Coding to standards and quality: supply-chain application development

Table of Contents

  1. Summary
  2. Challenges of modern app development
  3. The need for a new approach
  4. Supply-chain app development
  5. Ensuring quality and security without sacrificing speed
  6. Where the future leads
  7. The end-to-end modern approach
  8. Key takeaways
  9. About Rich Morrow

1. Summary

The monolithic codebase is dead. Modern applications are built of code from a variety of sources including employees, partners, and contractors from different geographies, with different skill levels, and working on a number of platforms. Application development is a supply chain, with dependencies supported by a network of systems ranging from greenfield development to legacy integrations, and utilizing a patchwork of code from custom, open-source, and commercial third-party sources. Ensuring consistency, security, and standards in such an environment can be challenging but is essential for maintaining reputation, relationships, and customers.

This report will help IT organizations and application development teams prepare for the fast-approaching future state of modern software development and benefit from an increased focus on code quality and security.

Key findings of this report include:

  • Code quality and security can no longer be an afterthought bolted onto the software development life cycle (SDLC).
  • Tools such as test-driven development (TDD) are ill suited for today’s dynamic, heavily integrated stacks.
  • Modern software development is a fast moving, highly fragmented, and highly distributed supply chain, with parts built by disparate teams, running on disparate platforms.
  • Previous vulnerabilities such as Shellshock and Heartbleed highlight the fact that companies must increase code quality and security. Richer, faster end-to-end tests are needed, and these tests will require investment in appropriate resources, tools, and infrastructure.
  • DevOps, continuous integration (CI), and continuous delivery (CD) are the preferred ways software companies enable development, testing, and delivery within fast moving, dynamic stacks.
  • Static code-analysis tools add agility by enforcing code and security standards — common code problems that traditional testing may miss. This agility helps new developers understand inherited code.

 

Thumbnail image courtesy: iStock/Thinkstock