Audit Your Rails Development Team 10
Several months ago, a few of your colleagues decided to join forces with you as you had come up with a concept for an innovative web application, shared the ideas with your friends and relatives, and began developing a business plan. After a few months of performing some initial market research, working on your pitch, and raising some initial funding, you decided to bootstrap the project and start designing and developing the product.
During your research phase, you came across several articles about this exciting new technology called, Ruby on Rails. You were impressed with many of the sites that were being developed on this new framework as well as the community that surrounded it. Your team decided that it would be a great idea to follow this trend and use Rails as the platform for your new product.
At this point, you began soliciting freelance developers and/or firms to hire for the design and implementation of your project. Eventually, you make a decision and break ground on building the product.
Let’s jump forward to the present day.
You’ve been in heavy development for quite some time. Your product has gone through a series of design changes and you’ve recently begun to allow other people to begin testing the application. You’re receiving a lot of bug reports as people use the system. Your development team quickly fixes them as they appear, but you’re noticing a trend in the development process.
The speed of implementing new features is drastically slowing down as your development team is spending most of their time fixing bugs. Along with that, they are becoming frustrated by the project because they can’t keep up with your new feature requests while trying to keep up with your growing number of bug reports. You’re becoming concerned about the stability of the product and are slightly suspicious that your developer(s) might not be as good as they suggested they were.
Did you hire a bad development team? Chances are, you may not be able to tell. You’re not a developer, so reviewing their code would almost be a waste of time. How would you know if they were doing a good or bad job? Your developers reassure you that things are going to work out in the end, but it’s going to take longer then originally planned. Along with this, your partners and investors are anxiously waiting for you to launch the product, but something feels wrong. You’re worried that launching it too soon could be the quick death of the entire project if it all comes to a screeching halt due to unforeseen bugs and problems with the application. This wasn’t how you pictured the launch of your exciting new product and you feel a lack of confidence in the entire process.
What can you do?
Before I get into that, let’s discuss some of the possible causes for this situation.
- Your development team may have grossly underestimated this project.
- You might have pushed too many features into the initial release of the product and your development team might not have done a good job of helping you determine what you need, not just what you want.
- Your development team might not emphasize testing enough in their process.
- Your development team may have begun to take a lot of short cuts in an effort to hit your launch date(s)
- Perhaps you asked for quick turnarounds on new features before an investor meeting… maybe this happened on several occasions.
- Your development team might not be very good with Ruby on Rails, maybe this was their first Rails project.
- ...and so on.
At this point, the big question is… what’s the problem?
Can you answer this question yourself? Can your development team answer it? If not, what do you do? How can you get an accurate understanding of how stable the code base of your application is?
Answer: An independent code audit and review
Why is this a good idea? Well, when you have an independent team review your code, you get the benefit of having a fresh perspective.. and often times, an independent team can be much more critical and provide an honest assessment in a very short period of time. This is especially true if they have a lot of experience with the technology. For example, PLANET ARGON has been conducting code audits on existing projects for over two years. We’ve designed a process for checking existing code bases for mistakes that we’ve either made ourselves in the past or found in other projects that we’ve reviewed.
In fact, our process currently walks us through the following areas of your Rails application.
- Security of the application
- Privacy of users’ personal data
- Adherence to the conventions of the Ruby on Rails framework
- Scalability of the application
- Performance of the application and data model
- Testing framework and process
- User interaction (when applicable)
- Information Architecture
- Model-View-Controller (MVC) implementation and organization
Not only does this process provide you with our analysis, but we also provide you with our advice as to where your development team should focus their attention next. If your team is lacking experience in the areas that we recommend they focus on, we’re also here to help them through this with our consulting services. We’re currently assisting several Rails development teams with their testing process, refactoring, user interaction design, optimizing their site, improving their deployment strategy, and plan the implementation of new features.
In general, most freelancers and firms could/should provide you this service, but it should not be performed by your existing development team. They have a bias towards their process and this is your chance to get a second (or third) opinion on the work that you’ve been paying them for. If you’re spending several tens/hundreds of thousands of dollars into this product, an independent review of your investment should be something to seriously consider.
There are several different scenarios that could lead you to deciding to have an independent firm perform a code audit. In fact, I’d encourage you to always get an outside perspective of your team’s work.
To learn more about the Code Audit and Review process that we provide, call us at +1 877 55 ARGON or contact us online.
Enjoying the content? Be sure to subscribe to my RSS feed.
There’s something I like about this idea but first the provocative question needs to be asked:
This could easily head down the slippery slope of certification and perhaps an unintended consequence of certification is to keep power concentrated by the people who do the certification.
