The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.
The DevOps Research and Assessment group (DORA) measures four things: frequency of deployment, lead time for change, mean time to repair, and change failure rate. Elite performers deploy many times per day. Feature flags allow teams to move fast and break nothing. Progressive Delivery means releasing to a subset of the user base then gradually expand once confirmation the release is successful. Feature Flags in the delivery pipeline lend visibility into the configuration for each release with the capability to include performance-related metrics.
Microsoft looked into the year of working from home and found some interesting facts. For one, the share of IMs being sent increased by 53% between 6pm and midnight. During the pandemic, most IT leaders described themselves as thriving, yet workers don’t share the same sentiment. Microsoft says 37% of employees say companies are making them work too hard. As the potential for return-to-work or hybrid models loom, there will be another disruption as the workforce changes gears again.
Security vulnerabilities correlate with low code health, development hotspots, and a high author churn in the organization. In the article, Code Scene argues that code quality is as much as technical issues as it is a business issue. Low code health leads to technical debt, which consume development resources. Low code health also leads to a higher number of total security errors. In general, the more experience a team has i nthe domain and codebase, the fewer security errors. Code health is an aggregated metric to classify code with respect to correctness and ease of understanding. Violating code health properties like DRY, Developer Congestion, and Bumpy Road lead to a higher number of vulnerabilities. Additionally there is a strong correlation between security error density and hotspots where complicated code that developers spend much time on.
With the expectations for fast delivery, it’s imperative to include security from day one. Security is a shared responsible that must be included in the end-to-end delivery pipeline. Compliance can be designed into the system via automation such as vulnerability scanning, auditing, logging, and monitoring to track changes real-time.