In a modern world, continuous integration (CI) is part of the game, so standalone metrics just don’t cut it anymore. The end user isn’t going to bother with errors discovered, the code lines that were written, or the scripts that were executed.
Metrics in software development are designed to be a means to answer specific business questions. As a result, it’s not really straightforward and requires a lot of forethought.
Changing the way you approach metrics can have a significant impact on how you measure your software team performance. But finding meaning and improving business value will depend on how you choose to use these metrics.
Check out a related article:
The correct approach will be relative to the project and your company. But it’s an important component to software development and keeping track of the following metrics on an ongoing basis can help you improve processes to enhance team performance.
So what are the most important software metrics to consider?
1. The Number of Commitments to User Stories
First of all, you have to figure out if the company is on the right track. Are you building what the end user wants? Do the different user stories match the buyer profiles?
By matching buyer profiles and user stories, you can focus on the direction of the agile development process. While product iterations won’t ever really come to an end, there must be a direction to maintain productivity.
There’s a danger in not matching user stories to buyer personas as you can complicate the development process by committing yourself to too many user stories. So it’s important to maintain a concise vision before throwing a lot of money and manpower into development.
2. Agile Process Metrics
Lean and agile processes have some basic metrics such as:
- Lead time (the time it takes to go from idea to delivery)
- Cycle time (the time it takes to make changes and then deliver that change)
- Team velocity (the number of units of software typically completed by a team in one iteration)
- Open/close rates (the number of product issues reported and closed within a particular period of time)
These metrics don’t measure success and have nothing to do with the quality of the product. But they will help you gain important insights about the processes and make informed decisions on how to improve them.
3. Source-Code Metrics
These days, we can easily plug a source code scanner into the build pipeline and get a whole bunch of objective metrics. These will be suggested ranges, empirical averages, and logical arguments in relation to the importance of these metrics.
In reality, these tools will be best put to use in enforcing code styles, identifying outliers and trends, and flagging certain anti-patterns. So don’t get too caught up in the numbers!
The best way to handle this is to have the team agree to a level of rules and compliance to which their code will be subjected to. This can also help the team avoid repeating anti-patterns in the code.
4. Product Metrics
Product metrics can be broken down as follows:
- Mean time to recover/repair (MTTR)
- Mean time between failures (MTBF)
- Application crash rate
These three metrics won’t tell you anything about individual users or features that were affected, but the smaller these numbers are, the better. Although it’s impossible for your software to never fail or lose critical data, it’s something we have to always strive for.
5. Security Metrics
In software development teams, security is often an afterthought. But it doesn’t have to be and shouldn’t be this way! There are many tools that can be utilized to analyze security during the development process.
If needed, there are also more stress test tools and specialized evaluations. Although security requirements are usually obvious, it does require the development team to be mindful of them.
For agile development, the security MTTR (mean time to repair) must be tracked over certain time intervals. If the value of MTTR diminishes over time, then you know that the developers are becoming more effective in their understating of security issues (and how to resolve them).
Endpoint incidents should also be measured (keeping that number low is in itself a great achievement!). This means that you have to figure out how many endpoints like workstations and mobile devices have been infected by viruses over a particular period of time.
For both metrics, if the numbers go down over time, the team is moving in the right direction. As MTTR values become smaller, developers can also become more confident about software security.
To get the most out of all the metrics listed above, you have to use them all together to get the most value. Automating this whole processes is the best approach as you can free up some time to focus on the task at hand.