Developing future-proof software starts today The QSD Qualification: Maintainability Foundation Level

(1)

GETTING SOFTWARE RIGHT

Developing future-proof software starts today

The QSD Qualification: Maintainability Foundation Level

Yiannis Kanellopoulos, Gijs Wijnholds

(2)

About SIG

Getting Software

Right

We are an international consultancy firm with HQs in Amsterdam, and we aim at improving software. Started in 2000 as a spin-off of CWI.

We operate as an independent,

impartial mediator between IT

customers and suppliers.

We actively support scientific research

in the field of software engineering. We deliver insight to management on

IT projects and systems. We do this based on validated facts and

(3)

Our Analysis Lab in numbers

Sole "Trusted Lab” in Europe being accredited with the ISO 17025 standard

185

supported technologies

22,000

inspections

50

sourcecode-snapshots per week

>7,400,000,000

lines of code in software analysis warehouse

227

clients

1,800

systems

(4)

25010

How do we help our clients?

The SIG Capabilities

Cost Estimation Function point analysis Architecture Review QSD Benchmarking Transferability Early Effort Estimation Reliability Portability

>  SIG ISO IEC 25010 Certified Capabilities Functional Suitability Security Compatibility Usability Maintainability Performance Efficiency >  SIG Capabilities Development Process Assessment

(5)

About PEOPLECERT

ü  _4,000,000+_exams_{delivered to date}

ü  _Web_&_{Paper based}_{exams in}₂₅_languages

ü  _{Award-winning assessment technology}_–

Online Proctoring & Instant Scan and Mark

ü  e-Certificates –

Speedy hard copy and e-certificate delivery

ü  10,000 exam locations worldwide

ü  Any time, any place

exams and customer service, 24/7/365

ü  150 countries every year of exam delivery

Global leader

in assessment & certification of professional skills.

peoplecert.org

(6)

About PEOPLECERT

ü  _{Certification} _{Scheme & Test}_{creation – test testing & test validation}

ü  _{Internet-Based / Computer-Based / Paper-Based}_Exams

ü  30 types of Questions - Multiple Choice, Essay, Audio, Video etc.

ü  _{Award-winning marking} _solutions_{- Automated, Remote, Manual}

ü  Certificate Printing and Delivery - e-certificate, hard copy certificate

ü  _{Certificate Validation}_{- online on PEOPLECERT website}

ü  Maintenance of Candidates’ Records and Database - All Data, Reports

State-of-the-art, A-to-Z assessment solutions

peoplecert.org

(7)

About PEOPLECERT

ü  Accredited by the National Hellenic Accreditation System (NHAS) as Certification Body

according to:

ü  ISO 17024 for Certification of Persons (2006)

ü  _{ISO 17065}_{for Certification of Products, Processes & Services (2015)}

ü  _Certified_by_{Lloyds Register (UK)}_{according to:}

ü  ISO 9001 Quality Management (2003)

ü  ISO 10002 Customer Satisfaction and Complaints Handling (2006)

ü  _{ISO 14001}_{Environmental Management (2006)}

ü  ISO 27001 Information & Data Security (2008)

ü  ISO 23988 Use of IT in the delivery of assessments (2013)

ü  _{ISO 22301}_{Business Continuity (2015)}

Commitment to Quality

peoplecert.org

(8)

The global challenge

Global IT debt is $500 Billion and rapidly growing*

The amount of change requires more developers than are available

52% of debugging effort is spent on 8% of the defects**

High-risk parts of software systems consume developers’ time, no room left for innovation

Better code is cheaper

66% of debugging time can be saved with software of high quality

*Source: Andy Kyte, “Measure and manage your IT debt,” Gartner, Inc., August 9, 2010 (last reviewed June 19, 2013) **Source: Deloitte University Press, Tech Trends 2014 – Inspiring Disruption

(9)

The QSD approach

1) Distilled metrics-based standard

A small number of guidelines that are clear, easy-to-follow, meaningful, high-impact

2) Training material for developers to use these standards effectively

(Foundation)

Thorough explanation, examples, exercises, immediately applicable in daily programming practice

3) Training material for teams to organize around these standards

(Advanced)

(10)

The QSD Stack

SIG _{Vanilla training material}

Exam items Body of Knowledge and

videos

Examination and certification Education

(11)

Body of Knowledge –

Response of developers who reviewed our book

“Just finished reading the book this morning. I got a lot more out of the book than I had expected and would recommend it to others.”

- Vincent O’Sullivan, VHI Ireland

“It contains many good ideas about how to write better code. I must say that my first reaction to some of the ideas is, ‘No way! That's

unnecessarily restrictive.’ But, I often find myself mellowing towards such ideas as I continue reading.”

