Lean Software Development

An Agile software development methodology that emphasizes eliminating waste, building quality in, creating knowledge, deferring commitment, delivering fast, respecting people, and optimizing the whole.

Practices Employed

• Analysis: Lean uses value stream mapping to analyze the flow of materials and information, identifying areas of waste. Referred to as:
  • Value Stream Mapping
• Automated Testing: Lean ensures that quality is built into the product from the beginning. Referred to as:
  • Build Quality In
• Automation: Lean uses automation to eliminate waste and improve efficiency, especially in testing and deployment processes. Referred to as:
  • Pull Systems
  • Automation
• Change Management: Lean emphasizes managing changes effectively to ensure continuous improvement and adaptability.
• Coding: Lean practices emphasize building quality in throughout the coding process to prevent defects. Referred to as:
  • Build Quality In
• Configuration Management: Lean ensures consistency and quality across different environments through configuration management.
• Debugging: Lean uses techniques like the 'Five Whys' to identify the root cause of defects and address them effectively. Referred to as:
  • Root Cause Analysis
• Design: Lean uses set-based concurrent engineering to explore multiple design options and narrow down to the best solution. Referred to as:
  • Set-Based Concurrent Engineering
• Estimating: Lean focuses on working in small, manageable batches to reduce cycle time and increase feedback, aiding in more accurate estimation. Referred to as:
  • Small Batch Sizes
• Integration Testing: Lean builds quality in, and integration testing is part of ensuring quality from the beginning. Referred to as:
  • Build Quality In
• Measurement: Lean uses empirical data to understand and improve the development process. Referred to as:
  • Empirical Process Control
• Monitoring: Lean implements pull systems where work is pulled based on demand, ensuring that no work is done until it is needed. Referred to as:
  • Pull Systems
• Pair Programming: Lean encourages collaboration through cross-functional teams. Referred to as:
  • Cross-Functional Teams
• Performance Testing: Lean ensures that performance is built into the product from the beginning. Referred to as:
  • Build Quality In
• Prioritising: Lean uses Kanban to prioritize and manage work. Referred to as:
  • Kanban
• Prototyping: Lean uses set-based concurrent engineering to explore multiple options and narrow down to the best solution. Referred to as:
  • Set-Based Concurrent Engineering
• Release: Lean focuses on delivering value to the customer as quickly as possible. Referred to as:
  • Deliver Fast
• Retrospectives: Lean regularly reflects on and improves the development process through continuous improvement and Kaizen. Referred to as:
  • Continuous Improvement
  • Kaizen
• Security Testing: Lean ensures that security is built into the product from the beginning. Referred to as:
  • Build Quality In
• Stakeholder Management: Lean emphasizes respecting people and engaging stakeholders. Referred to as:
  • Respect People

