Blog Post

When you have something to say, silence is a lie - and tyranny feeds on lies.

Introduction

Developing high-quality software requires much more than just technical implementation – it demands structured processes, good communication, and an understanding of the interplay between various roles. Often, problems arise in the initial steps, whether due to imprecise design specifications or insufficient review processes. These mistakes propagate through the entire development chain and can severely impact the quality of the final product. In this article, I will explore the challenges and solutions throughout the entire development process – from design to code development to the CI/CD pipeline and security aspects.

 

The Root of the Problem: Lack of Feedback Process Between Design and Development

A common starting point for errors in software development lies in the design specifications. A typical example is precise floating-point values, such as 2.3453 for pixels, which appear in designs but make no sense in development. The problem is not just technical – it is a process issue. Often, there is a lack of a review process at the design level, leading to illogical values being carried into development.

Rather than critically questioning such values, developers often implement designs 1:1 without considering their technical feasibility. When a developer recognizes these discrepancies, the error is often quietly fixed without providing feedback to the design team. This leads to two problems:

1.Design errors are repeated: Since designers receive no feedback, they reproduce the same illogical values in future projects.

2.Knowledge silos are created: Developers silently correct design errors without documenting them or sharing them with the entire team.

 

Clear Roles and Responsibilities: The Key to Avoiding Mistakes

A core issue in many development processes is the lack of communication and coordination among the various roles. It is not enough for everyone to just fulfill their direct tasks. To ensure quality and efficiency, clear roles and responsibilities must be defined:

-Product Owners should ensure that the designs are technically feasible and have been reviewed by developers before implementation.

-Designers should develop a fundamental technical understanding so that their designs can be realistically implemented.

-Developers should not simply implement blindly but actively question design specifications and provide constructive feedback to the design team.

 

This is also the difference between a lead developer and a senior developer: The lead developer takes responsibility, questions processes, and ensures continuous improvements. Without clear responsibilities, however, everyone remains trapped in their roles, and feedback loops that could prevent errors early on are interrupted.
 

The Right Review Process: Ensuring Code Quality
 

Another frequent issue is how code reviews are conducted. In many cases, the code of an inexperienced developer is reviewed by a colleague at the same experience level, leading to a situation where "the uninformed reviews the uninformed." This increases the risk of errors being overlooked and inconsistent coding standards pervading the entire project.
 

Possible Solutions:

1.Senior developers as reviewers: Code reviews should fundamentally be conducted by experienced developers. They can not only identify errors but also make improvement suggestions that make the code more robust and future-proof.

2.Code guidelines and checklists: A unified code guideline or code convention can serve as a basis for all reviews. This creates clear standards and reduces the room for interpretation, especially for less experienced developers.

3.Pair programming: Two developers work together on the code and review each other in real time. This not only prevents errors but also promotes knowledge exchange.

 

Agile Processes and Collaboration

The introduction of agile methods like Scrum or Kanban can help speed up feedback processes and promote communication between design and development. Regular sprint reviews, daily stand-ups, and retrospectives provide opportunities to identify potential problems early and address them immediately. These meetings create transparency and ensure that all team members are on the same page.

 

CI/CD Pipelines: More Than Just Tests and Builds

CI/CD pipelines play a crucial role in quality assurance in software development. However, the focus here is often only on builds and unit tests, while important aspects like security are neglected. A holistic approach to the CI/CD pipeline encompasses much more than that.

 

A Holistic Security Approach:

Many companies implement only a tool for security checks in their CI pipeline and believe that this covers the aspect of security. In reality, a holistic security approach is necessary, which considers security aspects at every step of software development. An example from my practice illustrates this:

I was asked by a client to improve security checks in their CI pipeline. However, the client focused exclusively on the implementation of a single security tool mandated by an OEM. Instead, I proposed a comprehensive approach that included threat modeling, risk assessments, pre-commit and pre-push hooks, and additional security tests. Unfortunately, this approach was not implemented due to a lack of insight and a narrow focus on the OEM process.

 Best Practices for a Secure CI/CD Pipeline:

-Automated security checks: Tools like SonarQube or MobSF should be integrated into the CI pipeline to continuously identify vulnerabilities in the code.

-Pre-commit hooks: These perform automatic checks before every commit, such as linting or formatting checks.

-Penetration testing: Manual penetration tests provide additional protection by uncovering vulnerabilities that automated tools may not catch.

 

Human and Cultural Aspects: Feedback as the Core of Quality

An often-neglected but crucial aspect is team culture. Only when developers are willing to proactively give and receive feedback can the process become truly effective. Open communication and a constructive feedback culture must be fostered so that design and development teams do not work side by side but support each other. This applies not only within the teams but also across design, development, and quality assurance.

 

Conclusion: Processes, Tools, and Culture as Success Factors

The challenges in software development often begin at the design stage and carry through the entire development chain. By establishing clear roles, targeted feedback loops, and a structured review process, many of these issues can be addressed early. The introduction of a comprehensive CI/CD pipeline that integrates security checks and quality assessments ensures that not only functionality but also the security and robustness of the software are guaranteed.

However, it takes more than just technical solutions: An open and constructive team culture, where feedback is seen as an opportunity rather than criticism, is crucial. Only in this way can it be ensured that every process step contributes to the quality of the final product and that errors are not just silently corrected but sustainably resolved.

 

Recommendations:

1. Establish clear roles and feedback processes between design and development.

2. Conduct code reviews by experienced developers and implement unified code guidelines.

3. Integrate comprehensive security checks into the CI/CD pipeline and think of a holistic security approach.

4. Promote an open feedback culture to improve communication and collaboration within the team.

With these measures, companies can sustainably improve the quality and security of their software.