Slashdot Mirror
Software Quality In a Non-Software Company?
Nicros writes "I work for a publicly traded biotech company that happens to write software that is, in fact, kind of critical for the business — without it no data would ever be read from our instruments, and no analyses would be performed on that data. The problem is that as a 'biotech' company, we are not taking software quality seriously. We have no senior management with any history of commercial software development — our C level has really no clue whatsoever what software really is, much less what is going on in software development. All of our quality processes are related to manufacturing our system (not software), so we are constantly forced into ad-hoc development since there is no real process for our development. Repeated requests to hire someone with some real commercial software development experience have gone unanswered. I have been to the CEO directly one-on-one and although he agreed this was an issue, thanked me, and said he would look into it, that was the end of it. He has bigger things to worry about. So the question: Is this just a fact of life and I need to deal the best I can? What else can I do to get some attention on software quality in the company?"
You're obviously fighting an up-hill struggle. Going straight to the CEO is both a good and bad idea - if it works you'll get immediate affect, but it's likely to be ignored.
You need to argue this case as much as possible. If you're the developer, or in charge of development, enforce decent developmental practices and ensure your estimates include them. Err on the side of caution. Take an estimate and double it. Managers talk money, not standards, so you'll have to hit them where it hurts.
Otherwise, is there anything off-the-shelf that could alleviate some development?
ilovegeorgebush
It sounds like in your company there is no one doing this job. You've talked to the CEO. Get him to make you VP of software and tell him you'll solve the problem if he gives you responsibility.
Anarchy is an opportunity for the ambitious and unprincipled. Take it and make yourself software Czar.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Could you propose to hire a software test consultant for a day or two and let him point out serious quality issues (data integrity, security, correctness..)?
A serious, alarming report by an external software test professional could help reinforcing your requests?
I have the same problem where I work, the problem is I am the dev with real commercial experience; I just can't convince them that we need to do things in a manner that I would consider correct - it's all ad-hoc development and it's all driving me nuts.
The problem is, if our software doesn't work correctly, then the data we collect and process using it becomes screwed up, which is a major issue for the core business - data is our crown jewels.
My current solution to the problem is looking for a new job in a company that actually takes software development seriously. I just can't see any way of getting things here working the way I want. There wasn't even any revision control in place on the source code when I started.
The problem I'm finding is that the lack of structured development and design here is actually beginning to hurt me professionally: prospective employers, who have software development as a core aspect of their business, actually ask about this kind of thing. If you're looking to hire someone who takes their profession serious, for god's sake make sure they're actually going to be able to do their job - otherwise your company is just going to turn in to a blot on their CV.
Yeah, I had a sig once; I got bored of it.
Prepare a brief for the management-level at your company. Show them basic tools for managing software quality. Dig up documents that show different ways of improving software quality. Talk about development methods (agile, etc).
Tools like Redmine are very pretty and manager-friendly (and free). Show them how easy it is to add tickets, approve and deny work, track changes to the software as it evolves and isolate changes until they are tested properly.
Point out that there is a potential legal minefield if they get something wrong and it's proved to be the software at fault. Show them that tracking each and every change along with who authorised it, who did the work, who approved the changed software to run, etc will help lift some of that liability.
Managers aren't all clueless, and all ones that I know are genuinely willing to do things better. Often they are too caught up in doing things to appease the board that they don't have time to look at things that seem menial to them.
If you don't prepare a brief and suggest a really good solution or two they'll eventuall get a contractor in who will charge a fortune, tell them that everything sucks and then leave. Then you'll be stuck with a half-arsed process based on some pie in the sky ideas from a contractor who really can't know the day to day ins and outs of what you do.
At the end of the day what you need to demonstrate is that by putting a process in place and then tools/staff to support it you'll be able to achieve better results.
I drink to make other people interesting!
... his C-level management may end up promoting him to be the software development manager. It might even include a raise.
now we need to go OSS in diesel cars
Very interesting question. I see two things that might help. First, don't go to the CEO. You and him clearly speaks different languages. Go to your nearest manager instead and explain to him the consequences of not having procedures. I am sure you can convince him of this, and after the discussion do not settle for a "I'll look into that and get back to you". Always end your meetings with a list of action items with _who_ does _what_ and _when_. This way, you will have clearly defined dates you can follow up on. Have him commit to a date when he will do X (for instance - talk to the Director) and set a date for a follow up meeting with you where he will explain the outcome of said meeting. Should the meeting be canceled, be sure to get a replacement date and set follow up meeting accordingly.
I remember this WTF article at the DailyWTF (I forgot the title) where in order to become firm and get your point across, his superior told him to use WE and OUR instead of I and ME in his email correspondence.
So instead of "Sorry I cannot do this since I believe that you must follow the testing procedures." you could write it like this "Sorry, We cannot do this since we believe that you must follow the testing procedures."
I lol'd but I find myself writing such mails from time to time..
