automated testing and service virtualization from IBM Rational Test Workbench allows teams to assess their software throughout their delivery life cycle. IBM has a market leading solution for the continuous testing of end-to-end scenarios covering mobile, cloud, cognitive, mainframe and more. n Micro Focus: Accelerate test automation with one intelligent functional testing tool for web, mobile, API and enterprise apps. AI-powered intelligent test automation reduces functional test creation time
and maintenance while boosting test coverage and resiliency. Users can test both the front-end functionality and back-end service parts of an application to increase test coverage across the UI and API. n Microsoft’s Visual Studio helps developers create, manage, and run unit tests by offering the Microsoft unit test framework or one of several third-party and opensource frameworks. The company provides a specialized tool set for testers that delivers an integrated experience starting from Agile planning to test and release management, on-premises or in the cloud. n Mobile Labs (acquired by Kobiton): Mobile Labs remains the leading supplier of in-house mobile device clouds that connect remote, shared devices to Global 2000 mobile web, gaming, and app engineering teams. Its patented GigaFox solves mobile device sharing and management challenges during development, continued on page 34 >
33
025-34_SDT054.qxp_Layout 1 11/19/21 5:59 PM Page 34
34
SD Times
December 2021
www.sdtimes.com
< continued from page 33 debugging, manual testing, and automated testing. n NowSecure: Through the industry’s most advanced static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps and privacy issues in custom-developed, commercial, and business-critical mobile apps. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed. n Orasi is a leading provider of software testing services, utilizing test management, test automation, enterprise testing, Continuous Delivery, monitoring, and mobile testing technology. n Parasoft helps organizations continuously deliver quality software with its market-proven, integrated suite of automated software testing tools. Supporting the embedded, enterprise, and IoT markets, Parasoft’s technologies reduce the time, effort, and cost of delivering secure, reliable, and compliant software by integrating everything from deep code analysis and unit testing to web UI and API testing, plus service virtualization and complete code coverage, into the delivery pipeline. n Perfecto: Users can pair their favorite frameworks with Perfecto to automate advanced testing capabilities, like GPS, device conditions, audio injection, and more. It also includes full integration into the CI/CD pipeline, and continuous testing improves efficiencies across all of DevOps. With Perfecto’s cloud-based solution, you can boost test coverage for fewer escaped defects while accelerating testing. n ProdPerfect is an autonomous, end-toend (E2E) regression testing solution that continuously identifies, builds and evolves E2E test suites via data-driven, machineled analysis of live user behavior data. It addresses critical test coverage gaps, eliminates long test suite runtimes and costly bugs in production, and removes the QA burden that consumes massive engineering resources. n Progress: Telerik Test Studio is a test
automation solution that helps teams be more efficient in functional, performance and load testing, improving test coverage and reducing the number of bugs that slip into production. n SmartBear focuses on your one priority that never changes: quality. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of its other tools, SmartBear spans test automation, API life cycle, collaboration, performance testing, test management, and more. n SOASTA’s Digital Performance Management (DPM) Platform enables measurement, testing and improvement of digital performance. It includes five technologies: TouchTest mobile functional test automation; mPulse real user monitoring (RUM); the CloudTest platform for continuous load testing; Digital Operation Center (DOC) for a unified view of contextual intelligence accessible from any device; and Data Science Workbench, simplifying analysis of current and historical web and mobile user performance data. n Synopsys: A powerful and highly configurable test automation flow provides seamless integration of all Synopsys TestMAX capabilities. Early validation of complex DFT logic is supported through full RTL integration while maintaining physical, timing and power awareness through direct links into the Synopsys Fusion Design Platform. n testRigor helps organizations dramatically reduce time spent on test maintenance, improve test stability, and dramatically improve the speed of test creation. This is achieved through its support of “plain English” language that allows users to describe how to find elements on the screen and what to do with those elements from the end-user’s perspective. On top of it, testRigor helps teams deploy their analytics library in production that will make systems automatically produce tests reflecting the most frequently used end-to-end flows from production. n Tricentis Tosca, the #1 continuous test automation platform, accelerates testing with a script-less, AI-based, no-code approach for end-to-end test automation. With support for over 160+ technologies and enterprise applications, Tosca provides resilient test automation for any use case. z
< continued from page 30
time, they won’t be able to tailor the tools properly, and they’ll end up really frustrated with security.” This has created a need for tools that can be packaged in a way and in the right place for developers to use. “There still is a role for expert-based pentesting and expert threat modeling and things like that. But they should work at the margin. Instead of trying to do everything with a pen test, including the stuff that your tools already did a great job at, have your pen testers focus on the things that are hard and difficult for tools,” Williams said.
