Few lines about Static code analysis
Dec18

Few lines about Static code analysis

Welcome to CodeSpread! Static code analysis We divide the term into two parts: Static+code analysis. Static in programming can be referred to as non-running/non-dynamic and code analysis is a process where the code is analyzed for any vulnerability, also it had been always used for possible improvements. So, we can say that, it is a process of detecting errors and defects in software’s source code in a static state where the entire code base is analyzed and code flaws are exposed. Advantages: This process covers whole code base and find vulnerabilities in the code at the exact location. This process can locate anti-patterns. This process can identify performance issues and also suggest improvements. Limitations: Automated tools may not support all programming languages or compilers. Automated tools produce false positives and false negatives. Manual review or Personal review is always considered to be more beneficial and reliable than a tool. We have many Static code analysis tools available like StyleCop, FxCop etc. and using them can always take off the burden from reviewer’s shoulders...

Read More
6-Thinking Hats is a powerful, practical and proven technique
Dec06

6-Thinking Hats is a powerful, practical and proven technique

Wikipedia: Six Thinking Hats is a book by Edward de Bono which describes a tool for group discussion and individual thinking involving six colored hats. 6-Thinking Hats is a powerful, practical and proven technique. It allows the issue to be addressed from a variety of angles and gather important perspectives. It is a tool for group discussion and individual thinking. Each individual thinks in a number of distinct ways which helps plan a structured way for thinking processes. Each Hat of different color can be put on and to take off and it represents different style of thinking for eg. White hat: Focus on data, facts and figures. Neutral thinking. Relevant Historical data Black hat: Become critical and cautious. Identify Risks. Highlight weak points Red hat: Inner feeling, Intuition, gut reaction, emotion and hunches. Likes and Dislikes. Yellow hat: Optimistic viewpoint. Value and benefit. Logical reasoning. Green hat: Creativity. Solutions. Lateral Thinking. Blue hat: Agenda, decision. Planning. Organized thinking Advantages: See all sides of a situation. Solve problems. Improving Overall delivery efficiency. Reduction in customer complaints Better quality. Evaluate alternatives. Positive approach Creative...

Read More
Risk Management in IT: Another step for Quality
Jul10

Risk Management in IT: Another step for Quality

What is Risk? Risk is an uncertainty. Here, this pertains to a situation where It is difficult to decide that whether a particular event will occur or not. But if it occurs then what impact it will have on a project. The measure of a IT risk can be determined as a product of threat, vulnerability and asset values: Risk = Threat * Vulnerability * Asset What is Risk Management? As the name suggests, it is related to the management of the risks or the impact of risk so that they have a minimum or no effect on the project. Risk management is all about minimizing the impact and does not mean avoiding risk. It is a recurrent activity that deals with the analysis, planning, implementation, control and monitoring of implemented measurements and the enforced security policy. There are four simple steps required to be followed: Identify Risks:Identify any IT risks, and documenting each and very detail about them like their source and kind of risk, area of impact and probability calculations at a centralized location. Evaluate,Categorize and Prioritize risks: Evaluate the risks by performing IT risk assessments and computations based on proven methodologies. Next, would be to categorize them. Lastly, This enables managers to prioritize their response strategies. Develop and Implement Risk Response/Mitigation plans: Risk mitigation is a systematic methodology where Key Risk Indicators should be established that will help in predicting the risks and model the risk assessment. Following are the options: Risk Assumption. To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level Risk Avoidance. To avoid the risk by eliminating the risk cause and/or consequence. Risk Limitation. To limit the risk by implementing controls that minimize the adverse impact of a threat’s exercising a vulnerability. Risk Planning. To manage risk by developing a risk mitigation plan that prioritizes,implements, and maintains controls Research and Acknowledgement. To lower the risk of loss by acknowledging the vulnerability or flaw and researching controls to correct the vulnerability Risk Transference. To transfer the risk by using other options to compensate for the loss, such as purchasing insurance. Monitor Risk Status: When a management process is applied, it is required to be regularly monitored so as the implemented security measures are regularly monitored and reviewed. We know that business requirements, vulnerabilities and threats can change over the time so this activity ensures that the measures work as planned and that changes in the environment will have no impact. How SDLC is supported by Risk Management? (Source: Wikipedia) Conclusion Risk Management in IT provides upward assurance to the organizations by...

