Tech has a validation problem. It’s time to change…


Digital transformation remains a top priority for top tech executives, especially as rushed implementations have started to creak under the accumulated weight of expectations and the shifting pressures of the ‘new normal’.

In fact, most businesses cannot actually achieve “real” digital transformation. Why? Because technology has a validation problem that most executives just aren’t aware of.

Organizations are always rushing to meet the needs of an increasingly connected world. Many are still moving to cloud systems, deploying in-house applications, or facing periods of uncertainty for users as they become familiar with new devices, applications, and processes on an ongoing basis. The problem is, typical software testing stops the transformation process.

Developers create code, but getting feedback is often so costly and time consuming that this part of the process decreases relative to expected productivity. Additionally, software bugs have caused major complications, often putting digital transformation on hold. For example, earlier this year, bugs exposed Honda employees to security risks, delayed NASA’s flight to Mars, and brought down Amazon, Spotify, and eBay for hours. Almost the entire world will have noticed the drop in Facebook, Instagram, Messenger and WhatsApp in early October, given that its billions of users make up almost a quarter of the world’s population.

It’s a supply chain problem

Few apps these days need to be fully developed in-house with developers writing custom code. Very often, applications combine pre-existing code from libraries – a “code supply chain”. It is common for organizations to offer a fully functional service, such as online shopping, which relies on a supply chain of third-party services or dependencies. This can include Facebook for authorizing visitors, Shopify for ecommerce, and a provider like Stripe for payments.

But guess what? Over the past year, attacks on the modern software supply chain have increased 650%. The dependency confusion attack is the most common when an automated software development tool is tricked into downloading a malicious package from a repository. Dependencies allow developers to move forward at a rate that shouldn’t be an excuse for not checking to see if they’re secure.

All of these dependencies that software teams rely on have become incredibly complex and vulnerabilities are being missed. No matter how skilled the engineering team is, people cannot understand all the components of products. Yet the company still demands fast and error-free delivery of software.

Dealing with this complexity required shifting the focus of the app to the myriad sources of change that affect it. Validation of modifications.

Innovation requires validation of change

The Facebook crash is a prime example of the importance of validating changes. In this case, the configuration changes on the backbone routers have gone awry. An update to the Border Gateway Protocol records has fundamentally removed the ability for everyone online to find their properties online. It’s as if some mistake wipes them off the ‘map’. Additionally, Facebook employees said they were unable to work because their own tools and systems were affected, and the resulting automated door authorization failures prevented engineers from physically accessing services. concerned to make changes.

Validating changes acts as a safeguard for innovation by automating the process of verifying new software in production. This makes putting the software into production a coherent, scalable and autonomous process. It helps businesses innovate faster and more securely, digitize more efficiently, and launch new features and capabilities reliably. This is indeed the key to a true digital transformation.

Engineering teams are essential to ensure innovation is delivered the right way and become the flagship of digital transformation. Sure. Software is still eating the world. User expectations for quality are stratospheric. Software teams ship faster, but faced with a development process that has become extremely complex. The way engineers build today is incredibly interconnected. Sources of change no longer exist only in a repository, making it impossible for a single developer to understand the entire process.

This can lead to a crisis of confidence in a team’s code. This confidence is the foundation of speed. Without it, the process initially collapses.

As software becomes a competitive differentiator for more and more organizations, including beyond the tech industry, across all verticals, software teams are optimizing for faster delivery, and a few trends have emerged. First, there is a greater use of third-party services and tools; there are microservices architectures; and there are bigger and bigger datasets.

While these factors helped refine and optimize software development, they also reduced the ability to have confidence in full validation in a pre-production environment. The presence of these factors increases the cost of gaining the same confidence in the code before it is shipped.

CI / CD is where you start

Something to note. The point at which the cost of pre-production validation exceeds that of production validation is not static. The cost of production testing is somewhat fixed, and the cost of extensive pre-production testing increases with the increasing complexity of development processes. Threshold is something that needs to be dynamically assessed.

Change validation is based on best practices such as continuous integration / continuous delivery and release orchestration. The new learning is that in this world of software supply chains and the cloud, production testing is the best way to find out if code changes are working as expected before releasing them to the world.

No one can embrace new technologies like AI and machine learning without knowing whether the changes happening in their applications are effective. In fact, when advanced technologies modify the code themselves, tracking the source of the changes is essential!

Validating changes as they happen, where they happen, corrects errors when you want to find them. Failures arise in complex situations and can be managed. Where engineers can seamlessly roll back versions, they can imagine, solve, and innovate. Validating changes allows for experimentation.

In addition, beyond functionality, availability and experience, the cost of testing in production is now significantly lower. Better design and best practices help, but it is essential to test and prove the construction. The global economy is built on software and services – just like our “new normal” …

Rob Zuber, CTO, CircleCI


Margie D. Carlisle