Hi OP,
I'm a developer/Engineer for two biotech companies: one a small startup, with me being the only part-time employee. The other is a large DOD-backed institution. I can tell you that in the short time that I've been there, it has been a frustrating uphill battle to instill an Engineering/Developer mindset. While I firmly believe Scientists and Engineers seems to have a similar approach to work, it's interesting to see how passive the science-minded folks are towards hardware/software advancements. They are only concerned about how many protein cells it can accurately count, or whatever. There is no interest in what goes on 'behind the scenes', and consequently, what goes on to get there.
There are absolutely no Engineering controls in place at either Employer, and software development is as you said: made for the moment. Personally since I am the one-and-only, I find that I just have to do the best with what I have. I comment and doccument well, keep a code revision repository, and do my best(within reason) to make sure someone else can pick up where I left off.
It won't be my problem if/when the day comes I leave, but at least I'll be able to sleep at night.
*-PGP Please!-*
We have no senior management with any history of commercial software development
That reminds me of Arianespace. It took the crash of a 150M$ rocket to make them change that.
Management are possibly right, the important thing is getting the product to market. If the R&D people write bad code, but code that works, and it gets the instrument to market then ship it. If it's instrument based, the software isn't the critical problem (if it works better than the other guys you win, doesn't matter if the primary data analysis software sucks so long as it more of less works).
However, you should try and convince you're management to open source the software. In this industry the probability is that if you don't open source it someone else will write an open source replacement (see Phred/Phrap, and the open source replacements of the primary data analysis software on next-gen sequencers which are starting to appear). That means your company losses control of the primary data analysis and possibly device control software, and that's bad for your company.
Open source has the added benefit that your development costs will fall (you can start using GPL code), it'll help you engage with the scientific community and you'll get people outside the company doing free work for you (seriously people want to get this stuff working, they'll help). You'll also get free peer review on your code which will drive standards up.
Scared of showing your crap code? Don't be, in this industry I've seen enough to know that most of it sucks (a lot of it's written by Biologists with no formal training). The clincher? "ABI are doing it, why can't we!" http://solidsoftwaretools.com/gf/
I'd advise not taking the burden of sole responsibility yourself.
I worked for a small medical electronics manufacturer in the UK. They had no software development team apart from me. I was fresh out of college and eager. I replaced the previous "software guy" who had walked out. No documentation or code was actually in place. The software standards that we were supposed to abide by were considered by the management to only be important when a product was finished. I ended up stuck in the middle between the customer the management, the marketing team and the hardware boys. I became quite adept at software/hardware debugging (for that project at least) and all the while attempting to keep the documentation going ( which was considered a waste of time by management of all levels). The crunch came when they took an order for 30 finished units before the prototype was finished (including documentation, third party software/unit tests etc..) despite my constant protests.
I burned my self out and am now a green oak carpenter. I blame my own young naive mind. And the fact that I trusted the management to be dealing with this sort of stuff.
If you don't abide by standards and have a half decent software development work flow organized by the management you're going to be in a fire fight. Get vocal and demand it now before you become a gibbering wreck trying to keep everybody happy. And the management will keep their jobs not doing there jobs.
If you are a software developer yourself, try to set up proper division yourself by talking to appropriate people in positions.
If not, stick to biotech. Software developing is engineering too, and it is not a good idea to do amateur in-house engineering, especially if your software products need to be of mission-critical kind. Outsource all software related job(s) to someone else who specializes in software design and development, and you yourself will sleep better.
That's called sabotage and it's a silly idea.
ilovegeorgebush
I'm in a quite similar situtation, and perhaps I can provide a few hints from what we're currently doing.
I'm working for a relatively well-known institute in academia (biotech field), with a group that among other research projects, also provides web-based services to the research community. Funding is partially tied to the operation of the services, so there is actually enough pressure to make sure that they work and work correctly at all times.
Still, until about a year ago, development was very ad-hoc, in a mix of languages, and with many "islands of knowledge", where some parts of the system were only known to one post-doc, and other parts could only be fixed by the group head (who, as they are, was usually busy with many other things...). After some hard times and near-misses, we started looking around for ways to improve our development.
I was quite attracted by the ideas of Agile, and I believe that they're a good fit to the kind of processes you find in science, as well as in software engineering. We initially had a professional Scrum coach come in and talk with us about software development practices, and then decided to apply Scrum to our processes.
It's now a bit more than 1 year since then, we're still using Scrum with a few adaptations to fit the academic environment (we're also using Scrum for projects that are really science and research, not software development). In a recent secret poll among the team, Scrum got high marks for making the team more productive, and for creating an environment where code and knowledge is shared. People are happy with the structure that Scrum provides, and we always know where the project stands. Incidentally, we also write better software faster.
But we're still improving the way we work. The transition is slow and painful, and we're only slowly adopting things such as test-driven development, automated builds and pair programming. In my experience, there's a lot of resistance against these "newfangled" methods in the academic culture, especially that of people who weren't trained as software engineers, but rather as physicists, chemists, biologists, but now find themselves producing software.