Addresses / Mitigates

Risk	Practices
Agency Risk	Estimating: Helps in planning and managing staff usage effectively. Monitoring: Monitoring the behaviour of agents, whether people or processes, helps identify when behaviour becomes counter-productive. Security Testing: Make sure that agents don't exercise unwarranted control over resources. Stakeholder Management: Aligns the goals and expectations of various stakeholders, reducing conflicts.
Communication Risk	Analysis: Facilitates clear communication of requirements and expectations among stakeholders. Design: Provides a clear structure and organization, making the system easier to understand and use. Prototyping: Facilitates clear communication of concepts and requirements. Stakeholder Management: Facilitates clear and consistent communication between stakeholders.
Complexity Risk	Automated Testing: Aids in refactoring by ensuring that functionality survives the change. Configuration Management: Reduces complexity by managing system changes in a controlled and documented manner.
Coordination Risk	Change Management: Specifically addresses coordinating change in a structured way. Pair Programming: Enhances collaboration and coordination between developers. Retrospectives: Identifies and addresses historic coordination issues through regular reviews. Stakeholder Management: Allows stakeholders to coordinate on their demands.
Deadline Risk	Estimating: Provides realistic timelines helps hit important deadlines. Prioritising: In order to hit a deadline, you can de-prioritise less important work.
Feature Fit Risk	Analysis: Analysis can help ensure technical solutions fit the problems they're designed for. Coding: Build or improve some features which our clients will find useful. Measurement: Helps in understanding the use of the system. Performance Testing: Identifies performance bottlenecks that could affect usefulness. Prototyping: Allows early validation of features and design with stakeholders. Release: Putting new features in the hands of users can make your product fit their needs better. Retrospectives: Captures feedback and adjusts features to meet evolving needs.
Funding Risk	Estimating: Accurate estimation helps in securing and managing funding. Prioritising: Allocates resources efficiently to high-impact areas. Release: Delivering features might mean you get paid for the software you write.
Implementation Risk	Analysis: Ensures that requirements and specifications are clearly understood before development begins. Automated Testing: Ensures that individual components work correctly and detects regressions early in the development cycle. Change Management: Avoid bugs from creeping into the system. Configuration Management: Establishes and maintains consistency in the software product's performance and attributes. Debugging: Identifies and fixes defects in the software. Design: Guides the development process, ensuring that the system meets requirements and design specifications. Integration Testing: Validates that the implementation meets requirements and detects regressions early in the integration phase. Measurement: Identifies areas of improvement in the implementation process. Pair Programming: More eyeballs means fewer bugs and a better implementation Prototyping: Helps identify potential issues before full-scale development.
Internal Model Risk	Analysis: Analysis is the process of doing work to build a better Internal Model. Pair Programming: Facilitates knowledge sharing and learning. Retrospectives: Looking at what went wrong before leads to improving the internal model of risk for the future. Stakeholder Management: Talking to stakeholders helps to share and socialise Internal Models.
Legal Risk	Analysis: Developing an understanding the context into which a solution is put avoids legal and social problems. Security Testing: Helps ensure compliance with security standards and regulations.
Lock-In Risk	Analysis: Analysis can identify dependencies where Lock-In Risk is high.
Market Risk	Design: (Research and) design allows you to leapfrog competitors and provide new sources of value. Prioritising: Ensures that the most valuable features and opportunities are addressed first. Release: Delivering features means you get market feedback.
Operational Risk	Analysis: Analysis is important to identify threats to an operation from its environment. Automation: Introduces more consistency in process operations and removes opportunity for human error Change Management: Ensures changes are implemented smoothly and systematically. Configuration Management: Ensures that changes are systematically evaluated and implemented to minimize disruptions. Debugging: Ensures that the software operates correctly and efficiently. Design: Ensures that the system architecture supports operational requirements and scalability. Measurement: Provides data to inform decision-making and improve operational efficiency. Monitoring: Ensures continuous observation to maintain operational stability. Security Testing: Ensures the software can withstand security threats and attacks.
Process Risk	Coding: Problems and edge cases with software processes can be fixed by adding code. Monitoring: Monitoring a process can ensure that when it misbehaves the issues are quickly caught. Retrospectives: Continuously improves processes and practices.
Reliability Risk	Debugging: Removing bugs improves the reliability and stability of the software. Integration Testing: Ensures that integrated components work together as expected. Monitoring: Identifies and addresses potential issues before they impact system reliability. Pair Programming: More developers may be able to produce a more reliable implementation. Performance Testing: Performance testing software can establish bounds on its reliability.
Schedule Risk	Automation: Automating laborious tasks clears the schedule for higher-value work. Prioritising: Helps in focusing on high-priority tasks.
Security Risk	Monitoring: Monitors for security breaches and anomalies. Security Testing: Identifies and addresses vulnerabilities in the software.

