An Initial Checklist for Software Development Process Health
An organization must check off the items listed below to understand and correct its deep-seated issues.
Assign a priority to tasks and projects, and give them resources, according to those preferences.
Projects identify risks, develop ways to mitigate them, and execute those approaches.
Processes are scaled down for small and/or simple projects such as an excel macro.
Approaches are expanded for large and/or complex projects such as a custom enterprise system.
The constraints applied to projects (e.g., a deadline, a budget, a must-have requirement, etc.) are selected judiciously, not arbitrarily or unnecessarily.
The non-constrained aspects of an endeavor are shaped around its restricted elements.
Undertakings with too many constraints are avoided, unless they absolutely cannot be.
Constraints such as due dates are only used to send signals such as time sensitivity, not to achieve other goals such as monitoring or managing something.
Curated Content and Authors
Grigorios Fragkos describes how threat modeling can be applied to payment systems.
Pruthvi Nallapareddy discusses the value of a software security program.
Stackoverflow talks about how Agile works with frontend development.
We wrote an article describing how an organization can decide whether to investigate an underlying problem.
We wrote a piece stating that a model is the theory behind a strategy.
Taylor Armerding is a security advocate at Synopsys.
Endnotes
This issue is a starting point. Future editions and blog articles will address how an organization can determine, if it should check any of those boxes. Moreover, they will address what an institution should do, if one or more items are unchecked. To read those works, subscribe to this newsletter and check out the Software Development Journal. If you are interested in those publications, follow ExperTech Insights on Twitter.