Some hints on what I've found useful in re-shaping our work environment:
- You can't change the whole structure in one day. Get permission to run a small, isolated project in "the new way", and use this to demonstrate the advantages. Remember, there are many metrics for success: Code quality, timely delivery, not having single points (persons) of failure, as well as team velocity and personal satisfaction. Try to make a case from this small project (and gain experience while doing so), and then grow it out slowly.
- I would not advise to do some clever "breaking the build, and thus showing everybody how fragile the system is" exercise. This may not be seen as constructive.
- Instead, provide convincing evidence by example that your way is more productive and more certain. Bugs that are fixed stay fixed, and don't creep in later again. Timelines are better kept. That sort of thing...
- If you can get someone in to talk about the current best thinking in software development, do so (someone else mentioned this already). It's good to hear an outside opinion, and to understand that these practices are not theoretical but used by large companies world-wide.
- I found Joel Spolsky's 12-point assessment very useful to find out where your organization stands: http://www.joelonsoftware.com/articles/fog0000000043.html ... These are also good points to whisper into management's ears.
As someone above mentioned, good advice on this question really depends on if you are writing software or not. If you are not involved in writing software, and you are not executive level then just stay out of it. Even if it is mission critical and you see something seriously bad, it's not your business. You've explained the issues, your observations have been listened to and acknowledged. Now you have to trust that your management is doing the right thing. If you don't trust that, then you have *much* bigger problems than software...
But if you *are* involved in software and you want to improve the situation, then it *is* your business. But after years of doing software process improvement I'll tell you that it's a long hard road you'll be walking and you need to be patient.
First of all, making it widely known that the people writing the software are doing a bad job is not going to make you friends. You may not have intended to insult everyone who works on software in your company, but by walking up to the CEO and telling them that nobody knows how to write quality software, you've pretty much done that.
Software process improvement is less a technical issue than it is a political issue. You've got to work on your people skills. You've got to make friends. You've got to make people eager to hear what you have to say. So the absolute very first thing you've got to do is "turn that frown upside down". Nobody wants to hear that they suck. You've got to be positive. You've got to smile. You've got to encourage people and sing their praises.
I know, I know... they really all do suck. Been there, done that, got a closet full of t-shirts. But you are where you are. And you aren't going to move anywhere by attacking these people. So sit down, relax, take a deep breath and get used to what you see. Because it's not going to get to great any time soon.
BUT (big, big, big BUT) if you are smart, and skillful, and patient, little by little by little you can improve things. If you are a coder then you can start with yourself. Do one small thing. Be successful with it. Then go to your buddy and say, "Hey... I started doing this one small little thing and my life is better. Wanna try?"
Keep doing that. Ask other people for their opinion on something that would make life better for you. Then say, "Hey, cool idea! Let's try it!". Keep doing that.
If you see something that's good, yell it out to the world. Say, "Wow! That's fantastic! Did you see what so-and-so did? We should all do that!". Keep doing that.
And smile. Every day. All day. Tell people how smart you think they are. Build up their confidence. Look at their code and compliment them. If you see something that could be improved, say "Hey. You know what? I have an idea... what if we did X here? Do you think that would work?" But for every time you do that, make sure to find 10 other things right that they are doing.
It's bloody hard. It's fucking hard. To be so positive every day. To tell people that you think they are good people. That they are good employees. That they work hard. But that's what it takes to make improvements.
Trust me. And in the end your patience will be rewarded. Because in my experience, most people want to succeed. They want to be kick-ass at their job. They just want a nice friendly person to guide them there. And then they'll go. Easily and willingly. And after all that, it turns out (from my experience) that all those nice things you said over all that time -- turns out to be true (9 times out of 10 -- the other time the guy really is a hopeless wanker).
Have you quantified the benefits of improving software quality?
Have you laid out the risks (both personal, to the directors and to the share-price) of low software quality
Did you make the guy aware of the legal implications and liabilities?
Did you describe what the competition does?
Did you actually propose a planned and costed solution - or were you just moaning at him?
But most importantly, did you wear a tie?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I have worked in enough software companies to know that they are not necessarily better.
until something goes really wrong in the field and the company gets a product liability suit based on crap product. What's described here sounds like this is the inevitable future of the company if they don't fix their software development process.
The company's troubles get worse when in the process of discovery, the plantiff attorneys find that instead of due diligence with respect to software development processes, there was no diligence.
The situation is a disaster waiting to happen. If the author has presented his concerns to top management and they've been ignored, if he's proposed to solve them himself (they probably do need somebody C-level in software development) and that fails, the guy needs to update his resume and call the headhunters.
Or become the fall guy when good enough is demonstrated to be not good enough in a court of law. CYA records of meetings and e-mails demonstrating that the writer saw a problem and tried to get it fixed to run into management non-cooperation might get the author off the hook for personal liability, but probably won't save his career.
