1

Codacy Product Showcase: April 2024

Group 370
2

Codacy Security Adds Thousands of New SAST Rules With Semgrep Integration

Group 370
3

Technical Debt Explained

In this article:
Subscribe to our blog:

Just as financial debt can cripple individuals and organizations, technical debt—the accumulation of suboptimal software development practices—can hinder growth and innovation at your company. According to McKinsey, CIOs estimated that 10-20% of the technology budget intended for new products gets redirected toward resolving issues associated with technical debt. 

Understanding technical debt helps developers and engineering leaders improve code quality and system reliability by balancing feature development and maintenance.

Here, we’ll explain technical debt, the types of technical debt that exist, how technical debt is accrued, and how to reduce and manage technical debt in your organization.

What Is Technical Debt?

Technical debt is the accumulated future cost of suboptimal design decisions, outdated code, and incomplete features in a software project. It is the outcome of choices made during software development that favor speed and efficiency over long-term maintainability, security, and flexibility.

Technical debt can appear in various forms, such as poorly written code, outdated libraries, lack of proper documentation, or nonexistent test coverage. Like financial debt, technical debt accrues interest over time and can have serious consequences, such as exposing the product to security risks, increasing development costs, and lowering the team’s morale.

The 4 Types of Technical Debt

Software development expert Martin Fowler proposed a framework to categorize technical debt into four distinct quadrants based on the intentionality and awareness of the decision that led to the debt.

This framework empowers organizations to effectively assess and manage technical debt by sorting it into high-risk and low-risk categories. While the impact of technical debt varies, some kinds of tech debt are worse than others, and tech debt can even be beneficial if managed wisely.

1. Deliberate and Reckless 

This technical debt arises from intentional decisions made with full awareness of the potential consequences. Developers or teams deliberately ignore good design practices or coding standards to ship products faster. This debt is often associated with tight deadlines, pressure to release features quickly, or a lack of planning and resources.

For example, developers may skip writing unit tests, documentation, or comments, or hard code sensitive connection values in the code to save time or meet deadlines.

# Using hard-coded values for postgres database connection
import psycopg2

def connect_to_database():
    connection = psycopg2.connect(
        host="localhost",
        database="mydb",
        user="postgres",
        password="password"
    )
    return connection

In this example, the database connection credentials are directly embedded within the code. This is a security risk, as anyone with access to the code could potentially use these credentials to access the database. A more secure approach would be to store the connection credentials in a configuration file or environment variable and then read them from there when connecting to the database.

This type of technical debt is hazardous, as it can lead to high complexity, low cohesion, and high defect rates in the resulting software product. At some point, it needs to be fixed.

A more common example along these lines might be omitting error handling. A developer just wants to get a function up and running and then add the logic but with no error handling.

def read_and_process_file(filename):
    # Opening the file without any error handling
    with open(filename, 'r') as file:
        data = file.readlines()

    # Processing the data assuming everything went well
    total = 0
    for line in data:
        # Assuming each line in the file is a valid number
        number = int(line.strip())
        total += number

    return f"Processing Complete. Total Sum: {total}"

# Example usage
result = read_and_process_file("data.txt")
print(result)

In this example, the open function can raise a FileNotFoundError if the specified file does not exist or an IOError if there's an issue with reading the file. The int function can raise a ValueError if a line is not a valid number. However, these exceptions are not caught, so the function will fail and terminate the program if such issues occur.

This is poor UX for an end user as the function will fail poorly. It is also bad for the development team as each of these error paths has to be added in at some point.

def read_and_process_file(filename):
    try:
        # Attempting to open and read the file
        with open(filename, 'r') as file:
            data = file.readlines()
    except FileNotFoundError:
        # Handling the case where the file does not exist
        return f"Error: File '{filename}' not found."
 except IOError:
       # Handling other I/O errors
        return f"Error: An error occurred while reading '{filename}'."

 total = 0
 for line in data:
     try:
         # Attempting to convert each line to an integer
         number = int(line.strip())
         total += number
     except ValueError:
         # Handling lines that are not valid numbers
          return f"Error: Invalid number found in the file."

  return f"Processing Complete. Total Sum: {total}"

# Example usage
result = read_and_process_file("data.txt")
print(result)

In this improved version, the function uses try-except blocks to handle both file-related errors (such as FileNotFoundError and IOError) and data processing errors (ValueError from invalid number conversion). This makes the function more robust and able to handle different types of errors gracefully, providing clear error messages instead of crashing.

