Issue 2: When it comes to "improving performance", how should we start?
In the last issue , we obtained the understanding and opinions of two technical people on the concepts of "R&D effectiveness" and "DevSecOps". Both of them expressed that the definition of "R&D effectiveness" is to optimize the productivity and efficiency of the R&D team within the organization , to achieve more efficient delivery and better quality products. The point of difference is that "R&D efficiency" and "DevSecOps" have different emphasis on "security".
In this issue, we interviewed two other front-line technicians, deeply analyzed the questions about "R&D efficiency" and "DevSecOps", and talked about how the "efficiency improvement" work started.
Interviewee A: Manager Dong, the business technical director of a major Internet company
Interviewee B: Zhou Gong, a senior R&D engineer of a cloud manufacturer
The guests in the previous issue mentioned that "R&D efficiency" and "DevSecOps" have different emphasis on security. I would like to ask the two of you how their goals are different in the process of practicing "R&D efficiency" or "DevSecOps"?
A:
The goal of "R&D efficiency" is to improve the efficiency and quality of the software development process, so as to deliver high-quality software products faster, and ensure that the R&D system can always move towards higher efficiency, higher quality, higher reliability, and higher value. go ahead.
"DevSecOps" is a method of incorporating security into the software development process, emphasizing that security issues should be considered at every stage of software development, "DevSecOps" pays more attention to security, while R&D effectiveness pays more attention to efficiency and quality, which means In fact, it is necessary to determine the "security weight" according to the nature of the enterprise or business requirements. The essence of "DevSecOps" is to improve our efficiency.
B:
"R&D effectiveness" and "DevSecOps" have a high degree of consistency in their goals, and in practice, there are many similarities in the metrics of the two. When chatting with everyone, I found that many people think that "security" will affect the improvement of R&D efficiency. I agree with what Manager Dong said just now. to decide. If the business requires high security, in addition to the necessary security testing in the R&D process, security work such as reinforcement, security audit, and runtime security testing may also be required. On this basis, "DevSecOps" continuously optimizes Tools, processes, and organization to ensure performance improvement.
Q: Now many companies or teams are beginning to pay attention to "R&D efficiency". When they realize that efficiency needs to be improved, how do they start? What about security work?
A:
I think the key to improving "R&D effectiveness" is to establish an efficient team and process.
First of all, we need to evaluate the current R&D process and find out the bottlenecks and problems. We can take some measures to improve the process, such as: introducing agile development methods, optimizing the code review process, and strengthening team collaboration.
In addition, we can also invest more resources to improve R&D efficiency, such as increasing R&D personnel, improving the quality of existing developers, and providing automation tools that are more suitable for the process.
In terms of security, I think we should first establish a security training plan. Improving the security awareness of R&D personnel is an important task, and then select appropriate security tools in each link of the process, including: missing scanning tools, white box testing tools, gray boxes Testing tools, as well as open source governance SCA tools, etc., are integrated with the defect platform or R&D platform to speed up defect feedback and repair, and ensure a more timely response to defect issues.
Improving "R&D efficiency" requires overall consideration and refinement of execution details, using clear metrics to drive efficiency improvement, and continuous optimization and improvement.
B:
There are many practical methods to improve "R&D efficiency". The way to start the practice is similar to what A said above. Let me add.
The first point is to evaluate the existing R&D process, including process analysis, process data analysis, personnel capability evaluation, tool performance evaluation, code quality management, development cycle management, etc. These are places where there are major problems.
The second point is that the pursuit of automation and tooling is an effective means to improve performance, which can include automated testing, automated construction and deployment, and automated code review. However, judging from the current tool capabilities, it is difficult to use tools to replace requirements analysis, architecture design, and risk assessment.
The third point is to set up measurement indicators, set clear goals and measurement indicators, monitor R&D efficiency and quality, and adjust and improve in time.
As for security work, I think its core idea is a defense-in-depth strategy with "people, technology, and operations" as its elements.
**"Human" is the first element and the most vulnerable element,** so this is also one of the reasons for the pursuit of automation and instrumentation in all links. Take measures such as safety awareness and technical training, technical management, and operation management for people to reduce human safety factors.
**"Technology" is an important means to achieve R&D security, including introducing various security tools, applying new security technologies, and establishing a security platform more suitable for the R&D process, etc.
**"Operation" is the process of connecting goals and technologies together. **In the process, strengthen risk assessment, safety inspection, process monitoring, safety audit, operation monitoring, response recovery, etc., and do process reminders and quality before going online Card point, automatic and systematic completion of a series of inspection and confirmation work before the product is put into production.
In this issue we discuss the goals of "R&D Effectiveness" and "DevSecOps" and how we can start "improving effectiveness". The views of the two technicians on this topic are quite consistent.
For both "R&D efficiency" and "DevSecOps", the practical goal is to "improve efficiency", but due to the nature or requirements of the business, the weight of "security" is different.
As for how to start improving "R&D efficiency", both of them gave four key points:
- Assess existing processes
- Introducing automated tools
- Build Metrics
- keep improve
Do you have any unique insights on this?
Welcome to leave a message in the WeChat article.
We will "select the message" and send you a customized gift.