Tech Public Policy stuff
It seems to me that in business outside of the IT department it is pretty common that the software element of the widgets they sell is just not important. That is until someone get hurt or worse. Just look at the trend of outsourcing programming. I see things sold all the time that require some kind of embedded software to control the various components that are munged together to make some kind of "system" that the customer has dreamed up. Then when it is installed all of the various contractors that are only interested in selling their particular tier, point their fingers at each other and declare, it is the other guys responsibility to get it working. It would be rather amusing if some of this stuff wasn't so critical. The latest one I have seen is some branch of the govt threw out a rfp for a rig to exhaust high heat exhaust gases from an apu in a hangar for an aircraft. Everyone in the channel is clueless including the engineer that "designed" it. It would scare you to find out who ultimately will wind up programming this thing. I have long said that computer scientists need to get outside of IT, and into engineering and fabrication for this reason. I usually just get ignored but, there is a huge need and opportunity for skilled people. The next time you see something that looks complicated and does things automatically respect it may have been programmed by a convenience store clerk. be afraid, be very afraid...
This sounds like the perfect scenario for open sourcing your software with you as the main developers maintaining it.
For the regular users, nothing much will change.
For the power users, those most likely to complain, this will be a tremendous benefit. If they don't like it, they have the possibility to improve it. This often reduce the number of problem reports and increase the good problem reports from your knowledgeable customers. Sometime you might even get useful patches, that save you some work. If you're really lucky, you might get a few users who start to code enhancements.
It also might generate some good-will towards your company and ease the integration of your bricks with other solutions.
What has this all to do with software quality? With your software out in the open, quality problems tend to be treated more like bugs that will be fixed as fast as necessary and possible and you get a better feedback where work is important. Making the software and drivers open source won't save your company any money, it won't cost more either, but it will improve what you get for your effort.
No they are not as evil as the Democrats says. Most of them want to do a good job so you will call them back in the future.
Why contract except for hire.
1. They can be paid for out of your department budget not the general budget. So it requires less steps up to get approval.
2. They work outside of HR. So you can hire them and fire them if you feel they are not doing the job correctly
3. Use a Multi-level support system. Get some Jr. Consultants to do the grudge work for cheap for 3 days on 2 days with a Sr. Consultant to insure the Jr.s are on track and solve larger issues deal with your department give any bad news and estimates etc...
4. More experience for less years. Especially if you get a good mix. You can get a specialist in X and Y and Z because you can use a consultat for their strong points.
5. If you give them motivation that there may be more work down the line they will focus on getting the project done. Yes they want to stay there but if there is a chance of a new project further down the chances of them milking you is a lot less.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
If you are in the bio tech field then all of your processes need to conform to ISO13485. There is a section specifically about software. Your company won't be in an FDA/CE regulated environment long unless you comply with those quality standards. I suggest you research the guidelines and point them out to your quality manager.
The reason we subjugate ourselves to law is to better procure justice. If law does not accomplish this purpose then it m
Old chinese proverb: "The nail that stands out gets hammered".
I was in a very, very similar situation. In a company with not a shred of software quality control. Everybody listened to my presentations suggesting we get someone with software engineering experience in the loop. Even a "thank you" from the CEO.
Six months later, I got very firmly terminated on wholly made-up charges of poor performance.
Draw your own conclusions.
Make it fail. Make it fail spectacularly, to the tune of millions of dollars. That will certainly get the CEO's attention, and he will be sure to take measures that will stop such failure in the future. Of course, I can pretty much guarantee that you will not like his solution, but software development will be much more professional afterward.
If this is not what you want, ask yourself what you actually want to change. You do know what you want to change, right? Discuss those things with colleagues and managers, then formally propose doing them.
I'm guessing you probably want a more structured development process, with better-organized change requests, and at least some semblance of formal testing. That is very, very hard to set up, because it also requires the help of your users, and they don't care about software, they just want to have their problem solved. If this is the case, always remember that you are there to solve their problems, but they are not there to solve your problems. In other words, don't force them into a process they don't like. You might do better if you can show an advantage other than "it makes my life a little easier".
If all you want is a bugtracker and a version control tool, just request a budget of about $2000, then buy a Dell PC with Linux and install Bugzilla and SVN on it. That will set you back $400 or so, the rest of the $2000 is to show that you are a business thinker and did not forget to include installation time ;-)
If you want to institute Methodologies (like extreme programming or similar), good luck with that. It will probably end in your colleagues defenestrating you...
Some people here will tell you to start dropping managerisms (like those in this message's title) and talk costs. They are correct, if you want to move into management. If you want to stay a programmer, however, just fix the damn problem. Nothing you described is too terribly difficult to correct on your own. Install and use Hudson. It has plug-ins for .net and java language support (and probably more). Make sure you really use its code quality plug-ins (things like fxCop, findBugs, and PMD). In short, do al little every project to improve the development environment. These are free tools and fairly trivial to set up. Getting your environment right is part of your job as a developer. Don't abdicate that responsibility to management, especially if management doesn't understand what your development environment needs.
