the qsd qualification: maintainability foundation level · the qsd qualification: maintainability...

GETTING SOFTWARE RIGHT

Developing future-proof software starts today The QSD Qualification: Maintainability Foundation Level

Yiannis Kanellopoulos, Gijs Wijnholds

8th of March 2016

Software Improvement Group | PEOPLECERT / PUBLIC

About SIG Getting Software Right

We are an international consultancy firm with HQs in Amsterdam, and we aim at improving software. Started in 2000 as a spin-off of CWI.

We operate as an independent, impartial mediator between IT customers and suppliers.

We actively support scientific research in the field of software engineering.

We deliver insight to management on IT projects and systems. We do this based on validated facts and measurements.

of 25


Our Analysis Lab in numbers Sole "Trusted Lab” in Europe being accredited with the ISO 17025 standard

185 supported technologies

22,000

inspections 50 sourcecode-

snapshots per week

>7,400,000,000 lines of code in software analysis

warehouse

227

clients

1,800 systems

monitored

of 25


25010

How do we help our clients? The SIG Capabilities

Cost Estimation

Function point analysis

Architecture Review QSD

Benchmarking Transferability

Early Effort Estimation

Reliability

Portability

>  SIG ISO IEC 25010 Certified Capabilities

Functional Suitability

Security

Compatibility

Usability

Maintainability

Performance Efficiency

>  SIG Capabilities

Development Process

Assessment

of 25


About PEOPLECERT

ü  4,000,000+ exams delivered to date

ü  Web & Paper based exams in 25 languages

ü  Award-winning assessment technology –

Online Proctoring & Instant Scan and Mark

ü  e-Certificates –

Speedy hard copy and e-certificate delivery

ü  10,000 exam locations worldwide

ü  Any time, any place

exams and customer service, 24/7/365

ü  150 countries every year of exam delivery

Global leader in assessment & certification of professional skills.

of 25

peoplecert.org [email protected]


About PEOPLECERT

ü  Certification Scheme & Test creation – test testing & test validation

ü  Internet-Based / Computer-Based / Paper-Based Exams

ü  30 types of Questions - Multiple Choice, Essay, Audio, Video etc.

ü  Award-winning marking solutions - Automated, Remote, Manual

ü  Certificate Printing and Delivery - e-certificate, hard copy certificate

ü  Certificate Validation - online on PEOPLECERT website

ü  Maintenance of Candidates’ Records and Database - All Data, Reports

State-of-the-art, A-to-Z assessment solutions

of 25



About PEOPLECERT

ü  Accredited by the National Hellenic Accreditation System (NHAS) as Certification Body according to:

ü  ISO 17024 for Certification of Persons (2006)

ü  ISO 17065 for Certification of Products, Processes & Services (2015)

ü  Certified by Lloyds Register (UK) according to:

ü  ISO 9001 Quality Management (2003)

ü  ISO 10002 Customer Satisfaction and Complaints Handling (2006)

ü  ISO 14001 Environmental Management (2006)

ü  ISO 27001 Information & Data Security (2008)

ü  ISO 23988 Use of IT in the delivery of assessments (2013)

ü  ISO 22301 Business Continuity (2015)

Commitment to Quality

of 25



The global challenge

Global IT debt is $500 Billion and rapidly growing*

The amount of change requires more developers than are available

52% of debugging effort is spent on 8% of the defects**

High-risk parts of software systems consume developers’ time, no room left for innovation

Better code is cheaper 66% of debugging time can be saved with software of high quality

*Source: Andy Kyte, “Measure and manage your IT debt,” Gartner, Inc., August 9, 2010 (last reviewed June 19, 2013) **Source: Deloitte University Press, Tech Trends 2014 – Inspiring Disruption ***Source: Dennis Bijlsma, Miguel Alexandre Ferreira, Bart Luijten, Joost Visser: Faster issue resolution with higher technical quality of software. Software Quality Journal, 2012

of 25


The QSD approach

1) Distilled metrics-based standard

A small number of guidelines that are clear, easy-to-follow, meaningful, high-impact

2) Training material for developers to use these standards effectively (Foundation)

Thorough explanation, examples, exercises, immediately applicable in daily programming practice

3) Training material for teams to organize around these standards (Advanced)

Tools, techniques, practices to be shared by a team to produce quality code consistently

of 25


The QSD Stack

SIG Vanilla training material

Exam items

Body of Knowledge and videos

Examination and certification

Education

Online content

of 25


Body of Knowledge – Response of developers who reviewed our book

“Just finished reading the book this morning. I got a lot more out of the book than I had expected and would recommend it to others.”

- Vincent O’Sullivan, VHI Ireland

“It contains many good ideas about how to write better code. I must say that my first reaction to some of the ideas is, ‘No way! That's

unnecessarily restrictive.’ But, I often find myself mellowing towards such ideas as I continue reading.”

- Roger House, Sebastopol CA

“These guidelines are spot on. They provide a crisp and actionable explanation of what the working programmer needs to know to

deliver quality code in a consistent manner.”

- George Marinos, National Bank of Greece

of 25


Video Material – Maintainability Foundation

>  Complementary material to the body of knowledge

>  Including many practical examples of building future-proof code

>  Available online at https://player.oreilly.com/videos/9781491950791

of 25


The QSD Qualification – Maintainability Foundation

>  Expected background: 2 years of working experience in object-oriented programming, or BSc in computer science or software engineering

>  Exam currently available for Java and C#

>  75 questions, 2h duration

>  Closed book

>  Physical or web proctoring

>  Certificate of perpetual validity

>  To date, 170 certificates awarded since its launch early 2016

of 25


Quality Software Development – Trainer Prerequisites

>  Hold the Quality Software Development Certification.