Evolving testing in DevOps is primarily a people process Although tooling is necessary, testing in DevOps is also about a mindset shift on the part of the people in an organization and on making the process easier. After all, they will still have a major part to play in testing in the near future. Organizations are showing a strong preference for low code and test automation solutions as opposed to script-based solutions. They are also looking for unified quality engineering platforms, rather than best-of-breed point solutions for various aspects of testing, according to mabl’s Belcher. Although AI is being applied to a growing number of use cases as part of testing in DevOps, some experts agree that there will always be humans in the loop and that the purpose of those underlying frameworks is to supercharge those people. The next leap in the field is going to be autonomous testing where the team will steer the AI at a high level, review if the AI did the right thing and then spend most of their time focused on more strategic work, such as the usability of the application, according to Sever. “AI is still an emerging technology, and its role in testing is evolving constantly. The most visible type of AI tooling we see is around AI-assisted automated test creation,” Merrell said. “These tools, while extremely useful, are still no substitute for the human mind of a tester, nor do they take the place of a skilled test automation developer.” z
Full Page Ads_SDT054.qxp_Layout 1 11/12/21 4:55 PM Page 35
Intelligent Test Automation for Agile Teams TODAY, software development teams across the globe are facing the challenge of delivering high-quality web applications while keeping pace with business and customer demands. The risk of releasing bugs into production, impeded product velocity, and a diminished customer experience is too great. Built for CI/CD, mabl integrates automated end-to-end testing into the entire development lifecycle. Creating, executing, and maintaining reliable tests has never been easier. With mabl, teams can: Easily create automated UI tests - and save on test maintenance with the help of AI
Create automated end-to-end tests through the UI, capturing a true end-user perspective
Increase test coverage across applications and browsers with a single platform
Gain actionable insights from mabl’s rich application data for quicker issue resolution
ΖQWHJUDWH GLUHFWO\ LQWR \RXU ZRUNȵRZ ZLWK SODWIRUPV VXFK DV *LW+XE %LWEXFNHW Jira, and Gitlab
90%
3x
40%
Increase in test coverage
Faster test creation
Fewer bugs in production
Modern software development needs a modern testing solution. Try mabl free to see how easy it is to start testing. START YOUR FREE TRIAL:
mabl.com/trial-registration
036_054.qxp_Layout 1 11/17/21 4:17 PM Page 36
36
SD Times
November 2021
www.sdtimes.com
Guest View BY RAVI DUDDUKURU
Take the customer’s perspective Ravi Duddukuru is Chief Product Officer at DevGraph, focusing on building next-gen software development tools.
M
any years ago, I wanted to impress everyone at my new software engineering job. I bought a book about the technology I’d be working with and also contacted my hiring manager and asked him, “What can I do to prepare and get ready?” I wanted to be on the right path, right away. His answer was not what I thought it would be. Instead of giving me technical tips, he said, “Look at the technology as a customer would. Ask yourself: What do you like about it? What do you not like about it? When would you use feature A versus feature B? Why do they both exist?” It turned out that while I was looking at things from an internal perspective — asking myself how can I learn a skill that I can apply from a technology perspective — he was telling me to be more externally focused. He was encouraging me to look at it from the outside in, to ask myself: how does a customer look at that product or that service? This article is going to build on that theme, because that is really how you gain incredibly valuable insights into your software products and services. It’s critical to find this balance between internal concerns — How do we build and deploy our software? — and external concerns — How do customers use our software? What is their experience like? What works well, and what doesn’t? To me, the true value of DevOps is that it brings these two areas together and harmonizes them, so we gain valuable insights that we wouldn’t otherwise be able to get. Such knowledge and understanding can’t simply be extracted from a book or a training course because they’re going to be unique to your offering and will depend on its characteristics, features, and how customers react to and use them. So why is DevOps the glue that brings these internal and external concerns together? The response is as you might expect — it’s many different elements. There’s the collaboration between development activities and production or maintenance; tasks that different people and teams used to do but are now increasingly being conducted by the same individuals. I actually strongly advocate the latter option, because that is one of the best
Today, you have to be especially relentless in focusing on your customer.
ways to gain insights into how customers are using your service. I also strongly suggest that as you look into DevOps’ various processes, tools, automation solutions, and many other great things, always ask: What value do they provide?