It is a fact of life that most non-software companies have not yet woken up to the emerging criticality of their software divisions. What you describe isn't surprising or unusual. Be better than 70% of your peers by fixing the problems as you see them. You will learn to be a better developer and management will learn to appreciate your efficiency. If they don't, so what? Move on with all the knowledge you gained building up their development infrastructure.
-Tom
Go read up on the Capability Maturity Model (CMM) or ISO 9000 and come back when you have a clue.
You don't even need to formalize the process to that extent to make leaps and bound improvements on the hack-it-together and test it approach you are suggesting... At a minimal a decent software development process should have:
Requirements specifications & reviews
Design specifications & reviews
Test specificiations & reviews
Codng standards
Code reviews
Source control
Regression tests
Functional tests
Load tests
This argument is also known as "The Enron Gambit": those wildly successful guys who are raking it in hand-over-fist must know better than those of us who think that their business model makes no sense. They sure showed us.
Censorship is telling a man he can't have a steak just because a baby can't chew it. --Mark Twain
I'm a big fan of open source.
Most of the hardware at home has had its OS/firmware replaced with open-source variants.
BUT
Keep in mind that the software in certain types of devices is part of the 'competitive advantage' over other suppliers.
If you open-source the firmware/software of your instrumentation, a competitor can very easily build a similar device cheaper (because you already did most of the development).
I'm not saying you shouldn't do it, but you should show management that you are not 'giving away the keys'.
Show them you can provide a better quality of software to clients than competitors.
New features will make it into your software first, then the competitor will still have to factor it into their code.
"I was in love with a beautiful blonde once, dear. She drove me to drink. It's the one thing I am indebted to her for."
I've been a research scientist for, well, long enough and a computer nerd for a lot longer. I've always wondered how it is that a company can make a state-of-the-art piece of research equipment and then bundle it with a PC running Windows 95 with a serial interface and the worst, least intuitive, and most expensive software I have ever seen.
Now that I'm in charge of picking what we buy I make it a point to find companies that support Linux because it usually means they have a real software development team and that they don't outsource their development. (Jovin Yvon who bought up all their competitors were the worst at this, charging $5,000 to re-install their fluorimeter software, the installation CD for which they refused to sell based on "licensing" issues.). And I'm usually right.
Most recently I purchased a $70,000 high-speed InGaAs camera that came with Windows-only software (that wouldn't run in virtual machine either because it required low-level NIC access). They charged another $2,500 for the "intermediate" software package (which I have no problem with in itself) that had a bug in it. The bug? It wouldn't export movies longer than 10,000 frames, which at 1,000 fps is 10 seconds of video. It took them three months to get me a beta version of a different piece of software that would allow me to export longer movies.
Another company, which I love doing business with so I'll mention them here, EPIX Inc., makes less expensive high speed cameras, but develops their software in Java and releases Linux versions. The software is buggy--as is all instrument software--but I can actually call a real software developer on the phone and tell him/her what the problem is--imagine that!
Sorry for the rant, but this story makes it clear to me why instrument software is so terrible. The first major company that figures out how valuable intuitive, functional, cross-platform, (and for the love of god, not hardware-keyed) software that doesn't store data in some unholy proprietary format that physically ties people to the machine that the instrument is attached to just to process the data is... Ok, well the few companies (I'm looking at you Bruker) that have figured that out have staying power and brand loyalty in university research where as the others are used as pejoratives.
Actually, I wrote my thesis on life experience.
...you just discovered that "quality" is subjective, congrats!
/.ers can understand:
It's really not that complicated; I'll paraphrase your two fundamental options in a way that most
This is your last chance. After this, there is no turning back. You take the blue pill - the story ends, you wake up in your cubicle and believe that your organization is on track. You take the red pill - dust of your resume or maybe start your own company.
If you find yourself losing sleep over the matter just ask yourself what's better, vi or emacs?
Let me tell you a little anecdote which was relayed to me by the IT manager at a previous employer.
When he came to the company, software quality had never been taken particularly seriously. They'd insourced IT where previously everything was handled by an outside company, presumably in the hope of getting better quality services for their money, but were seeing little benefit - mainly because the IT department was so busy implementing new features the business wanted they never had time to debug existing issues.
Helpdesk call levels were very high, the IT department wasn't particularly highly respected in the rest of the business and while the business probably did want less buggy software, they were always too busy chasing after the Next Big Feature to allow the IT department to concentrate on bugfixing.
So he went to the business (ie. the directors/senior management) and said "OK, here's a suggestion. We'll spend the next three months working on nothing but bugfixes. No new features. What glitches with the system are impacting your staff?". The business wasn't hugely keen on the idea of no new features for three months, but he was able to persuade them that the benefits of having more stable software outweighed this.
Three months later, the business was so impressed with the improvements that they asked if the IT department could spend another three months doing nothing but bugfixes.
Sometimes, the business needs a little poke from IT to understand how to get the best benefit from the IT department. Being able to recognise this and make a suitably diplomatic poke is what IT management is there for. If there isn't clear IT management in place to make such a poke - well volunteered.