Attendant Risks

Attendant Risk	Practices
Agency Risk	Analysis: Creates dependencies on the availability and accuracy of information from stakeholders. Automation: Automated processes have their own agency and might not work as desired. Estimating: Can put unnecessary pressure on staff to hit deadlines. Pair Programming: Staff might not like working in this arrangement. Security Testing: Likely requires security experts with specialist skills.
Communication Risk	Automation: The quality and performance characteristics may be obscured by automation. Stakeholder Management: Misaligned communication strategies can lead to misunderstandings and conflicts.
Complexity Risk	Automated Testing: Managing a large suite of unit tests can add to the complexity. Automation: Introducing automation adds to the complexity of a project Coding: Writing new code adds complexity to a project. Measurement: Collecting and analyzing data can add to the complexity of the project. Monitoring: Implementing comprehensive monitoring solutions can add complexity. Performance Testing: Requires sophisticated tools and setup, adding complexity. Security Testing: Requires specialized skills and tools, adding complexity.
Coordination Risk	Pair Programming: Requires coordination around time, place, activity and skills.
Deadline Risk	Estimating: Can create dependencies on estimated timelines and resources. Prioritising: Establishing an order of events often places deadlines on the earlier events completing or the later events starting.
Feature Fit Risk	Automation: The automated process might not capture the variability of requirements of the original approach Design: Too much design up-front can create problems meeting feature requirements.
Funding Risk	Design: Design can be an expensive bet that doesn't lead to improved software. Measurement: Implementing measurement systems can be expensive. Monitoring: High-quality monitoring tools and systems can be costly. Performance Testing: Performance testing tools and environments can be expensive. Prototyping: Creating prototypes can incur additional costs.
Implementation Risk	Coding: Changes in code can introduce new bugs and regressions.
Internal Model Risk	Automated Testing: Unit Testing and code coverage can give false assurances about how a system will work in the real world. Automation: Automation of reporting and statuses can lead to false confidence about a system's health. Measurement: Focusing on the wrong measures can blind you to what's important. Performance Testing: Performance testing might give a false confidence and not reflect real-world scenarios.
Legal Risk	Release: Publishing or releasing code may involve licensing, Intellectual Property, Liability or other legal compliance."
Lock-In Risk	Design: Design decisions can create boundaries that limit flexibility and adaptability.
Market Risk	Prioritising: Prioritising a single client or narrowing scope reduces diversification, increasing exposure to changes in the market.
Operational Risk	Automation: Automated processes may be less observable than manual ones. Release: Releasing software means that the software has to be supported in production.
Process Risk	Automation: Automation introduces a process, which therefore means a new source of Process Risk. Change Management: Change control is a process, and therefore is a source of process risk. Release: Complex release procedures are a source of process risk.
Reliability Risk	Automated Testing: Creates dependencies on testing frameworks and tools. Configuration Management: Carefully managing software configuration ensures that the reliability of dependencies is also managed. Design: Creates dependencies on software components and design patterns. Integration Testing: Adds dependencies on test environments and their availability. Measurement: Creates dependencies on measurement tools and their accuracy. Monitoring: Creates dependency on monitoring tools and their accuracy. Prioritising: Prioritization can create dependencies on specific tasks or features. Release: Releases can introduce discontinuities in software service if not managed well.
Reputational Risk	Release: Poor release management can destroy reputation and good-will.
Schedule Risk	Analysis: Can be time-consuming, potentially delaying the start of development. Automated Testing: Writing and maintaining unit tests can be time-consuming. Change Management: Managing changes systematically can introduce delays. Debugging: Debugging can be time-consuming, affecting project timelines. Estimating: Inaccurate estimates can lead to schedule overruns. Integration Testing: Can be time-consuming, leading to delays in the project timeline. Pair Programming: Can slow down individual productivity, impacting overall schedule. Performance Testing: Can be time-consuming, leading to delays in the project timeline. Prototyping: Prototyping can be time-consuming and delay the project timeline. Release: Delays in the release process can impact overall project time-lines. Retrospectives: Requires coordination and can disrupt regular workflows. Security Testing: Security testing can be time-consuming, impacting schedules.
Security Risk	Automation: Automation can introduce security issues if automated processes are given elevated privileges.

Description

"Lean software development is a translation of lean manufacturing principles and practices to the software development domain. Adapted from the Toyota Production System,[1] it is emerging with the support of a pro-lean subculture within the agile community. Lean offers a solid conceptual framework, values and principles, as well as good practices, derived from experience, that support agile organizations." - Lean software development, Wikipedia

Lean Software Development emphasizes eliminating waste, building quality in, creating knowledge, deferring commitment, delivering fast, respecting people, and optimizing the whole. Key practices in Lean include value stream mapping, pull systems, Kanban, small batch sizes, continuous improvement, root cause analysis, and respecting people. Lean focuses on improving efficiency and quality through these principles and practices.

See Also