Who watches the watchman?
In other words, who has audited the code of Planet Argon?
Agreed – whats the most secure/scalable/MVC adhering Planet Argon public site?
Tim,
Excellent points.
This is a very good question and was something that we’ve been discussing internally. For some of our current projects, we’d definitely recommend that the client have someone else perform something like we’re offering. I think it’s good advice for any project and it should be a decision that the client makes. What we don’t want to see is development firms making friends with other development firms and patting each other on the back through good audits. This wouldn’t be fair to the client. If there are other people doing this, I’d love to speak with you so that we’d have some clients to refer to you, should they be interested in a process like this.
In regards to the slippery slope of certification, we’re definitely not looking at that as an option in the near future. We’re just trying to let people know that there are options when you’re having issues with your existing development team.
As a freelance developer, I tend to work alone and always wonder if I could be doing an even better job. Having another person or team look over my shoulders and give me some honest critique wouldn’t just be valuable for my clients, but also myself. I want to be a better developer and there aren’t a lot of people near where I live that can mentor me in this way. Outsourcing this to another firm isn’t something that I had thought of before and now that I know this is an option, I will definitely be considering it in the future.
Wow. It pains me to admit that the scenario that you’ve described sounds a lot like what I’m currently experiencing. I’ve contracted a developer to build a project that he said would take two months to complete. It’s now been four months and I’ve begun to wonder if I made a mistake in hiring him. He’s the only one that has worked on this project and I’ve invested a lot of money into his work. I’ve heard that it’s easy to move a project from one developer to another, but wonder if doing something like this would allow me to make an educated decision rather than my gut instinct that something isn’t right. It’d be a huge financial setback to seek out a new developer or team at this stage of the project. I have a few questions about your code audits. I also really like working with the developer but liking him as a person doesn’t guarantee me that a good product is being developed.
What is the turnaround for this service? How much do you charge?
Does your team fix problems as they are discovered?
@Richard
While most of the clients that we’ve done this for have been the people paying to have the software built, it has also been a good way to help the developers. Several of our clients actually have full-time developers (on payroll) and aren’t unhappy with them. They just wanted their developers to have someone provide an outside opinion so that it’d help them focus their attention on improving their application. If you’ve ever read Refactoring by Martin Fowler… you might recall a period where you felt really motivated to improve the design of your existing code. We’ve had people tell us that our analysis helps motivate them, which is great to hear. Much of the projects that we’ve reviewed have been missing a substantial amount of test coverage. Often times, people have come from other languages and never picked up on the TDD process and are still able to produce quality applications. When they’ve tried to pick up on it… they didn’t know if they were doing it right. So, we’ve been able to consult these teams as they’ve learned to adopt them… and it all started around a discussion about their lack of a healthy testing process in their current development cycle.
@frustrated client:
It’s because I’ve had the opportunity to speak with many people that have had a similar story. There are other scenarios, but this one seems to come up more often than I’d like to admit.
It depends on our availability and on how large your application is (in lines of code). If you fill out our contact form, we’ll be happy to send you over some documentation about our process, which also explains how we can provide you a cost estimate for this. In general, we can turn around an initial code audit/review on an average size Rails application in about one business week.
In any event, good luck with your project!
@robby – I think this is an excellent idea; and congrats on posting about it and offering the service first (afaik)
@tim – rails certification will happen the moment one person puts up a website claiming “Are your developers Rails Certified? Get your certification here”. Certification is like insurance – its hard to know what its worth, but ppl like to buy it. That is, its a business opportunity waiting to happen.
Robby the part I like about this idea is along the lines of Richard’s comment. I’m a freelancer as well, and would like a way to either improve my practices or show that my code is of a certain quality. A different way to consider this is that the such an audit might not just be sought by clients of other developers but by the developers themselves.
I think what you are doing has value and I’ve been anticipating that someone in the rails community would step up and do this, hence the question I posed because I’ve thought about that thorny issue too. I have a feeling Planet Argon is making the first step in a direction that has been building, Peer review has the potential to be positive for the entire community, provided that it’s shepherded properly and with care.
Pete McBreen’s book Software Craftsmanship asserts that
Doing a peer review is slightly different than your client audit service describe aboved. What do you think about it?
@tim/richard
This is probably preaching to the choir, but if its not already on your feed reader you should check out: http://therailsway.com/
@Robby:
Though I haven’t mentioned it on my blog (mental note to do so), I do offer this service as well, and have had simliar experiences to you in the value of this service to my clients. If you’d like to have me do some reviews for your team, feel free to get in touch.
@Richard:
I also offer mentoring and one-on-one training to developers, so get your Rails training here. :)