>  At least 3 years of experience as a Software Engineer in Object Oriented programming.

>  Good knowledge of the Object Oriented paradigm and knowledge on how to apply it.

>  More than 10 hours of Training Experience.

of 25


Quality Software Development – Available vanilla material

>  Trainer’s manual

>  Syllabus

>  Lesson plans

>  Code snippets from open source systems

>  Example exam questions

>  Slide decks

1 Introduction slide deck

1 Code smells slide deck

8 Guideline slide decks

3 Refactoring slide decks

1 Automated testing slide deck

1 Code hygiene slide deck

1 Example exam questions slide deck

1 Next steps slide deck

of 25


Vanilla Material Samples

1.  Slide decks in PDF, SIG style

Software Improvement Group

Chapter 2: Code Smells

A famous example: Apple’s SSL/TLS bug

Background details

•  CVE ID: CVE-2014-1266

•  Apple iOS 6.x (< 6.1.6)

•  Apple iOS 7.x (< 7.0.6)

•  Apple TV 6.x (< 6.0.2)

•  Apple OS X 10.9.x (< 10.9.2)

•  Impact: millions of devices?

Unit:

SSLVerifySignedServerKeyExchange(…)

LOC: 64

McCabe: 14

Nr. of parameters: 5

*Read more: https://www.imperialviolet.org/2014/02/22/applebug.html

Page 3 of 4

Chapter2:CodeSmellsAfamousexample:Apple’sSSL/TLSbug

Background details

•  CVE ID: CVE-2014-1266

•  Apple iOS 6.x (< 6.1.6)

•  Apple iOS 7.x (< 7.0.6)

•  Apple TV 6.x (< 6.0.2)

•  Apple OS X 10.9.x (< 10.9.2)

•  Impact: millions of devices?

Unit:

SSLVerifySignedServerKeyExchange(…)

LOC: 64

McCabe: 14

Nr. of parameters: 5

*Read more: https://www.imperialviolet.org/2014/02/22/applebug.html

Page 3 of 4

Two versions of the slide decks

1.  Slide decks in PPTX, Vanilla style

of 25


Chapter 4: Write Simple Units of Code (Day 1, Part 3)

Do:

>  Limit the number of branch points to 4

By:

>  Splitting complex units into simpler ones

>  Avoiding complex units

Because simple units are:

>  Easy to test

>  Easy to understand

>  Easy to modify

The guideline

Positive effects on other guidelines:

>  Unit Size

>  Unit Interfacing

of 25


Chapter 4: Write Simple Units of Code (Day 1, Part 3)

Count the cyclomatic complexity:

>  Every branch point (if, case, for, &&, ||) is counted, and we add 1 to the total

How you can measure it

2 branch points + 1 = cyclomatic complexity of 3

of 25


Chapter 4: Write Simple Units of Code (Day 1, Part 3) Examples from the Jenkins CI source code (https://github.com/jenkinsci/jenkins)

This unit has 3 branch points


of 25


Chapter 4: Write Simple Units of Code (Day 1, Part 3) An example of non-compliant code



Chapter 11: Extract Method (Day 2, Part 2) Applying Extract Method (1/2): Apache Tomcat on 25-05-2015*

>  The init() method contains 69 lines of code and has a McCabe complexity of 19

>  The Extract Method has been applied to extract the configuration check to a separate method

*Source of snapshot: http://tomcat.apache.org/download-80.cgi

of 25


Chapter 11: Extract Method (Day 2, Part 2) Applying Extract Method (2/2): Apache Tomcat on 07-10-2015*

>  After refactoring, the init() method now contains 50 lines of code and has a McCabe complexity of 15

*Source of snapshot: http://tomcat.apache.org/download-80.cgi

of 25


Chapter 16: Exam Preparation (Day 3, Part 2) Example questions 7 & 11

>  Question: Which statement is true? The complexity of a unit of code is measured by…

A.  The number of lines of code in the unit

B.  The number of parameters

C.  The number of branch points

D.  The number of calls to other units

>  Question: What is the unit complexity of this unit?

A.  13

B.  15

C.  17

D.  20

* Slice.intersects() method from Apache Cassandra on Jan. 18th 2016 of 25


Tips & Tricks

Focus of the training should be on the ‘Maintainability Mindset’:

•  The guidelines; how to interpret them, how to apply them

•  Refactoring techniques to turn non-compliant code into compliant code

Maintainable software is a matter of discipline and practice:

•  Show real-time refactorings, or let students do so themselves

•  Bring your/their own source code

Building maintainable software is technology-independent, training is language-specific

•  The book and snippets are available in Java and C#

•  Snippets in the slide decks and at https://github.com/oreillymedia/building_maintainable_software

of 25


Q & A

of 25

GETTING SOFTWARE RIGHT

Contact

www.peoplecert.org/en/communication/Pages/contact.aspx

[email protected]

@PEOPLECERT

+30 6938 119424

[email protected], [email protected]

@sig_eu

the qsd qualification: maintainability foundation level · the qsd qualification: maintainability...

Documents