Focusing on the customer by fine-tuning operations Today, you have to be especially relentless in focusing on your customer, innovating quickly, adding new features and capabilities, and, of course, fixing any issues that come up. Before the pandemic, we were already approaching a totally digital economy; now we are almost there. This means things move faster than they used to. This means competitors can easily and quickly copy your business model. Most of all, this means you can’t afford to be complacent; you need to move quickly, and DevOps is going to help you do this. One of the ways is by streamlining operations, fine-tuning your service, and learning how customers react to and interact with it. How do you do this? Look at metrics, see what alarms are triggered, and observe where patterns exist. You can learn a lot about your service just from looking through the ticket queue. You’ll see what customers are asking for, what areas don’t work for them and even which aspects of the product/service confuse them or what things didn’t work the way they expected. Those are areas where you can really reduce the friction and make things a lot better for you and your customers in the process.
Focusing on customers by expanding the “bubble” I’ve worked with engineers, and they typically don’t get as much exposure to customers — or to product managers who are a proxy for the customer — as they would like. It is too easy to get inside of, and stay in, that internal bubble. That’s why we need to expand that bubble so teams are exposed not just to the development of our apps, but also to how we operate them and how we get them into our customers’ hands. That’s where it gets really exciting. While it isn’t always so clear, think about who your customer really is. That’s who you should be focused on, whether that be through fixing problems or adding new features and capabilities to delight them. z
037_054.qxp_Layout 1 11/18/21 5:49 PM Page 37
www.sdtimes.com
December 2021
SD Times
Analyst View BY SHAMEEN PILLAI
5 lessons for an effective API strategy A
pplication programming interfaces (APIs) are widely used to connect systems and applications, and they have become an integral part of many mission-critical business capabilities. In fact, a recent Gartner survey found that 70% of organizations are using API management and mediation to build their digital platforms. However, many software leaders overlook the business potential of APIs as digital products, focusing instead on technical use cases. It is important for software engineering leaders to balance the technical and business goals of their API programs, incorporating business perspectives into their API strategy to capitalize its potential to support digital acceleration, while also ensuring business stakeholder support. The strategy should closely align with business goals and should cover API security, governance, life cycle management, developer enablement and potential for monetization. Here are the top five considerations for software engineering leaders to develop an effective API strategy and practice. 1. Don’t let API governance create bottlenecks. To develop, manage and govern APIs without creating bureaucratic hurdles, software engineering leaders can implement an “adaptive governance” model. The idea is to create a federated API platform team, which could include product managers from different business groups such as digital, commerce and logistic API teams, to manage the locally built APIs without undermining the overall API strategy. To support localized standards, tools and processes, ensure that API product teams do not create disjointed or overlapping standards and actively participate in federated API governance. 2. Treat APIs as products. APIs are now essential in advancing digital business strategies and should be treated as products without prioritizing monetization. Regardless of whether you plan to monetize API development, organization and management should be driven by a consumer-centric mindset. This will require product managers to prepare API roadmaps and measure business outcomes, and to understand and cater to the needs of API consumers (i.e., developers) to promote API products and improve developer relations (DevRel).
3. Discover your APIs before hackers do. As APIs are the gateways to systems, applications and services, they are always vulnerable to security threats. This may result in the loss of private and sensitive information about millions of users. The security strategy for APIs should focus on threat protection, well-refined access control and data privacy. Software engineering leaders often protect published APIs, but there can be shadow or unpublished APIs. API discovery is the key to ensuring that there are no blind spots and to track any malicious usage of APIs. 4. Manage the API life cycle. An API’s life cycle involves four stages: (1) planning and initial design, (2) implementation and testing, (3) deploy and run, and (4) versioning and retirement. Software engineering leaders should build a consistent process around the four life cycle stages to develop a comprehensive API strategy and practice. For example, the “planning and initial design” stage should focus on an iterative process, consisting of a design approach, methodology and governance. Likewise, the “deploy and run” stage should focus on advanced security analytics to measure API business value. Leverage automation to sustain API quality, track issues and optimize the API’s life cycle based on actual performance. 5. Choose best-fit API technologies. There are a variety of vendor solutions for developing and managing APIs available in the market today. However, the API market is evolving, with some vendors focusing on specific aspects of APIs like design, testing, monitoring, security, portals and ecosystem management. With so many different solutions to select from, software engineering leaders should have clarity regarding the needs of their organization and engineering groups. To make the selection more credible and collaborative, involve API product managers, API platform teams and security teams. It may be difficult to identify what differentiates vendor solutions when it comes to potential, viability and maturity. Review critical capabilities for API life cycle management to understand the respective strengths and weaknesses of each solution and select the best possible fit. z
Shameen Pillai is a Senior Research Director at Gartner, Inc. focusing on integration and API technologies for IT and digital leaders.
Many software leaders overlook the business potential of APIs as digital products.