- Roger House, Sebastopol CA

“These guidelines are spot on. They provide a crisp and actionable explanation of what the working programmer needs to know to

deliver quality code in a consistent manner.” - George Marinos, National Bank of Greece

(12)

Video Material –

Maintainability Foundation

>  _{Complementary material to the body of knowledge}

>  Including many practical examples of building

future-proof code

>  Available online at

(13)

The QSD Qualification –

Maintainability Foundation

>  Expected background: 2 years of working

experience in object-oriented programming, or BSc in computer science or software engineering

>  _{Exam currently available for Java and C#}

>  _{75 questions, 2h duration}

>  Closed book

>  Physical or web proctoring

>  Certificate of perpetual validity

>  To date, 170 certificates awarded since its launch

(14)

Quality Software Development –

Trainer Prerequisites

>  Hold the Quality Software Development

Certification.

>  _{At least 3 years of experience as a Software}

Engineer in Object Oriented programming.

>  Good knowledge of the Object Oriented paradigm

and knowledge on how to apply it.

(15)

Quality Software Development –

Available vanilla material

>  Trainer’s manual

>  Syllabus

>  Lesson plans

>  Code snippets from open source systems

>  Example exam questions

>  Slide decks

1 Introduction slide deck 1 Code smells slide deck 8 Guideline slide decks 3 Refactoring slide decks

1 Automated testing slide deck 1 Code hygiene slide deck

1 Example exam questions slide deck 1 Next steps slide deck

(16)

Vanilla Material Samples

1.  Slide decks in PDF, SIG style

Software Improvement Group

Chapter 2: Code Smells

A famous example: Apple’s SSL/TLS bug

Background details

•  CVE ID: CVE-2014-1266

•  Apple iOS 6.x (< 6.1.6)

•  Apple iOS 7.x (< 7.0.6)

•  Apple TV 6.x (< 6.0.2)

•  Apple OS X 10.9.x (< 10.9.2)

•  Impact: millions of devices?

Unit:

SSLVerifySignedServerKeyExchange(…) LOC: 64

McCabe: 14

Nr. of parameters: 5

*Read more: https://www.imperialviolet.org/2014/02/22/applebug.html

Page 3 of 4

Chapter 2: Code Smells

A famous example: Apple’s SSL/TLS bug

Background details •  CVE ID: CVE-2014-1266

•  Apple iOS 6.x (< 6.1.6)

•  Apple iOS 7.x (< 7.0.6)

•  Apple TV 6.x (< 6.0.2)

•  Apple OS X 10.9.x (< 10.9.2)

•  Impact: millions of devices?

Unit:

SSLVerifySignedServerKeyExchange(…) LOC: 64

McCabe: 14

Nr. of parameters: 5

*Read more: https://www.imperialviolet.org/2014/02/22/applebug.html Page 3 of 4

Two versions of the slide decks

(17)

Chapter 4: Write Simple Units of Code (Day 1, Part 3)

Do:

>  Limit the number of branch points to 4

By:

>  Splitting complex units into simpler ones

>  Avoiding complex units

Because simple units are:

>  _{Easy to test}

>  _{Easy to understand}

>  Easy to modify

The guideline

Positive effects on other guidelines:

>  Unit Size

(18)

Chapter 4: Write Simple Units of Code (Day 1, Part 3)

Count the cyclomatic complexity:

>  Every branch point (if, case, for, &&, ||) is counted, and we add 1 to the total

How you can measure it

2 branch points + 1 = cyclomatic

(19)

Examples from the Jenkins CI source code (https://github.com/jenkinsci/jenkins)

This unit has 3 branch points

(20)

An example of non-compliant code

(21)

Chapter 11: Extract Method (Day 2, Part 2)

Applying Extract Method (1/2): Apache Tomcat on 25-05-2015*

>  The init() method contains 69 lines of

code and has a McCabe complexity of 19

>  The Extract Method has been applied

to extract the configuration check to a separate method

(22)

Chapter 11: Extract Method (Day 2, Part 2)

Applying Extract Method (2/2): Apache Tomcat on 07-10-2015*

>  After refactoring, the init() method

now contains 50 lines of code and has

a McCabe complexity of 15

(23)

Software Improvement Group | PEOPLECERT / PUBLIC

Chapter 16: Exam Preparation (Day 3, Part 2)

Example questions 7 & 11

>  Question: Which statement is true? The complexity of a unit of code is measured by…

A.  The number of lines of code in the unit

B.  The number of parameters

C.  The number of branch points

D.  The number of calls to other units

>  Question: What is the unit complexity of this unit?

A.  ₁₃

B.  ₁₅

C.  ₁₇

D.  20

(24)

Tips & Tricks

Focus of the training should be on the ‘Maintainability Mindset’:

•  The guidelines; how to interpret them, how to apply them

•  Refactoring techniques to turn non-compliant code into compliant code

Maintainable software is a matter of discipline and practice:

•  Show real-time refactorings, or let students do so themselves

•  Bring your/their own source code

Building maintainable software is technology-independent, training is language-specific

•  _{The book and snippets are available in Java and C#}

(25)

(26)

GETTING SOFTWARE RIGHT

Contact

www.peoplecert.org/en/communication/Pages/contact.aspx [email protected] @PEOPLECERT +30 6938 119424 [email protected], [email protected] @sig_eu