Dr. Bill Curtis Director, Consortium for IT Software Quality

The Technical Debt Management Cycle:

Evaluating the Costs and Risks of IT Assets

Technical Debt Damages Business Value

2

The Technical Debt Metaphor

33

Structural quality problems in production code

Technical Debt

Principal borrowed

Interest on the debt

Business Risk

Liability from debt

Opportunity cost

Interest—continuing IT costs attributable to the violations causing technical debt, i.e, higher maintenance costs, greater resource usage, etc.

Principalcost of fixing problems remaining in the code after release that must be remediated

Opportunity cost—benefits that could have been achieved had resources been put on new

capability rather than retiring technical debt

Liability—business costs related to outages, breaches, corrupted data, etc.

Technical Debt the future cost of defects remaining in code at release, a component of the cost of ownership

4

How to Use Technical Debt

Estimate ofTechnical Debt

Calculating CostOf Ownership

Explaining IT Cost of Quality

AssessingBusiness Risk

Managing Portfolio Quality

CAST’s Application Intelligence Platform

5

ApplicationAnalysis

Evaluation of 1200+ coding &

architectural rules

Application

meta-data

Transferability

Changeability

Robustness

Performance

Security

QualityMeasurements

Detected Violations

Expensive operation in loop

Static vs. pooled connections

Complex query on big table

Large indices on big table

Empty CATCH block

Uncontrolled data access

Poor memory management

Opened resource not closed

SQL injection

Cross-site scripting

Buffer overflow

Uncontrolled format string

Unstructured code

Misuse of inheritance

Lack of comments

Violated naming convention

Highly coupled component

Duplicated code

Index modified in loop

High cyclomatic complexity

Language Parsers

Oracle PL/SQL

Sybase T-SQL

SQL Server T-SQL

IBM SQL/PSM

C, C++, C#

Pro C

Cobol

CICS

Visual Basic

VB.Net

ASP.Net

Java, J2EE

JSP

XML

HTML

Javascript

VBScript

PHP

PowerBuilder

Oracle Forms

PeopleSoft

SAP ABAP, Netweaver

Tibco

Business Objects

Universal Analyzer for other languages

Technical Debt Management Cycle

6

IT ExecutivesApplicationManagers Developers

Set policy and quality priorities

Step 1

Build/Release/QA/AI Center

Set thresholds for app quality

Step 2

Measure Technical Debt

Step 3

Plan reduction goals & actions

Step 4

Remediate violations

Step 5

Track results

Step 6

Report to the business

Step 7

7

Step 1 Set Policy and Quality Priorities

Quality Policy

Corporate purpose

Expected behavior

Training

Reporting

Audit

Quality Priorities

Customer-facing

Internal business

ReliabilityPerformance

SecurityMaintainability

ReliabilityPerformance

SecurityMaintainability

8

Step 2 Set Thresholds for App Quality

Retail Website

Product information

Online purchase

Delivery scheduling

Reliability 3.5Performance 3.5Security 3.9Maintainability 2.5

Reliability 3.8Performance 3.9Security 2.5Maintainability 3.0

Reliability 3.5Performance 3.0Security 3.9Maintainability 2.5

Step 3 Measure Technical Debt

10

Step 4 Plan Quality Goals & Actions

Releas

e 5

Releas

e 6

Releas

e 7

Releas

e 8

Releas

e 9

Releas

e 10

Releas

e 11

Releas

e 12

2.5

2.7

2.9

3.1

3.3

3.5

3.7

3.9

ReliabilityPerformanceSecurityMaintainability

Score

Quality Score Target by Release

11

Step 5 Remediate Violations

PortfolioQA Data

Repository

App Management

12

Step 6 Track Results

Releas

e 1

Releas

e 2

Releas

e 3

Releas

e 4

Releas

e 5

2.6

2.8

3

3.2

3.4

3.6

PlannedActual

Pe

rfo

rma

nc

eE

ffic

ien

cy

AppDevExec

Step 7 Report to the Business

13

Resilience

Efficiency

Security

Transferability

Changeability

Quality Category

Outages, slow recovery

Degraded response

Breaches, Theft

Lengthy comprehension

Excessive effort

Operational problems

Availability

Work efficiency

Data protection

IT productivity

Delivery speed

OutputMeasure

Bu

siness risk

IT co

st

Technical debt

Reducing Technical Debt Is Imperative

14