Most of us wouldn’t necessarily assume that offender profiling provides us with insights on how to create better software. Programming and homicide is fortunately a rare combination in the software industry, yet Adam Tornhill sees this as a great starting point.
In his keynote for the ElixirConf EUconference “Code & Homicide: What Software Developers Can Learn from Offender Profiling” Adam teams up with Homicide Detective and Offender Profiler Crux Conception.
They start off with real-world crime scenes so we can learn about behavioral patterns and their consequences. The learnings are then transferred to a software context to investigate the traces that we – as software developers – leave behind in the code.
These techniques let us prioritize refactoring based on impact, detect high-risk areas of code and also visualize the organizational side of our software architecture.
Meet Crux Conception
Nice to meet you Crux, how long have you been a detective?
Nice to meet you, CodeScene Team! I have 25 years of law enforcement experience on the federal and state levels.
How did you team up with Adam?
I met Adam through the event organizers for the ElixirConf EU 2021 in London, UK, on June 10, 2021. The organizers thought it would be a novel idea to put us both on stage simultaneously to deliver a presentation. I am excited and can't wait. In my opinion, if Adam and I do a good job, this could be the start of a new method of giving lectures (matching different cultures and professions on one stage).
How can behavioral profiling contribute to the way we analyze code? Can you give an example?
As technology evolves, our understanding of psychology must also evolve to keep up with criminals who will consistently find new methods to manipulate our weaknesses. Psychology and technology are two areas that constantly conflict with each other. Individuals are usually fast to judge others established on their acts, and companies are always looking for ways to protect themselves from crime.
Crux Conception
What is your main work these days?
Since I have retired from law enforcement (going on my 2nd year), I have concentrated on getting my Ph.D. in forensic psychology, just finished my manuscript and looking for a literary agent, and I wrote 4 more new speeches. To date, I have spoken in over 34 countries and speak an average of 22 times yearly.
It is not a coincidence that Adam chose to team up with Crux. Adam is a programmer who combines degrees in engineering and psychology. CodeScene’s core value and strength lies in the belief that in order to truly understand code quality, you need to go beyond code. You need to include the behavioral patterns and the organizational side of the development to see the whole picture.
Meet Adam Tornhill, founder and CTO of CodeScene
Hi Adam, nice to meet you! How was this idea born? Your collaboration with Crux?
All the credit here goes to Torben Hoffmann from Erlang Solutions. I met Torben at a conference back in the day when I was writing Your Code as a Crime Scene, and Torben was an early adopter of CodeScene so he was familiar with my work. Now Torben had the idea of pairing me up with an actual offender profiler. I just loved the idea, and it’s a great honor to do a joint keynote with Crux.
.jpg?width=876&name=Image%20from%20iOS%20(49).jpg)
Adam Tornhill, guest lecturing at Lund University's Faculty of Engineering
How can behavioral profiling contribute to the way we analyze code? Can you give an example?
The people side of code is key if we truly want to understand software development. A simple example is technical debt;
it’s a growing problem for the industry, with recent research reporting that the average company wastes 23-42% of developer’s time due to technical debt and bad code in general. Now, the problem is not – I repeat not – to identify technical debt. Trust me, there’s plenty of it. Rather, the challenge is to prioritize it so that the organization can balance implementing new features with improvements to existing code.
Behavioral profiling techniques are the basis for how CodeScene prioritizes technical debt. We measure patterns in how the developers work with the code, which lets us identify the technical debt with the highest interest rate. That’s your priority. Prioritizing technical debt is simply not possible from source code alone.
Why is it so important to include the organizational aspect when analyzing software architecture?
There are two main areas that stand out. The first is the knowledge dimension: are your development teams familiar with the code in the various sub-systems and components? If not, then that is a risk that you need to be aware of during roadmap planning. It’s also an issue that you need to be aware of and mitigate in your on- and off-boarding processes. The developer attrition is sky high in the software industry, and at the same time a solid knowledge distribution across the codebase is key.
The second area is around how well your development teams match the way the system evolves. Take microservice architectures as an example: dependencies between microservices are more problematic if they span multiple development teams. To discover such dependencies, we need a team dimension together with information on implicit dependencies. Again, behavioral data forms the basis (check out this article for real examples).
Do you believe that this approach will be even more important in the future?
Yes, definitely. Software is mission critical to most companies, and it will only grow in importance. At the same time we face a global shortage of software developers. Demand substantially outweighs supply. This means that the industry has to become more efficient, and behavioral code analysis as realized in CodeScene’s software engineering intelligence platform guides you on that journey. I’m proud of being part of this exciting field. It’s important.
Summary
So, what can development teams learn from this? A good starting point is to read up about behavioral code analysis. It is the core of CodeScene, and represents a radical and much needed complement to traditional static code analysis tools.
Also, don't miss our latest whitepaper about the business impact of low code quality. You’re of course very welcome to contact us for a demo or more material.
