Open source development tools

Security flaws and Agile boom top software quality news in 2008

Security vulnerabilities and the boom in Agile development adoption topped the SearchSoftwareQuality.com news charts in 2008. Here’s a rundown of the five most-read news articles and their significance.

Three of the top five articles focus on Agile development. In the #1 story, Predicting software quality trends for 2008, software quality experts predicted that Agile adoption will increase. Two other articles in the top five were about Agile. In fact about one-third of the top 20 news stories were about Agile.

Agile development: Not just for ‘agilists’ anymore (#4) discussed Agile’s move outside of its early adopter niche and the impact of its wider usage. Next came Software development groups take many routes to Agile (#5) which revealed results of SearchSoftwareQuality.com’s 2008 Agile Trends Survey. Most Agile technique users, according to that survey, use Scrum (41%). Next in popularity was Extreme Programming (XP) at 15%. Others use hybrid Agile methodologies, while about three percent use Crystal and Dynamic Systems Development Method (DSMD) each.

The SSQ 2008 Agile Trends Survey showed that 45% of software pros follow Agile methodologies, while 44% use waterfall. Other development methodologies cited were test-driven development (19%) and RUP (15%).

Security flaws in leading open source software platforms drew a lot of attention, and articles on security issues in the Spring Framework and open source Java projects ranked in second and third place, respectively.

While open source development projects typically fix flaws quickly, as happened in these cases, the emergence of serious vulnerabilities may have taken some IT pros by surprise. People expect problems with Microsoft products, but not with open source products, said Kevin Beaver, CISSP and Principle Logic LLC consultant, commenting on the fact that these two stories got so many clicks.

“We’re seeing more and more that open source has its own security woes,” Beaver said.

Don’t blame the open source community and its developers, Beaver advised.

“The fact is that as long as human beings are developing applications on the complex and extensible OS (operating system) architectures we have, there will be security problems.”

Most importantly, he said, the emergence of vulnerabilities should not scare anyone away from using open source software like open source Java or the Spring Application Framework.

It is important to point out that just because a static analysis tool vendor finds flaws in open source code, that doesn’t mean the vulnerabilities can/will ever be exploited.

Keep using open source software, Beaver concluded, and “take this marketing tactic with a grain of salt.”

Now that you’ve checked out these stories, please let me know your choices for the top software quality news stories of 2008. You can write to me at  jstafford at techtarget.com.

Open source, agile help move to lean software development

Bloated applications, platforms and architectures slow application development and make quality control and everyday usage time-consuming and nonproductive, said Forrester Research principal analyst John R. Rymer in a phone conversation yesterday. In this post, I’ll share Rymer’s thoughts on why software pros should join the lean software movement and his advice on how to create appropriately sized and efficient software. 

Forrester’s newly-published report, Lean Software is Agile, Fit-to-Purpose, and Efficient, lays out how software got so fat, costly and inefficient; the evidence that IT organizations are moving to lean software; the challenges involved in lightweight software development; and strategies for joining the movement. Rymer told me that the demand for lean or lightweight software is coming from conventional business application users, the ones who first signed up for mainstream — and now bloated — apps from IBM, Microsoft, Oracle and other major software vendors. Many took the path of least resistance, as in following the safe IT path that spawned the saying: “Nobody ever gets fired for choosing IBM.”  

While major software vendors piled on features that add complexity and can foster customer lock-in, in came the lean software approach of Linux and open source developers. 

“Open source is the driving factor for lean computing,” said Rymer. “Now people can replace conventional application servers, for example, with open source application servers and get lower cost and more innovative features. People are comfortable with open source software, which is now in its second wave of adoption.”  

Agile development is another popular path away from traditional “big-bang” software development.  

“Agile development is independent of any technical platform or development approach,” said Rymer. “It’s a method. What’s neat about this is that people are delivering application features sometimes every two weeks or each month. Rather than deliver the big-bang project after years of work, they’re delivering applications in increments. They’re working in an incremental fashion to deliver features over time, providing value quickly and continue to add value. That’s a way to modulate your costs, to spread your costs and investment over a period of time.” 

This Forrester report’s recommendations advise software pros to update their application platform and tools strategies. How do your tools and platforms fit with the lean software approach? Right now, many organizations are working with platforms that are too bloated and nonproductive, Rymer said. 

“A lot of shops adopted J2EE, and they’re really struggling now to keep up with the demand for new applications. It’s not a real productive environment. Just coding things up in Java takes a lot of time.” 

The era of one-development-platform shops should be over, Rymer said. 

“If you have a variety of application scenarios, don’t assume you have to adopt one platform to do all of them. There are a variety of tools now. People who choose to use Spring (Application Framework), for example, are oftentimes using it alongside their J2EE. They can run the Spring on an extra app server. So, it’s not like there are these hairy choices that force you to throw away what you’ve got. Pick the right tool for the job, and if you’re smart about it you can integrate these things.”  

Rymer suggested that the PHP framework is built for speedy development. It’s now “a real framework and not a collection of modules,” he said. “You can build certain Web applications very quickly, much more quickly than you can with either conventional .NET or Java development.”  

Don’t think that lean computing is a movement to oust established vendors, Rymer noted before we signed off. Remember that even Microsoft is involved in the second wave of open source development tools adoption. “If you want to use Ruby or Python in the .NET world, you can,” he said. When change is driven by developer and business IT pros, big vendors like IBM, Microsoft and Oracle will join in.