...and that language is money.
Find out how much it will cost the business if the software stops working. Estimate the risk (number between 0 an 1) of this happening. Multiply these two numbers. The result in dollars is the amount of money your company will lose with certainty. Not maybe, with certainty.
My opinion? See above.
Either start working for a company that do care about software quality, or start your own. I know it is a pretty drastic thing to say, and one I haven't (yet) followed myself, but I do believe that it is the only way.
My hopes would be that the more good engineers that start software companies that care about how things are done (and thus the end result) the less new companies needs to be started because the old ones suck. There are reasons why one sticks around a crappy company that treats you badly in one way or another (which I think is the case in this case), and the best hope for the people who can't leave that easily to form their own company is others doing so and they following when things have stabilized.
Keep in good contact with each and every good engineer you get to know :)
In most companies where software is not the main focus, the deadlines are for the main product and the software had better be done by that deadline. The software guys have nothing to say about the schedule.
I saw this effect first-hand at Digital Equipment Corporation. Although we did a lot of software, the corporate culture focused on hardware, so the software had to be ready when the hardware shipped. Fortunately, the software guys were generally able to get a prototype far enough in advance of "first customer ship" that it was possible to get the drivers written. From a software point of view the hardware documentation was sometimes lacking: once I recruited the assistance of an in-house field service guy to help me read the engineering drawings so I could figure out how to program a new device.
http://courses.cs.vt.edu/~cs3604/lib/Therac_25/Therac_1.html
In summary, you're fucked. Get as far away as you can before the lawsuits come.
(And yes, I know that he isn't making therapeutic equipment - like that matters in today's legal climate)
I work for a Very Large Non-Profit with a biomedical branch, and they've been working on a new software system for years. After hundreds of millions spent, they still can't figure out how to process a lot of database transactions quickly. When asked why banks can do this with ATM data and not lose a single penny, management response has been "We're the Very Large Non-Profit Organization - we're different". They finally asked the project leader to retire (God forbid they fire him for incompetence), and are valuating whether to scrap the whole thing and start fresh, a la the FAA and IRS.
And no, I haven't quit.
Yet.
"As God is my witness, I thought turkeys could fly." A. Carlson
Are you a programmer? A SysAdmin? PS? QA?
Are you a worker, a lead, a manger, a PHB?
Each of these generates a different answer.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Unfortunately, software quality isn't even on most companies' radar. Until it exposes them to major losses like a balsa-wood skyscraper built next to the airport on the shores of the Petrol Sea.
Software has the disadvantage of being intangible and we all know that "Any kid can write software".
Any kid can bandage a cut, but that doesn't mean you want that kid doing a colonoscopy on you.
At some point the software industry is going to need to establish itself as a rigorous practice with rigorous standards. Not some silly cert that says you know Language-of-the-Week, but something along the lines of GAAP for accountants. I'm not holding my breath, though.
IF you happen to have - or be able to cultivate - the right social skills, take an active role. However, despite what the "don't like it, get-entreprenurial" crowd asserts, there are those of us who'll never be able to tolerate forcing their introverted personalities to assume an extroverted task on a long-term basis even with the best of counseling, self-help and medications. It can be wearying and it steals time energy from what we can do that the extroverts can't.
So if you aren't socially adept and don't see yourself swimming through office politics like Nemo, the best advice I can give is keep your resume up to date and network to whatever degree your social skills allow so you can bail before the tower collapses.
Then again, you can be Monty Hall and still come out of the losing side in the office, so keep the resume up to date anyway.
I write software for clinical researchers. From the summary description, sounds like the company has software that is part of their clinical quality system which is not being tested/validated. If the description is correct and the software is actually part of the clinical therapy they're selling, they should have an external auditing agency take a look at it before the FDA does.
The first time one of their products is audited by the FDA, the warning letter they receive will communicate to management exactly what is lacking in their compliance with FDA cGMP. Unfortunately, everyone from regulatory compliance down to the lowliest coder who had something to do with the products in question will share in the group spanking (been there).
I'd be shocked if they didn't already have a relationship with an auditing company--unless they're the tiniest of startups. If they do, the submitter should look through their last audit summary and see if anything has gone unaddressed, and if the scope of the audit matches the submitter's idea of the actual quality system for the product(s) in question.
Here's a possible solution, but you may not like it, because it will involve quite a bit of work for you. Whether or not you do this will depend on how much you really care, and whether or not you view this as an opportunity to make an impact (which it is). I would write a point paper that discusses a comparison of doing nothing vs doing it the "right" way. Make sure you include information about best practices, increased efficiency, improved productivity, and most importantly, how it will save money. Executives really only think about one thing: money. You start throwing dollar signs around and people will pay attention. Show them how much money (real money, based on the company's actual revenue and operating costs) is spent on backtracing due to bad software development management. Then show them how much they need to invest to do it "right", along with how much more money they can save, etc, etc. Remember, everything becomes a "cost", whether its time spent by employees redoing work, faulty products returned due to bad software, along with lost opportunities because the software isn't good enough for your products to enter new markets. It's a lot of work, but armed with carefully crafted and accurate information, with a sharp recommendation, could get you noticed, might actually get the company to make the change, and you could end up a hero. If they refuse to listen, you have at least learned a ton in the process, and you have something tangible you can show to a new prospective employer about much you care about making a contribution.
