« W3C Validation and BlogSpot
LINQ To Objects and Referential Equality »


Web Sites != Web Applications

I stumbled across this quote from Tim O'Reilly yesterday:

...web applications are not released in one to three year cycles. They are updated every day, sometimes every hour. Rather than being finished paintings, they are sketches, continually being redrawn in response to new data.

I cannot disagree more. Web sites and 'Web 2.0' scripted applications might get updated on an hourly basis, but real web applications have the same release cycle as desktop application, only the deployment mechanism is different.

At work, we have staggered release cycles. A maintenance release is deployed on a weekly basis that contains critical bug fixes and minor feature changes.

A small project release is done on a monthly basis, this contains feature changes to the application, but only changes that can be handled end-to-end (Requirement to test/deploy) in one month cycle.

Finally, we have large projects that have quarterly release time tables. These are often dependent on other SoA applications in our architecture and must be bundled into a large quarterly release across the enterprise..

A release (even a maintenance release), involves the coordination of Project Managers, Developers, QA, and Production Support. The end to end process is impacted by dozens of people.

We have to account for Sarbanes Oxley (SOX) compliance and have a complete audit trail at all times. Getting an emergency approval to fix an urgent issue requires sign-offs all the way up the corporate ladder.

I'd imagine that this process is similar on any large public facing publicly traded company. To see someone such as O'Reilly make the distinction that web applications are just a FTP site to throw files onto is ludicrous.

Even Google, with its ubiquitous never ending betas and reputation for agility has release management cycles and SOX compliance rules to follow.

Posted by Jonathan Holland on 1/27/2009.

Tags: Opinion   Regulations

Comments:

Whom you quoted should be Tim O'Reilly.

Gravatar Posted by Jiang LIU on 1/27/2009.

Pardon? I did quote Tim O'Reilly.

Gravatar Posted by Jonathan Holland on 1/27/2009.

For significant bureaucracies an "FTP site to throw files onto" needs just as much sign off as any web application, for example the IRS web site for tax documents.

It all comes down to meaning:

SOX means that the high level corporate officers must sign off on the accounts. If you are not writing software that generates the accounts it should not apply to your software.

Consulting means scaring customers into adding bureaucracy to sell billable hours. SOX is one tool to use in this process.

Audit trail means knowing what happened, when and who did it. Version control system and good build scripts provide this.

Bureaucracy means a time consuming end to end process, managers and sign off.

Web Applications can be quite dynamics or quite static, Web Sites can be quite dynamics or quite static. Desktop applications before the internet had to be static because you had to send disks around.

Delaying the release of work means a longer wait for a return on investment. Greater chance of been beaten to market. It is a bad thing. The extent to which you accept it depends on the tools you have to mitigate other bad things such as user disruption, and bugs.

Gravatar Posted by Non-Bureaucrat on 2/3/2009.

@Non-Bureaucrat:

>SOX means that the high level corporate officers must sign >off on the accounts. If you are not writing software that >generates the accounts it should not apply to your software.

You are gravely mistaken. SOX requires an audit trail of information that could impact a public traded company. Because of this, our application has to follow compliance regulations. Trust me, if we didn't have to do it, we wouldn't.

Reference

Gravatar Posted by Jonathan Holland on 2/3/2009.

Comments are closed on this post.