Monday, July 28, 2008

What have CMMI and SOX solved for us?

Nothing. I don't see any drop in bugs, nor any substantial "quality" improvement in software that can be directly attributed to CMMI. Not even to SOA or SDLC crap. That's all MBA stuff. Good code writing is good code writing. It's 50/50 artistry and technical skill, mixed in a smooth blender with crushed ice and a cup of tequilla. Trying to stuff that into a box with warning labels and procedures on the outside hasn't done squat to improve things. The code has improved by learning what works and what doesn't. Sorry, a rant sparked from someone trying to defend CMMI and SDLC as making for better products. I don't buy it. It's snake oil peddled by consulting firms to big corporations to spend gobs of money chasing forever.

2 comments:

John Maher said...

It's interesting that you haven't found real value anywhere from CMMI. I have a client that's been working on CMMI for several years. When they started, it was because they had come off a year of madness: huge overruns, screaming customers, "fly and fix" cycles after delivery, and a host of other typical results.

Since they started using CMMI, they no longer deliver any major defects, but catch them in the test cycle (those that escape peer reviews). They have control over their schedules, and have minimized controllable schedule overruns. They have been able to get clear control over their requirements engineering activities, and on the whole they produce better, more defect-free software and systems.

Not all is perfect. Management still yells. But now it's not, "Why are you shipping all the defects?", but "Why are you finding all these defects in test? Can't you find them earlier?" So the world is never perfect, only better.

By the way, they have data to back this up.

So now you have at least one example of real value. There are others, but this only a fly-by comment.

skatterbrainz said...

I have no problem with the basic goals of CMMI, nor with SOX or ISO. It's just that at most companies they become full-time jobs and grow into departments and become huge cash cows. The money that's supposedly saved from increased efficiency is overcome with bloated waste from spending elsewhere (training, certifications, audits, software tools, servers, maintenance, subscriptions, more training, more audits, custom apps to monitor and report on the other apps, etc.) Most of what is being aimed for is common sense: document what you do and follow it. It always grows into a bureaucracy.

I'm sure there are examples such as yours that prove beneficial. However, in the majority of cases they appear to be helping only because nobody dares to really inspect what the costs are of maintaining the added layers of administration. Not to mention the politics that go with them.