There are better ways of doing that, such as persevering, practicing what you preach (good development standards and approach), being firm with management about the issue.
ilovegeorgebush
I've been in the same boat, and I feel your pain. Here are the things that helped me: 1. Adopt a methodology, if you're doing things ad-hoc you're going to pay for it long run. Check out "Heads First Object-Oriented Analysis and Design". Their ideas are perfect for the non-software company that writes software, and it's a fast/fun read. Even if you're not working with an OO toolkit, this is still an excellent approach. 2. Learn to make accurate estimates - this is *incredibly* important. If you're not used to doing this properly, I'd reccomend "Software Estimation - Demystifying the Black Art" by Steven McConnel. If you don't have the time to read that book, grab Construx estimate and learn to use that. It's free (there may be a fee for professional use, but you can learn with it first), and while a little quirky has a pretty effective system for developing a professional/fairly accurate estimate. 3. Grab "Wiley - AntiPatterns, Refactoring Software, Architectures, and Projects in Crisis". Not only is it an interesting read, but it offers some tried and true solutions for this kind of situation. 3. When scope creep attacks, ask your boss, "What don't you want me to do?" - This little question can quite clearly illustrate the cost of pushing features on developers. It's also the reason you need accurate time estimates based on specific feature sets, so you can back it up. 4. Remember that 9 women can't make a baby in 1 month. Don't let management throw more developers at a problem unless it makes sense. Having proper abstractions helps here. 5. Remember that you and the management have the same goal, and are really on the same team. Work with them, and help them understand what's possible. So, that's my $0.02. I hope it helps, and good luck!
There is a ton of advice here, and almost all of it is good. But it all comes down to two realities -- (1) the company feels like it does not have a problem and (2) you do. So fuck 'em. If you are right, you are working on the Titanic, and they will tie you to the bow as they approach the iceberg. If you are wrong, then they will eventually fire you for it.
You may like the people and the work environment, but if either of the two points above are true, then that will change. So, use your initiative to go work for a competitor and show them how to exploit weaknesses like those at your current job. Believe me, your current employer has absolutely NO loyalty to you. They deserve no more from you. It is easier to find a job when you have a job.
Fearless Change. A pattern book for how to introduce change in the workplace. Originally written for the software industry but having universal application its located in the business section
Your explanation of your product/service sounds like a medical device. Assuming that is true, your company is surely registered with the FDA and is audited by them every two years or so.
The comments in this list about federal law requiring a quality system *including software quality procedures* are correct. There is no way out of this and the company has a tiger asleep in engineering. The reason the omission has not surfaced is that FDA's budget has prevented them from auditing deeply enough - yet. They haven't been able to send auditors with enough software background to be able to detect the absence of the expected levels of software QA. They definitely have the qualified people, just not enough of them.
An additional reason could be that the product/service has not hurt anyone, or if so, the incident(s) have not been reported - which is another federal law incumbent on the manufacturer AND the hospital/clinic/doctor. FDA audits and warnings can come any time if enough of these reports stack up. Or if the docs send them in and the company does not.
Even if the code is really good and no medical problems have come up, that will not stop FDA from pulling your product off the market if they find you non-compliant with their regulations.
So the company has 'enjoyed' a prototyping phase. Once the management has read the FDA regulations on the personal liability of the company officers, they will probably want to get started with the formal software QA system right away. It doesn't have to be completed overnight. But when/if FDA look deeply enough into your company, you would want them to find records of your diligent work in building up the software QA procedures and practice in an ongoing and steady way. And doing the right things first.
Are you out of your mind? By going to the CEO with a quality problem, YOU are the one who is going to be fired when the flaws in the jury-rigged software cause a major problem in the company profits. You tell me that I'm paranoid and crazy. Well, sir, this is the way that American management works. You understand technology; they don't. They understand corporate politics, backstabbing, and manipulation of employees for their own gain. You don't. The fact that you went for a one-on-one with CEO proves this.
The only time that a mid-level technical employee goes for a one-on-one with the CEO is when you are setting up a fellow employee to get fired over a problem that you caused. It's a classic 'cover-your-ass and make someone else take the blame' type of situation. Which, if the situation really is what you say in your company, is not far in the future. By going to the CEO and discussing the situation, the CEO is going to assume that YOU caused it and are doing a preemptive bid to pass the blame on someone else. When the major problem does occur as a result of the unstructured software, the CEO is going to agree with all the other people in your group who are going to put the blame on you to save their own jobs. And you are the one who is going to be fired!
