Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
In Search of Coding Quality
When is good enough, good enough? When it comes to software code quality, the answer depends largely on who you ask.
June 9, 2022
4 Min Read
tippapatt via Adobe Stock
Quality is an elusive goal. Ask a thousand coding managers to describe quality and there's a strong chance you'll receive approximately the same number of definitions.
“When I think about good quality code, three characteristics come to mind: readability, consistency, and modularity,” says Lawrence Bruhmuller, vice president of engineering at Superconductive, which offers an open-source tool for data testing, documentation, and profiling.
Bruhmuller believes that code should be easily accessible by all parties. “That means clear naming of variables and methods and appropriate use of whitespace,” he explains. Code should also be easy enough to follow with only minimal explanatory comments. “A codebase should be consistent in how it uses patterns, libraries, and tools,” Bruhmuller adds. “As I go from one section to the other, it should look and feel similar, even if it was written by many people.”
There are several techniques project leaders can use to evaluate code quality. A relatively easy way is scanning code for unnecessary complexity, such as inserting too many IF statements in a single function, Bruhmuller notes. Leaders can also judge quality by the number of code changes needed to fix bugs, revealed either during testing or by users. “However, it’s also important to trust the judgment of your engineers,” he says. “They are a great judge of quality.”
Kulbir Raina, Capgemini
The major difference between good- and poor-quality coding is maintainability, states Kulbir Raina, Agile and DevOps leader at enterprise advisory firm Capgemini. Therefore, the best direct measurement indicator is operational expense (OPEX). “The lower the OPEX, the better the code,” he says. Other variables that can be used to differentiate code quality are scalability, readability, reusability, extensibility, refactorability, and simplicity.
Code quality can also be effectively measured by identifying technical-debt (non-functional requirements) and defects (how well the code aligns to the laid specifications and functional requirements,” Raina says. “Software documentation and continuous testing provide other ways to continuously measure and improve the quality of code using faster feedback loops,” he adds.
Speed Versus Quality
The impact development speed has on quality is a question that's been hotly debated for many years. “It really depends on the context in which your software is running,” Bruhmuller says.
Bruhmuller says his organization constantly deploys to production, relying on testing and monitoring to ensure quality. “In this world, it’s about finding a magic balance between what you find before pushing to production, what you find in production, and how long it takes you to fix it when you do,” he notes. “A good rule of thumb is that you should only ship a bad bug less than 10% of the time, and when you do you can fix it within an hour.”
There must never be a trade-off between code quality and speed, Raina warns. Both factors should be treated as independent issues. “Quality and speed, as well as security, must be embedded into the code and not treated as optional, non-functional requirements,” he states.
The best way to ensure code quality is by building software that delights your users, Bruhmuller says. “This is best done at the team level, where a self-managing team of engineers can look at various metrics and realize when they need to address a code quality problem,” he suggests. “Code quality tools and technology can play a supporting role in allowing teams to measure and improve.”
Aaron Oh, Deloitte
Aaron Oh, risk and financial advisory managing director in DevSecOps at business consulting firm Deloitte, warns developers about the misconception that good code quality automatically means secure code. “Well-documented, bug-free and optimized code, for example, may still be at risk if proper security measures aren't followed,” he explains.
DevSecOps is all about “shifting left,” Oh says, integrating security activities as early in the development lifecycle as possible. “As the developer community continues to improve code quality, it should also include security best practices, such as secure coding education, static code analysis, dynamic code analysis, and software composition analysis, earlier in the development lifecycle,” Oh advises.
Ultimately, the best way to ensure code quality is by following recognized coding standards. “This means that standard integrated developer environments (IDEs) must be routinely checked using a variety of tools as part of the organization’s peer-code review process,” Raina says.
Raina also believes that enterprises should set defined coding standards and guidelines that are then properly communicated to staff and incorporated into training. “Quality gates must also be put in place across an organization’s software development lifecycle to ensure there are no gaps in the baselines,” he states.
What to Read Next:
About the Author(s)
Technology Journalist & Author
John Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.
You May Also Like