37
038_SDT054.qxp_Layout 1 11/19/21 4:53 PM Page 38
38
SD Times
December 2021
www.sdtimes.com
Industry Watch BY DAVID RUBINSTEIN
The state of value stream management David Rubinstein is editor-in-chief of SD Times.
V
alue stream management has been a ‘thing’ in manufacturing for a long time, but it’s only been a handful of years since it’s been applied to the manufacture of software. In that time, there has been lots of adoption within companies reliant upon software to drive their businesses, and some problems in companies unfamiliar with Agile and Lean practices, or the fact that there is no prescriptive, standard way to create and manage value streams. Late last month, Broadcom — whose spin on value stream management falls under their BizOps umbrella — sponsored a survey of global business executives and IT leaders executed by Dimensional Research called “2022: Value Stream Management Adoption Accelerates.” The findings are both expected and revelatory. As you’d expect, the study found that companies are keenly focused on becoming more efficient in 2022, while improving the quality of their products and delivering more value to their customers. Those are the pillars upon which organizations are finding success with value streams. Another finding you’d expect is that 94% of respondents say their organizations are undergoing a digital transformation, 45% are adopting DevOps, and 34% are adopting Agile practices. Another 42% said they are adopting value streams, somewhat surprising in that its application to companies creating software is relatively new. A CIO of a financial institution quoted in the report said, “Value streams are a natural progression from DevOps and Agile. With scrums we often lost user scenarios, customer stories and detailed requirements documents. Value streams bring that back.” But what struck me as surprising in the findings — given the number of conversations we’ve had at SD Times with companies that are enthusiastically embracing Agile and DevOps today — is that they still lack visibility into their processes, still have silos of workers and information that invariably slow down the product delivery cycle, and a stunning lack of a clear understanding of how products specifically deliver value to their customers. Among the other challenges organizations face
8% of respondents said they have no challenges in product development. My take? 8% of respondents can’t handle the truth.
in product development, a lack of resources, slow innovation and siloed teams round out the list for 2022. One interesting note: 8% of respondents said they have no challenges in product development. My takeaway on this is that 8% of respondents can’t handle the truth. Meanwhile, as organizations look to improve upon their digital transformation initiatives in the wake of the COVID-19 pandemic that has changed how and where people work, 37% of respondents said a seamless workflow in the product life cycle would make them more effective, followed by data transparency and real-time insights across their organizations (32%), eliminating silos within the organization (17%), and aligning architecture across the enterprise (14%). As you can read in this issue, developer productivity is often hindered by the gulf between the business side and IT. Communication breakdowns occur because the goals between the sides aren’t aligned — each defines ‘productivity’ and ‘success’ in different ways. And, despite the adoption of DevOps, 80% of respondents said they still experience organization silos between strategic development and operations. The Broadcom report shows that 83% of respondents believe organizational silos create barriers to increasing customer value, and 94% agree that better alignment between teams increases the ROI deliver by products. According to Forrester research analyst Christopher Condo, “Many organizations still suffer from disconnected automation silos, which are the result of disconnected organizations. The business team creates a backlog, the engineering team processes it, and some other team is looking for outcomes, but none of these are done in collaboration with each other, creating that lack of end-to-end visibility.” To cut through these silos, Condo said, teams are adopting product-centric teams to create, deliver, and maintain software, which forces the team to examine requirements as they relate to the desired business value. “This gets these teams thinking more about how to more effectively deliver that value, and then — because it’s productthinking — measure the outcome,” he added. (Full disclosure: SD Times produces VSMcon, a conference offering education and training on value stream management.) z
Full Page Ads_SDT052.qxp_Layout 1 9/23/21 5:07 PM Page 14
Collaborative Modeling
Keeping People Connected ®
®
®
®
®
Application Lifecycle Management | Jazz | Jira | Confluence | Team Foundation Server | Wrike | ServiceNow ®
Autodesk | Bugzilla
sparxsystems.com
TM
®
®
®
| Salesforce | SharePoint | Polarion | Dropbox
TM
| *Other Enterprise Architect Models
Modeling and Design Tools for Changing Worlds
®
Full Page Ads_SDT053.qxp_Layout 1 10/27/21 11:41 AM Page 24
The latest news, n news analysis and commentary delivvered to your inbox!
• Reports on the newest technologies affecting enterprise deve developers elopers • Insights into thee practices and innovations reshaping softw ware development • News from softtware providers, industry consortia, open n source projects and more m
Read SD Tim mes Daily to keep up with everything happening in the software devvelopment industry. SUB BSCRIBE TODA AY! Y!