Information Security
practices should be baked in software development process. It should be easy for developers to “do the right thing”. When info-sec becomes a separate process it will most likely be performed at the end of software delivery cycle when it is expensive and painful to improve security.
Lean Management Practices
Lean management practices improve software delivery performance but only when they are combined together.
- Limit work in progress
- Use visual management (KABAN, Storybooks)
- Acting on feedback from production monitoring tools
- Lightweight change approvals
Lightweight Change Management
Change management improves performance only when performed within the team in form of peer reviews.
- Approvals from external body or change approval boards significantly decrease the lead time, deployment frequency and increase restore time. There was no correlation found between CABs and change fail rate.
- Approvals for high risk changes only were proved to not correlate with performance
- Peer reviews proved to be the only approval mechanism that improves performance as long as done by team members. Peer review satisfies separation of duties often required by auditors and certifications.
- No approvals performed similarly as peer-reviews