You should get another job in another company as quickly as possible. And, my friend, never go to management with a problem that has its underlying cause in someone's lack of management ability. It's corporate politics rule #1.
SLIDE A:
1) We create software.
2) Software is used in medical devices.
3) We forego QA and industry best practices for software development.
4) Something goes wrong.
5) We get sued AND we lose (to the five-nines sure).
6) Change #1 to "Update resume".
SLIDE B
1) We create software.
2) Software is used in medical devices.
3) We follow industry best practices for software development and have a solid QA program.
4) Something goes wrong (yes, it still happens).
5) We get sued.
6) Our controls and best practices are a reasonable defense.
I use irony whenever I can, but my shirts are still wrinkled...
Good advice. Mod parent up. From a technology perspective, a Version Control System, Test Driven Development, and Continuous Integration can go a long way towards improving quality. If the OP is in a MSFT shop, then you are most probably stuck with VSS or TFS. VSS is file based so it is not very good for distributed development. You will need to enhance VSS with SoS if you have remote developers. TFS doesn't have that problem and also has support for TDD's unit testing. If the OP is willing to use OSS, then there are plenty of good options available. There is plenty of good advice here as to OSS VCS. There are various unit testing frameworks for Java, .NET, Ruby, PHP, C++, you name it. Also, check out Cruise Control for Continuous Integration.
Technology alone cannot solve quality issues, however. Changes in methodology, process, and even corporate culture may also be needed. Take a look at my site for more advice on that.
One route to making people serious about IT processes is to relate it to relevant federal regulations.
For example, we've been doing work that will eventually involve us as a partner in upcoming clinical trials. There's a bunch of federal regulations about IT processes connected to clinical trials, and it has been easy to get management to accept that while our current processes can be as ad-hoc as we like, at some point having compliant processes will be essential to continuing the work we do, so we may as well get it right the first time rather than have to reimplement years worth of ad-hoc development somewhere down the track.
In my case, one trivial example has been being able to implement gpg signing of documents as a consequence of setting up the infrastructure to be able to be quickly compliant with 21 CFR 11, which we'd need to do if we're part of a clinical trial.
I work for a large biotech's regulatory department, and my job is to ensure we remain compliant with federal regulations vis a vis software development.
I want to underscore something that electroniceric touched upon: You work in a regulated industry, and your firm's practices are not compliant with federal regulations.
Your biotech firm's lack of SOPs and BPs on software development is in direct violation of the Code of Federal Regulations. If the FDA audits your firm and finds this lack of compliance to 21CFR820, then the FDA can issue a Warning Letter, which will absolutely have an adverse effect on the company. Warning letters always hurt the company's stock price; investors take WLs as a sign that the company is being mismanaged.
If your CEO doesn't want to believe this, then he or she shouldn't be in that position.
FYI, here's one example of a medical device company that received a warning letter from FDA for failure to properly document software development:
http://www.fda.gov/foi/warning_letters/s6752c.htm [fda.gov]
But Warning Letters aren't the worst thing that FDA can do. For failing to follow CFRs, FDA can determine that drug products (small and large molecule) or med devices are misbranded or adulterated and can demand the company recall said products. This will destroy a start-up or small company....
Good luck with this issue.
So whaddaya expect for nuttin'?
I agree with the previous commenters that it's important to have a solution or plan before raising the alarm. Having said that, once you raise the alarm and you're not being heard to your satisfication, there are several options available: * First, clear your mind of what you think you know about software development and what SHOULD be and try to see the situation from an open-minded perspective. Are the issues you're seeing really an indicator of poor quality or are they an indicator of a system that's different from what you know/like? As a quality/regulatory person myself, I've seen many unnecessary projects and alarm bells simply because of a lack of understanding/perspective on a given topic. I'm not saying that's the case with you, just that this is the kind of issue that's good to be absolutely clear with yourself about. * Once you're clear that there is in fact an issue, go to QA and request an internal audit on your software development/quality systems. If your QA team doesn't have a procedure by which you can request an audit, then you should find a QA partner who can work with you on this. It's good to have a QA partner anyway so building the bridge on this project won't be a waste of time regardless of the outcome. * If auditing isn't an option, or if you need ammo to sell the audit idea, another approach is to analyze deviation and/or CAPA trends on your software development process, as well as your validation process. For example, try to find out how many validation deviations are being generated when new/updated software is released from your development team. Working with QA, you could develop an estimated cost-per-deviation, which would be a huge pile of ammo for your management presentation. Also, pretty charts and graphs will help too. * Find other tangible evidence of the issue. Without specific examples it will be difficult to be clear about the problem and/or the solution(s). * If you find evidence and QA and/or management still won't listen, it's time to consider your options. You can either stay, knowing that a ticking time-bomb exists, or you should carefully plan and execute your exit from the company. My litmus test for working at a company is to regularly ask myself whether I'd give my company's medicine to a family-member [a family member I love :P ]. If the answer is no, I don't stick around. So far, I've only had to do that once in 10 years and it was absolutely the right choice. Good luck!