%20Tim%20Menzies,%202025-%234b4b4b?style=for-the-badge&logoColor=white){kind=icon}
- Corrections
- Introductory Terms
- Summary of Lecture
- The Times They Are A-Changing
- Case Studies: Industry Examples
- War Stories
- Glossary of Terms
- Self-Study Questions
- Mini-review Questions
Corrections:
- I said process, product, personnel.
- Correct terms, according to Fenton, are process, product, resources.
@inproceedings{fenton2000software,
title={Software metrics: roadmap},
author={Fenton, Norman E. and Neil, Martin},
booktitle={Proceedings of the Conference on the Future of Software Engineering},
pages={357--370},
year={2000},
organization={ACM}
}
| Term | Explanation | Examples |
|---|---|---|
| Process | - Methods and workflows. - "How" tasks are achieved. |
- SAST integration. - Threat modeling. - Code reviews. - MFA enforcement. - Dependency scanning. - Using Bayesian networks for causal modeling to predict defects. - GQM (Goal-Question Metric) frameworks for metrics alignment. |
| Resources | - Inputs/tools used in processes. - "What" enables tasks. |
- SAST tools (e.g., SonarQube). - Threat modeling tools (e.g., OWASP Threat Dragon). - Dependency scanners (e.g., Snyk). - Bayesian network tools (e.g., Hugin). - Measurement systems for collecting and managing data (e.g., CMM compliance tools). |
| Product | - Outputs/results of processes. - "What" is produced. |
- Secure codebase. - Reduced vulnerabilities. - Secure pipelines. - Improved compliance. - Enhanced security culture. - Risk-aware software quality predictions. - Decision-support models for resource allocation. |
| Internal Metrics | - Measures of process efficiency. - Organization-focused performance indicators. |
- Vulnerabilities resolved. - Codebase SAST coverage. - Time to patch. - Secure coding adoption rates. - Number of requirements changes in specification. - Defects detected during testing. |
| External Metrics | - Measures of impact/outcomes. - Stakeholder and compliance-focused results. |
- Reduced post-deployment incidents. - Compliance with security standards. - Stakeholder confidence. - External audit feedback. - Cost-effectiveness of testing. - Stability and reliability of delivered products. |
Fenton lurvs his bayes nets
Connected distributions. Tweaking any will cause ripples that update the distributions up and downstream
- First proposed decades ago
- To this day, remain a highlyexperiemntal technique, not widely used
| Process | Resources (Inputs) | Product (Outputs) | Internal Metrics | External Metrics |
|---|---|---|---|---|
| Use distributed teams for 24/7 development | - Online communication tools (e.g., Zoom, Discord). - Collaborative tools (e.g., GitHub). |
- Around-the-clock development with diverse teams. - Continuous updates to software. |
- Coordination efficiency across time zones. - Communication frequency. |
- Reduction in delivery time. - Satisfaction of international stakeholders. |
| Balance product, process, and personnel management | - Agile frameworks. - Personnel training programs. - Metrics tracking tools. |
- High-performing teams. - Improved team retention and cohesion. |
- Staff retention rates. - Time spent on team-building activities. |
- Reduced turnover. - Enhanced project deliverables quality. |
| Conduct code reviews and integration testing | - Code review tools (e.g., SonarQube). - Testing frameworks. - Clear documentation standards. |
- Fully integrated and functional software systems. - Improved code quality and reliability. |
- Number of integration errors resolved. - Frequency of code reviews. |
- Fewer integration issues post-deployment. - Stakeholder satisfaction. |
| Maintain legacy software | - COBOL expertise. - Code analysis tools. - Documentation of old systems. |
- Stable systems with legacy compatibility. - Updated documentation. |
- Lines of legacy code refactored. - Time to resolve compatibility issues. |
- Sustained business operations. - Avoidance of system crashes. |
| Promote ethical software practices | - Ethical training materials. - Compliance standards. - Automated testing for critical systems. |
- Ethically sound, compliant software. - Avoidance of technical debt from rushed implementations. |
- Frequency of ethical training. - Number of compliance violations avoided. |
- Avoidance of legal penalties. - Positive brand reputation. |
| Optimize team dependencies | - Dependency tracking systems. - Project management software (e.g., Jira). |
- Minimized delays from inter-team dependencies. - Clear dependency mappings. |
- Frequency of delayed dependencies. - Time taken to address late deliverables. |
- Reduced project delays. - Improved cross-team collaboration. |
Internet everywhere (Starlink etc)
- Developers not accessible from around the world (most of which want to work for far less than USA salaries)
- The future: software developed everywhere
- You task: do you know how to manage tesams? Distributes teams?
- Process: Complex code integration between distributed teams.
- Resources: Version control tools, integration testing suites.
- Product: Functional multi-component software system.
- Internal Metrics: Number of integration bugs resolved.
