Building and shipping software at Microsoft

I gave a presentation to our MVPs on how the
Exchange team builds software yesterday. Assuming the participants aren't just stroking
my ego, it went pretty well. Often customers are surprised why their pet DCR isn't
implemented in the same release as when they request it; I think there's a perception
that A) there's a lot of time in the release cycle to write new code and B) the smaller
a change is, the less risky it is ("It's just changing one default setting!")

In the development cycle, a relatively small portion
of that time is spent writing new code - the majority is spent refining that code,
making sure it interops with other new and existing code, finding bugs, fixing bugs,
finding bugs, fixing bugs... etc. For example, you might have a 6 month milestone,
and only 6 weeks of that milestone is spent writing new code. Similar to many other
industries, there are three main variables in
software development: Features, Quality and Time. F+Q=T.. and you can only control
two of them. If you add features and maintain the same level of quality, it's going
to take more time. If you add features and maintain the same ship date, the quality
will suffer.

During the presentation, I parroted a line I found
on Joel
Spolsky's site
last week: "If we add 8 more
women to the project, can we have the baby in 1 month?". It's a more vivid way of
representing the "too many cooks" aphorism and how it also applies to software
development. The mythical man month and all that. Every time you add a developer,
you add code... and that adds risk. Whether or not that risk is acceptable depends
on many things:

- The skill of the developer as well as the other developer(s) performing code reviews

The nature of the change being made and how many code  
paths it affects - or if it affects a code path that's run through many many times  
in normal operation  
  • The testing necessary to ensure that the change is
    a valid one and didn't introduce any regressions
  • The time necessary to perform those tests - and not
    only for this change, but if new tests need to be introduced, they will need to be
    run several more times through the testing process before the product is finished
  • The phase of the software project you're in - it's
    much easier to make changes in the beginning when you know you have more time to test
    them and ferret out any problems

Plus there's not just risk, but the additional
work that needs to happen after the fix is made - new tests may need to be written
and manually run/automated repeatedly, string changes may cause re-localization (for
Exchange server-side UI, that's 9 server languages - but for Outlook Web Access that's
over 25 UI languages and a different person may be in charge of localizing
that string for each different language), re-deploying a build in a massive lab environment
in order to get scalability coverage on the fix, etc.

There's also some perception that there is such a thing
as a "minor change". "It's just a string change, why couldn't you just add it?" I
am reminded of a fix we did in the Exchange 2000 SP1 timeframe; we were checking for
a condition, and added a string to Outlook Web Access if that condition was true.
It happened late in the cycle but we thought it was a low risk change, and it was
an important scenario that we wanted to address before releasing SP1. We tested it
and checked it in, but shortly thereafter a tester uncovered a regression caused by
that seemingly minor fix - if that condition was true and another separate condition
was also true, we ended up duplicating a different string in the UI, which
was really ugly for the end user.

Even "minor" changes, if there are such a thing, have
risk. From time to time, we'll get a bug that can be fixed by a one character change
- but that one character could be really important... : -)