Dean's company's codebase was a thicket of Amazonian Jungle- dense, tangled, and steamy. This was largely because there were no real standards for development. In an attempt to tame that wilderness, they organized a "governance committee" to be their machete. The committee established checkpoints for architecture reviews, design reviews, and code reviews. They maintained a list of standards, and told developers that new code should meet those standards.

After a few years in the company, Dean found himself on the committee. He looked forward to participating; even with the committee in place, there was a lot of bad code sneaking through that he ended up getting stuck maintaining. He was hoping for an opportunity to slap on a pith helmet and drive undiscovered species of bad code into extinction.

That optimism waned as the weeks ticked by. Most of the projects were very small. "Add a field to a page " here, "write a small data-pump that picks that record up and puts it down" over there, or the odd, "Just a front-end to a database table with no validations or business logic because it doesn't actually need any." There was little to say about projects like that, aside from a general, "WHY ARE YOU WRITING THIS?" to which the answer inevitably was, "the business asked for it."

Hank brought one of these simple applications to the first checkpoint, the archictecture review. "This is just going to be a simple web service," Hank explained. "It has one web method, which the customer will call to update their consumption of the material we sold them. That information is used by the Material Manager to do ordering and billing."

Pete, the committee chairman, asked, "So this is Internet facing, then?"

"Yes, it'll be going in the iTemplate domain," Hank said.

Dean stilfed a yawn and asked, "How are you going to secure it?"

There was a long pause while Hank tried to figure out what Dean was asking. "The XML proxy box, obviously."

Dean shook his head. "That box just scrubs and validates the incoming SOAP," Dean replied. "If this is Internet facing, what's to stop any random jerk from calling it and throwing off your billing data?"

"It'll be going over SSL…" Hank said.

"For authentication?"

"Well, we weren't going to use any authentication. We'd have to manage accounts for all of our customers, and that'd just be cumbersome."

Dean was stunned to silence, which Pete took as a cue to move the meeting forward. "And the customers were asking for this?"

"Well, no," Hank said. "We just thought it'd be a good thing to provide. As far as I know, no one is planning to use it yet."

The question and answer period continued a bit longer, and finally, Pete concluded with, "Well, great. You've passed the first checkpoint. We'll see you next week to review your component diagrams."

After the meeting room cleared out, Dean cornered Pete. "What? Did you just listen to the same thing I just did? This application is a horrible idea!"

Pete shrugged and continued disconnecting his laptop from the projector. "Look, you're new to this committee. We provide these checkpoints as a service to developers, but the server team will promote their code whether or not they actually passed the checkpoints. If we started kicking projects back to the drawing board because they didn't comply with standards, nobody'd come to these meetings anymore."

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!