- External Metrics: Reduction in customer-reported integration issues.
- Process: Dependency management between teams with misaligned schedules.
- Resources: Communication tools, dependency-tracking frameworks.
- Product: Delayed but eventually aligned multi-team deliverable.
- Internal Metrics: Frequency of missed dependency deadlines.
- External Metrics: Stakeholder feedback on delivery timelines.
- Process: Negotiating changes with community contributors.
- Resources: Community feedback platforms, version tracking systems.
- Product: Partially updated open-source tool with divided userbase.
- Internal Metrics: Number of community disputes resolved.
- External Metrics: Retention of userbase and contributors.
- Yes, LLMs have allowed a wider population to build software
- But for software that matters, you want that?
- You want anyone to do heart surgery?
- Welcome to the era of massive technical debt, where SE people have to fix the mess created by the masses
@article{johnson2024ai,
title={AI Over-Hype: A Dangerous Threat (and How to Fix It)},
author={Johnson, Brittany and Menzies, Tim},
journal={IEEE Software},
volume={41},
number={6},
pages={131--138},
year={2024},
publisher={IEEE}
}
Experiences programmers know programs have bugs
- So we know not to field things, before they are tested.
Time in project (Fred Brooks, 1976)
- A third of the time is spent planning.
- A sixth of the time is spent coding.
- A quarter of the time is spent testing (unit testing).
- A quarter of the time is spent integrating code with other components or systems.
A more modern view (Long et al.)- all phases have parts:
- Requirements Analysis,
- Architecture & Design,
- Coding ,
- System Integration
- Qualification Testing, and
- Development Test & Evaluation.
A comparison of views:
@ARTICLE{Long24tse,
author={Long, Daniel and Drylie, Scott and Ritschel, Jonathan D. and Koschnick, Clay},
journal={IEEE Transactions on Software Engineering},
title={An Assessment of Rules of Thumb for Software Phase Management, and the Relationship Between Phase Effort and Schedule Success},
year={2024},
volume={50},
number={2},
pages={209-219},
keywords={Software;Encoding;Testing;Decision making;Schedules;Costs;Task analysis;Software development;Hotelling;rule of thumb;effort;phasing},
doi={10.1109/TSE.2023.3339383}}
- Software engineers implementing specifications that violated emissions standards.
- Implication: Ethical considerations in software design and implementation.
- ref: https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal
- Microsoft investigated defect rates in software built by globally distributed teams versus co-located teams.
- They found that the height of the reporting hierarchy (organizational chart) was a predictor of defects.
- If remote teams communicated only through senior managers (e.g., a high-level executive like Bill Gates), defect rates were higher.
- When teams reported to lower-level managers with closer oversight, defect rates were lower.
@inproceedings{nagappan2008global,
title={The influence of organizational structure on software quality: An empirical case study},
author={Nagappan, Nachiappan and Murphy, Brendan and Basili, Victor R.},
booktitle={Proceedings of the 30th International Conference on Software Engineering},
pages={521--530},
year={2008},
organization={ACM}
}
- Linxx foundation carries dozens of read-time operating systems
- One of these, Zephyr, is getting far more contrinutors than the rest
- Zephyr's organizers attribute this to their open goverance policy
- so large organizars can still buy in to the project, without domianting it
- so developers can still contribute, without fear their contributins will be ignore
-
Hardware-Software Co-Design:
- Example from a Chinese company: Software teams aligning with slower hardware development cycles.
- Implication: Agile principles dumped to fixed hardware timelines.
-
Maybe much of the benefits we saw when agile/TDD first showed up were die to the new IDEs and increemtnal scripting tools coming on live in the early 2000s
@ARTICLE{karac18tse,
author={Karac, Itir and Turhan, Burak},
journal={IEEE Software},
title={What Do We (Really) Know about Test-Driven Development?},
year={2018},
volume={35},
number={4},
pages={81-85},
engineering},
doi={10.1109/MS.2018.2801554}}
- 90% of Fortune 500 business systems are still supported by COBOL.
- A 2020 Reuters report estimated that 43% of banking systems still use COBOL.
- COBOL also powers an estimated 220 billion lines of code, with 5 billion new lines added annually, mainly in specific industries.
- Commonwealth Bank of Australia, replaced its core banking platform in 2012. The job ultimately took five years and cost more than 1 billion Australian dollars ($749.9 million).
- COBOL is indispensable but replacing it is fraught with significant challenges due to its deep integration in legacy systems.
- In 2018, TSB's migration of a billion customer records led to outages, wrong account balances, and cross-account visibility.
- Total costs: 330M pounds for migration + 49.1M pounds lost to fraud.
- The bank faced several days of downtime and reputational damage.
Crazy ideas (Prolog, logic programming) can turn out to be insanely powerful.
WhatsApp: 100 developer, 1 billion users. How?