Read More
Lean in IT
Jul09

Lean in IT

Wikipedia says ‘Lean IT is the extension of lean manufacturing and lean services principles to the development and management of information technology (IT) products and services.’ What are these principles? Identify Customers and Specify Value – In IT services,any process that create value in the eyes of the customer and the customer would be prepared to pay for that value of the product Identify the Value Stream/Value-Stream Mapping: In IT services, value streams are easily classified into Business services (primary value streams) IT services (secondary value streams) Now, Just break down the value streams into process steps and eliminate the steps which don’t deliver value. Flow: After Value-Stream Mapping, there might be many activities still remaining which are not adding any value so eliminating this waste ensures that service flows happens swiftly,without any interruption.In other words, concentrate on the remaining value stream activities for a continuous flow of services to the customer. for example:The waiting time of work in progress between processes is eliminated, hence adding value more quickly. Pull: A pull is a service request which is initiated by the customer or consumer of the product or other service. Here, we give freedom to the customers to pull what they need, and creating internal process to respond to this.This is about understanding the customer demand and creating a demand system. We have an opposite existing case in IT, where push systems often introduce waste through an over-abundance of “just-in-case” inventory. Perfection – Lean is a journey, not a destination. As we continue with lean journey, we identify more patches of waste lying around and the processes are improveed to achieve perfection and provide more value to the customer. Two More Lines: The core idea is to maximize customer value while minimizing waste. Simple, lean means creating more value for customers with fewer resources. How can it be achieved? Emphasizes reducing the amount of cycle time.for example: Over Processing: manually processing reports like where processes to be done by hand so that the data can be manually entered into the computer and be maintained in a database Identifies areas where there is process waster and bottlenecks and focus on elimination of the same. for example: Defects: Lot of development time spent in rectification and rework. There are 8 types of waste that can be removed from business processes to reduce costs and time. Souce:Wikipedia We can conclude that, Lean is a philosophy that seeks to eliminate waste in all aspects of a firm’s production...

Read More
Freeze Business Logic Layer.
Dec30

Freeze Business Logic Layer.

We regularly work on three-layer architecture for application development and always use some standard data layer and UI layer guidelines for design but what we always ignore is business logic layer. The reason behind maybe we are not comfortable in designing something which has no limits and no boundaries defined. If I share my experience; whenever we have tried to freeze our business logic, ironically, we felt a need to extend it to accommodate new requirements or sometimes for better optimization. Though, I have no correct answer for achieving best design for business logic layer but we can explore it a bit. What is a Business Logic Layer? One of the architecture followed in application development environment is Layer Architecture.With this architecture, Applications is trusted with different layers responsible for performing a designated role. It improves isolation of concerns. Mainly Layers are divided into the Data Access layer the Business Logic layer the Graphical User Interface layer For more information on architecture,read this article. The business layer contains business entities. A business entity is a type of business component that represents a domain model object used within the service boundary. Typically, business entities represent real-world objects, such as customers and orders. It contains all the business rules that are applied to data exchange process which happens between the presentation layer and the Data access layer. Business rules describe the operations, definitions and constraints that apply to a user/community/organization. To understand it, check these examples A customer is entitled for bonus offers if he has done a purchase of minimum limit. User is not allowed to register if it does not adhere to specific guidelines. Employer can enlist constraints and conditions on employees of the organization. Legal rules Benefits of Business Logic Layer Flexibility: Business Logic Layer which provides decoupling from the application and allows the flexibility to build other applications on top of it in the future. Maintainability:  Business Logic Layer optimizes the way that the application works when deployed in different ways, and provides a clear delineation between locations where certain technology or design decisions must be made. Reusability: Business Logic Layer follows components based architecture and can be reused in different business models.Each logical layer contains a number of discrete component types grouped into sub layers, with each sub layer performing a specific type of task Scalability: Business Logic Layer can perform well in extended conditions. Guidelines for Business Logic Layer Design Loose coupling is the key: Different patterns are available to implement loose coupling like Factory Design Pattern, Singleton Pattern.The business layer should know only about the layer below (the data access layer), and not the...

Read More
Page 1 of 212