Like many people with a professional interest in software quality, John Robbins, co-founder of software consultancy and training company Wintellect, hopes the economic slowdown will have a silver lining. He argues that current efforts to minimise waste are encouraging businesses to build new applications more carefully than they might have in the past.

Robbins' role at Wintellect frequently puts him at the sharp end of software flaws - fixing vital systems that have malfunctioned or ground to a halt. This troubleshooting role has given him an in-depth knowledge of the source of software flaws which, he says, is all too often simply a case of "CFTL: code first, think later".

He says that familiar coding problems such as buffer overruns occur with numbing regularity. This is despite the fact that tools - like Compuware's BoundsChecker, which Robbins helped to develop - can easily eradicate them. "Visual C++ version 7 includes buffer-overflow prevention," he notes. "The trouble is, Microsoft did such a great job marketing its recent batch of tools as being for Web services purposes [that many companies] have stuck with older, more vulnerable tools because they think, 'Hey, we're not doing Microsoft dot-Net, so why bother upgrading?'"

The arrival of Web services provides a valuable chance to re-architect, Robbins says, but he cautions that Web services platforms like Microsoft's dot-Net should be regarded with healthy scepticism - particularly if Web services are to be used across business boundaries.

"Who has done the testing [of a Web service]?" Robbins asks. "Who assesses whether it is reliable, scalable and has the correct functionality? How do you know about the quality of testing in terms of code coverage?" He suggests that unless the user of a Web service takes steps to find out, the likelihood is that there will be no answers to these key questions.

For those firms that might offer Web services, even for internal use, Robbins sounds a similar note of caution. "Today, there are some clean languages so productivity is high. It's all too easy to add extra functions. But before you put that XML layer on top of your database, let's step back," he says. "[Badly planned] Web services could make DLL hell look like a walk in the park."

As most IT managers are all too aware, "DLL hell" arose when applications began to be implemented using shared libraries of functions, linked into the main program at run-time. Any changes made to these dynamic-link libraries (DLLs) by one program would affect others. Installing a new application could cause another unrelated program to malfunction.

Web services apply a similar model on a larger scale. Before altering a Web service, a provider should therefore evaluate the impact of the proposed change. That will rarely be a trivial task, so changes ought to be kept to an absolute minimum, Robbins argues. "[Web services] interfaces have to be designed to last at least five years - not three months," he says.

This situation puts great emphasis on software design, planning and testing. Unfortunately, Robbins says, few development teams are up to the task. "Most application developers are client-side focused [but] now they're going to develop services? Mission critical, server-side services?" he asks. "[Personally] I was surprised at how many bad assumptions I brought with me [from PC programming] when I started doing server-side work."

Better design and testing is the only solution, Robbins warns: "QA [the quality assurance function] has to become the equal of coding - and that means paying testers the same [as developers] or better." He also argues that the QA department must get involved throughout the software-creation cycle, not just at the end. "If they know the primary business functions, then they can make decisions about creating a strong test plan," he says.

"Too many businesses don't think enough about quality," Robbins summarises. "You should ask yourself: how does the quality of your internal systems compare with shrink-wrapped software?"

Have your say: reply to IT Week

ABOUT JOHN ROBBINS
John Robbins is a co-founder of software consultancy and training company Wintellect, and leads its debugging services unit.

He writes a regular column, called Bugslayer, for MSDN Magazine.

Before founding Wintellect, Robbins worked for development tool vendor NuMega, now part of Compuware, and also served in the US armed forces as a Green Beret.