Erlang. A cool language designed aaround logic programming (Prolog) that was real fast at Switching between lots of tiny conversations
- Erlang processes are tiny
- Bytes, not kilobytes
- Creation time (203: less than 3 microseconds for up to 30,000 processes)
- Compare with Java/C#: 300 microseconds
- A web server in this language for 10,000 users is not “one web server with 10,000 users” (like Apache or Jigsaw or all the rest) i
- it’s “10,000 web servers with one user each” - a radicle departure from conventional practise.
https://www.investopedia.com/articles/investing/032515/whatsapp-best-facebook-purchase-ever.asp
Facebook (now Meta Platforms) purchased WhatsApp in 2014 for approximately $19 billion
- at the time, one of the biggest acqustions ever
- surpassed since by e.g.
- Dell's acquisition of EMC in 2016 was valued at $67 billion
- Microsoft's acquisition of Activision Blizzard in 2022 for $68.7 billion
- Process:
- Methods and workflows defining "how" tasks are achieved, including methodologies like Agile or Waterfall.
- Resources:
- Inputs and tools enabling tasks, such as version control systems, testing frameworks, or personnel expertise.
- Product:
- The outputs or results of software processes, including functional systems, documentation, or reports.
- Software Life Cycle:
- The stages of software development, from requirements analysis to design, coding, testing, deployment, and maintenance.
- Internal Metrics:
- Measures of efficiency and performance within the organization, e.g., defect resolution time or code coverage.
- External Metrics:
- Measures of the impact and outcomes, focusing on stakeholder satisfaction, e.g., compliance with standards or customer feedback.
- GQM (Goal-Question-Metric):
- A framework linking organizational goals to specific questions and metrics for evaluation.
- Defect Density:
- The number of defects per unit size of code, used to assess software quality.
- Mean Time to Repair (MTTR):
- Average time taken to resolve a defect or issue.
- Code Coverage:
- The percentage of source code executed during testing, used as a measure of test completeness.
- Technical Debt:
- The accumulated cost of deferred maintenance, often resulting from rushed or suboptimal code.
- Test-Driven Development (TDD):
- Writing tests before implementing code to ensure quality and adherence to specifications.
- Continuous Integration (CI):
- Automating the integration of code changes, typically through frequent builds and tests.
- Static Analysis:
- Examining code without executing it to find potential issues, such as vulnerabilities or inefficiencies.
- Bayesian Networks:
- Probabilistic models that represent dependencies and enable inference, e.g., for defect prediction.
- Version Control:
- Systems for tracking changes in code, enabling collaboration and rollback, e.g., Git or Subversion.
- Distributed Teams:
- Teams working across multiple locations, often spanning time zones and cultures.
- Personnel Management:
- Balancing team skills, training, and roles to optimize productivity and collaboration.
- Stakeholder Management:
- Ensuring stakeholder needs and expectations are met throughout the project lifecycle.
- Dependency Management:
- Tracking and managing interdependencies between teams, tasks, or components.
- Ethical Software Practices:
- Developing software that adheres to legal, societal, and organizational ethics.
- Volkswagen Emissions Scandal:
- A case of unethical software manipulation to bypass regulatory emissions tests.
- Open Governance:
- Transparent and inclusive decision-making processes in open-source projects.
- Legacy Software:
- Older software systems still in use but often costly and difficult to maintain.
- Global Development:
- Software development leveraging teams across the world, often for cost or expertise advantages.
- Agile Frameworks:
- Iterative and flexible development methodologies prioritizing collaboration and adaptability.
- Incremental Development:
- Delivering software in smaller, manageable increments rather than a single large release.
- Technical Debt Management:
- Practices aimed at minimizing the accumulation and impact of technical debt.
-
Understanding Metrics
- Explain the difference between internal and external metrics. Provide examples of how each type of metric can influence decision-making in a software project.
-
Process and Resource Management
- How can balancing process, product, and personnel management improve the success of distributed software teams?
-
Ethics in Software Engineering
- Discuss the implications of the Volkswagen emissions scandal for software engineering ethics. What practices could have prevented this issue?
-
Technical Debt and Legacy Systems
- Why is technical debt a significant challenge in modern software engineering?
- Use the COBOL case study to illustrate your answer.
- Why is technical debt a significant challenge in modern software engineering?
-
Technical Debt and Modern Systems
- Why is technical debt a significant challenge in modern software engineering?
- Use recent advances in AI as a case study to illustrate your answer.
- Why is technical debt a significant challenge in modern software engineering?
- Define and distinguish internal process metrics from external product metrics. Make sure our give one example of each.
- Is "skiil required to use functional programming" an internal or external metric? Justify your answer? (2-4 lines of text)
- "We must, by the end of 2025, remove all use of COBOL from around the world." Discuss. (3-10 lines).