Train software engineers on policies: Beyond documenting the how and the why of your policies, you also want to take steps to ensure that the connection between the two is clear. The absence of training is the No. 1 reason policies fail. If a policy requires code to be structured in a certain way, the engineer may not immediately see the potential for the bug that the structure is intended to prevent. If the engineer doesn’t make the connection during this cycle or even the next few cycles, then the policy looks more like a guideline to him or her. Thus, the code may not be properly structured before the product goes to market, and defects may surface in the field. At this point, the implementation of the policy has failed.
Use automation to drive a sustainable process
Automating policy monitoring, as well as the process for routinely notifying engineers of violations, ingrains policies into the day-to-day workflow. Without this level of automation policies will quickly fade and expected behavior will degrade back into suggested behavior. When policies revert to guidelines, software engineers are more likely to apply the quality strategies ad-hoc, as opposed to integrating them into their workflow.

Testing done at the end of the project (rather than incrementally as a regular part of the software development life cycle) habitually returns an enormous log of errors that overwhelm engineers. The likelihood that the errors will be mitigated is minimal. At best, engineers cherry-pick the errors that are easiest to fix. At worst, team leaders sign off on the project as is and fix it with patches when defects are exposed, which may weaken market position, damage business reputation, or even result in litigation.

An automated, exception-based system also creates efficiency by making incremental testing a part of the engineer’s daily process. Coding is a complex process that requires concentration and the right frame of mind. When requests for fixes are submitted outside of the engineer’s routine, it takes him or her out of their rhythm, which is extremely difficult regain.

Efficiency is also gained by allowing junior engineers to be coached by policy notifications, which improves their understanding and keeps senior engineers on task. The key is that the policies are in a natural language, understandable, and meaningful to engineers in context of the business.

Use automation to ensure traceability and auditability: An automated system that logs and traces the activity that occurred during development is the most efficient way to measure, analyze and enforce strict quality processes. It is ideal for demonstrating compliance with the expected policy, as well as ensuring accountability.

Manually defining a strict quality process, collecting the metrics associated with a broad set of potentially distributed policies, and proving that the process was actually followed can be overwhelming. At best, it is a time-consuming activity that introduces potential breakpoints that introduce unnecessary risk.

A centralized infrastructure capable of managing policies will go a long way toward realizing the benefits of policy-driven development. Ideally, a single platform that monitors adherence to multiple types of policies and enables effective implementation will be in place to deliver the traceability and auditability required for certification and for audit purposes.

The greatest factor limiting the ability to create defect-free software is the inability to conceive policies to govern its development. In this regard, it is fortunate that humans are naturally creative. At the same time, creating defect-free software requires discipline, which is cumbersome and time-consuming.

Creating policies pre-emptively does not come naturally, so the resistance to policy-driven development is understandable. The resistance, though, is misguided by the prejudices engrained by traditional software development strategies. We are confident that this resistance will fade as organizations begin to realize that elevating guidelines to definable, enforceable, measureable and auditable policies will drastically improve how they develop software. It not only helps organizations accurately measure application quality and development productivity, but also improves it by preventing errors and eliminating waste.