2. Deliberate and Prudent

This is when developers consciously incur technical debt as a trade-off for delivering value faster or adapting to changing requirements or technologies.

For example, a team may use a third-party library or framework with known limitations to foster rapid development and implement a minimal viable product (MVP). This MVP is then used to test the market or get customer feedback. 

This type of debt can be beneficial, as it can help developers learn, experiment, or validate their assumptions—as long as they pay off the debt as soon as possible.

3. Inadvertent and Reckless

In this scenario, developers unintentionally introduce technical debt due to a lack of knowledge, skills, or experience. 

For example, developers may use outdated or incompatible technologies, frameworks, or libraries or apply inappropriate design patterns, architectures, or algorithms without realizing the implications or alternatives. 

# Applying inappropriate design patterns without understanding the trade-offs
class User:
    def __init__(self, name, email):
        self.name = name
        self.email = email

    def get_user_data(self):
        # This method retrieves user data from a database
        # ...

        # This method also performs business logic and calculations

        # ...

        return user_data

In this example, the get_user_data method violates the single-responsibility principle (SRP), which states that a method should have only one reason to change. This method has two reasons to change:

  1. Changing how user data is retrieved from the database
  2. Changing the business logic on user data

This makes the method hard to maintain and understand and prone to bugs. A better design would be to split the data retrieval and business logic into two separate methods following the SRP.

class User:
    def __init__(self, name, email):
        self.name = name
        self.email = email

    def retrieve_user_data(self):
        # This method retrieves user data from a database
        # ...

        return user_data

    def process_user_data(self, user_data):
        # This method performs business logic and calculations on the user data
        # ...

This type of debt is very harmful, as it can lead to poor performance, scalability, reliability, or security in the software.

4. Inadvertent and Prudent 

Inadvertent and prudent technical debt happens when a knowledgeable team applies best practices during software development but inadvertently generates technical debt by failing to update/evolve the codebase. This technical debt is often due to the evolution or emergence of new requirements, technologies, or best practices.

For example, developers may use a design or library that was optimal at the time but becomes obsolete or suboptimal later due to new features, functionalities, or standards. 

This type of debt is inevitable, as it is impossible to predict the future, but it can be manageable if teams refactor, update, or migrate their code regularly.

What Causes Technical Debt?

Technical debt is an inevitable consequence of being in business, as any software project will incur some degree of suboptimal design decisions, outdated code, or incomplete features. However, some of the most common causes of technical debt are:

Rapidly Changing Business Requirements

When developers must adapt to changing requirements rapidly, they might implement quick solutions or workarounds. This results in a codebase that accommodates immediate needs but lacks the elegance and scalability required for long-term sustainability.

For example, a simple modification, like transitioning a feature from single-user to multi-user functionality, can introduce unforeseen complexities. If rushed, such changes can inadvertently cause technical debt to accumulate over time.

Additionally, these rapid changes often prevent the team from thoroughly considering the implications of their design choices, leading to a patchwork of solutions that can be difficult to refactor later.

Lack of Technical Knowledge

When team members are not well-versed in the latest technologies or coding standards, they may unknowingly introduce suboptimal solutions. This can lead to inefficient code structures and outdated libraries, making it harder for others to understand and maintain the code.

Furthermore, the lack of expertise can result in missing out on more efficient, scalable, or secure coding practices that are standard in the industry, thereby increasing the technical debt through a series of small but significant inefficiencies.

Poor Development Processes and Inadequate Testing

Poorly conducted or skipped code reviews, relying solely on manual testing rather than using test automation, and lack of proper code documentation are all signs of poor development processes and can lead to technical debt. 

