If software composition analysis is the key ingredient in your application development recipe, coding standards will make it rise. When baked into every step of the agile development process, they give you a leg up on functionality, testing and — perhaps most importantly — security. With too many companies now skipping the standards and trying purely for speed, it's worth revisiting why code standards still matter.
Why Standardize?
Veracode's software analysis solution can catch most of the problems "left behind" in code, or issues that stem from the use of third-party software. And while you can't control any code you don't program yourself, the dependence on third-party work — 90 percent of most applications are now a mix of open-source and in-house code — has led to a certain laxity when it comes to internal standards. The thinking goes like this: Since advanced, real-time detection and correction methods exist, why bother with coding standards at all?
However, according to Tim Ottinger and Jeff Langr — the brains behind Agile in a Flash, a blog and flash-card-based training tool — code standards are a necessary part of any agile strategy. As defined by their "Collective Code Ownership" card, the biggest benefit to standardization is the ability to work on any part of an application or system without having to relearn the rules. When everyone sets tabs the same way, uses the same number of spaces and follows the same comment procedure, developers are able to simply work rather than trying to figure out why things don't look the same and how they need to adjust.
As noted in a recent Dr. Dobb's piece, however, this kind of standardization is still sorely lacking in most agile methodology. Ideally, agile should focus on "the small": the bits and pieces of a whole application that can be tested, examined and redefined. Standardization makes this process cohesive rather than fragmented.
Big Benefits, Clear Warnings
Standardization can pay off in a big way. For example, PYMNTS.com points out that the future of mobile payments must focus less on payments themselves and more on the surrounding customer experience. To make this a reality, mobile giants such as Apple and Google need to develop coding standards that make it possible to use a variety of devices at the same point-of-sale (POS) terminal. In other words, standardization breeds collaboration— which in turn improves application delivery.
Companies with weak code standards may have their apps sidelined. According to FierceGovernmentIT, the Inspector General for the Commerce Department found that two US Patent and Trademark Office IT initiatives "need improvement," in part because they didn't effectively use agile development methods. Specifically, the Patents End-to-End and Trademarks Next Generation systems require more performance testing, an increased use of security controls earlier in development and better compliance with coding standards.
In the Oven
Bottom line: Code standards must be established before a single line is written. If possible, keep the same standards for future projects to make it that much easier to reuse code without compromising security. Absolutely invest in software composition analysis and cloud-based programmatic testing, but don't expect them to fix sloppy work. While these solutions can quickly identify security issues, standards that are baked into your agile development process make it easy to remediate these issues and get a project back on track.
Want agile development that doesn't fall flat? Start with solid coding standards, then add software analysis and rigorous testing to ensure your apps can take the heat.