August 22, 2007

Mission Critical

Subtitled:  You don’t build a nuclear weapon like you build a cabinet.

The first of my heresies - Don’t use agile techniques to build mission critical apps.

One commenter replied “Why not do agile with a zero defect mindset.”

It’s a fair response, if every defect could be found through “typical” testing.

But I’ve done enough mission critical application development, and read enough about others doing it, that I know that the problem is that there are incredibly subtle bugs, that are nearly impossible to discover, through any amount of brute-force testing.   Bugs with timing, with unusual states, with unusual inputs, with combinations of all three.

If you’re going to be building something where people’s lives depend on its proper functioning, you owe it to them (and to your internal customers) to go down every path, inspect every variable, bullet-proof every pathway.  And the most effective way to do this, is, unfortunately, by designing the logic up front - focusing a lot of attention and care with a number of brains working in parallel on exactly how to build certain subsystems and various elements of the system.    Every change, every tweak, everything needs to be inspected and approved and debated before it is ever written.

Having said this - this is an incredibly expensive way to build software.   And 99.9% (if not more) of software, including a lot of stuff that is important and valuable, doesn’t need to be written this way.

And to anticipate the natural objection - yes, I know that bugs still happen, even with this approach.   It’s just the best way that I believe one can build software that is so important that it must get done right the first time, where cost and time are not the primary concern.

Having said that, I believe that one can isolate those software components, and build the rest of the system (the “mundane” 99.9+%) using agile methods.   I believe that you can also build the mission-critical components using a TDD approach for your own benefit, that you can build it in stages, and provide agile-style visibility of your progress as you go.

You just can’t invent it as you go along.

I look forward to your comments.

2 Comments »

  1. I agree that you should carefully consider before you use agile methods in mission critical projects

    Barry Boehm and Richard Turner published an interesting paper on this a few years ago called

    Comment by Arnon Rotem-Gal-Oz — August 27, 2007 @ 9:02 am

  2. The link didn’t make it through:
    http://www.acq.osd.mil/se/as/publications/IEEE%20Software%206-03.pdf

    Comment by Arnon Rotem-Gal-Oz — August 27, 2007 @ 9:02 am

RSS feed for comments on this post. | TrackBack URI
You can also bookmark this on del.icio.us or check the cosmos

Leave a comment

XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .

« When to be agile, and when not to be    Overcoming Bias »