These issues can be compounded over time as the absence of systematic reviews and testing makes the codebase progressively more fragile and error-prone. The lack of documentation also makes it challenging for new team members to understand the existing code, potentially leading to further suboptimal decisions and implementations.

How to Tackle Technical Debt in the Scrum/Agile Process 

Agile methodologies, like Scrum, are characterized by short, iterative cycles that aim to deliver functional software at the end of each sprint. The fast nature of Agile sprints makes them susceptible to tech debt that needs to be carefully managed, as accumulated technical debt can slow future development and impede the team's ability to deliver functional software. Here's how to tackle technical debt in the Scrum/Agile process.

Identify and Assess the Level of Technical Debt

The first step in tackling technical debt is to comprehensively understand the current state of the codebase and system infrastructure. This involves identifying systems and processes that are causing the most pain and assessing the severity of the issues. 

Conducting code reviews is one way to identify potential technical debt issues. Encourage developers to provide feedback on each other's code, highlighting areas of complexity, duplication, and poor design. Additionally, use static code analysis tools to scan the codebase for potential technical debt patterns automatically. These tools can identify unused variables, complex conditional statements, and potential security vulnerabilities. 

By understanding the level of technical debt within the codebase, engineering leaders can develop a plan to reduce it.

Develop a Roadmap for Solving Technical Debt

Once the technical debt has been identified and assessed, the next step is to create a roadmap for addressing it. This roadmap should outline the specific steps required to tackle the identified issues, prioritize the tasks based on their impact and urgency, and allocate the necessary resources.

For example, a roadmap for a team that wants to upgrade their React library can include the following components: 

Vision: To enhance the security of our application by upgrading the React version and using React best practices.

Goals: 

  • Upgrade the React version from 16.2 to 18.0, introducing new features and improvements, such as faster rendering, better error handling, and easier migration to future versions.
  • Use React hooks, a new way of writing functional components using state and lifecycle methods without classes or higher-order components.

Actions:

  • Create a backup of our current codebase and a new branch for the upgrade process.
  • Install the latest version of React and update dependencies to be compatible with the new version.
  • Refactor class components into functional components and replace the lifecycle methods with React hooks, such as useState, useEffect, or useRef.
  • Merge the new branch into the main branch and deploy the application to the production environment.

Timelines:

  • Complete the backup and installation of the new version and dependencies—one week.
  • Complete the refactoring of the class components—seven weeks.
  • Complete the testing and deployment—three weeks.
  • Deliver the upgraded and secured application within—three weeks.

Once the goals, actions, and timelines have been defined, the team should embark on determining the necessary developers to address the technical debt. The first priority should be to address tasks that have the highest potential impact on the application's security posture, such as addressing known security vulnerabilities and improving error handling. 

Integrate Technical Debt Management into Sprints

The final step in tackling tech debt is integrating it into the development process. Allocate time for refactoring, code reviews, and code quality improvements during each sprint to ensure the team maintains a balance between delivering new features and maintaining code quality. By addressing technical debt incrementally within the sprint framework, the team can proactively manage and prevent it from causing larger impediments.

Tackling Technical Debt With the Right Tools

Tech debt is something that can cripple a company if it goes unchecked. Addressing technical debt involves periodic efforts to refactor and improve the existing code to ensure that it aligns with best practices and facilitates long-term security and development efficiency.

Codacy can help by automating and standardizing code reviews. Our best-in-class static code analysis solution integrates seamlessly into your workflows, helping engineering teams save time in code reviews and tackle technical debt. Try it for free today.

RELATED
BLOG POSTS

The Inverse of Technical Debt Is Code Quality
In mathematics, the inverse of an operation or function is another operation or function that "undoes" the first. In simpler terms, it takes the output...
How to tackle technical debt (for teams using Scrum)
Technical debt happens in all software projects, regardless of the programming languages, frameworks, or project methodologies used. It is a common...
The true impact of technical debt
Technical debt happens in all software projects, regardless of the programming languages, frameworks, or methodologies. It is a common metaphor for...

Automate code
reviews on your commits and pull request

Group 13