Software engineering productivity is a multifaceted challenge that needs to account for efficiency, quality, and experience holistically. While DORA and SPACE provide an excellent system for analyzing productivity, they generally lack a focus on software quality as a primary outcome across the entire software development cycle.

Various factors influence software quality, including company size, industry, and strategic priorities. Here are a few examples of how these factors shape approaches to quality:

  • Early-stage startups may prioritize speed to market and rapid feature development, often sacrificing quality to achieve agility.
  • Mature organizations often have the resources to invest in quality but must also manage the complexity of legacy systems.
  • Companies under competitive pressure might deprioritize quality to deliver features faster, whereas those in highly regulated industries must adopt stringent quality practices to ensure compliance.
  • A security breach or critical production failure can necessitate a rapid shift in quality priorities, regardless of a company’s stage.

In a new whitepaper, Vidhya Ranganathan, a software quality advocate at Okta, proposes the Quality Maturity Model (QMM) to bridge the gap between quality and productivity and create a shared language that aligns cross-functional teams. This approach helps organizations proactively address quality issues and ensures you align quality improvements with business priorities.

What is the Quality Maturity Model?

QMM proposes a flexible framework encompassing fourteen software quality dimensions, covering the lifecycle from code creation to production. Key characteristics of the model include:

  • Adaptability: You can tailor QMM to suit any organization, avoiding rigid, one-size-fits-all definitions.
  • Benchmarking: It enables organizations to classify their quality practices against success criteria, ranging from basic to advanced and industry-leading.
  • Strategic Alignment: The model ensures that quality improvements directly contribute to broader business goals.
  • Prioritization: Engineering leaders can efficiently allocate resources by identifying the most impactful quality issues.

While the model proposes categorizing achievement based on bronze, silver, gold, and platinum achievement levels, the most critical aspect is that it empowers organizations to set achievable goals, measure progress, and benchmark success against industry standards.

The Fourteen Dimensions of Software Quality

QMM covers a comprehensive list of tooling and practices that impact software quality. The importance of each depends greatly on the individual organization.

Static Testing

Analyze code before execution to identify issues early, improve maintainability, and enforce standards. Static testing improves code consistency and maintainability and helps enforce standards across teams.

  • Get started: Implement basic linting rules.
  • How to mature: Automate testing through CI/CD pipelines.

Functional Testing

Test code manually to find defects and usability issues. Functional testing is critical for validating UX and helps identify complex usability issues that automated testing misses.

  • Get started: Use ad-hoc tests before releases.
  • How to mature: Develop structured plans incorporating exploratory testing and usability studies.

Unit and Integration Testing

Test individual components and their interactions to ensure they work as expected. Unit and integration testing are foundational for code reliability and maintainability, making it easier to refactor code confidently while supporting faster development cycles.

  • Get started: Focus on critical components.
  • How to mature: Use advanced mocks and property-based testing.

Use Case Documentation

Create documentation that describes user interactions and the system behaviors that support them. Documentation helps align development with business requirements and improves communication between stakeholders.

  • Get started: Focus on key features.
  • How to mature: Develop living documentation that updates automatically from new code.

System Testing

Evaluate integrated software systems against requirements to validate end-to-end functionality. System testing validates end-to-end functionality and ensures the entire system works as intended.

  • Get started: Manual testing before major releases.
  • How to mature: Comprehensive automation and complete regression testing.

Performance Testing

Analyze system responsiveness, stability, and scalability to ensure applications can handle expected loads and degrade gracefully in the event of load spikes. Performance testing ensures a consistent user experience during peak loads and is critical for user satisfaction.

  • Get started: Conduct basic load testing for critical paths.
  • How to mature: Incorporate SLAs, stress testing, and predictive analysis.

Release Safety

Minimize risks associated with deploying new code to production. Release safety ensures business continuity during updates and supports faster and more frequent releases.

  • Get started: Use manual deployment checklists.
  • How to mature: Implement blue-green deployments, automated rollbacks, canary releases, feature flags, and automatic verification.

Observability

Debug system behavior in production through logging, monitoring, and tracing. Observability enables you to identify and resolve issues more quickly and provides insights about system optimization so you can more proactively prevent problems.

  • Get started: Set up error logging and monitoring.
  • How to mature: Centralize logging to provide distributed tracing, anomaly detection, and predictive analytics.

Operational Resilience

Build systems capable of handling and recovering from failures to improve uptime and user satisfaction. Resilience is important to ensure your systems can recover from failures while maintaining service levels and user trust.

  • Get started: Develop basic failover processes.
  • How to mature: Incorporate automated failover, chaos engineering, and self-healing systems.

Incident Management

Detect, respond to, and learn from production failures. Incident management minimizes the impact of production failures on the business and improves your ability to maintain quality and reliability.

  • Get started: Define basic incident response processes.
  • How to mature: Use structured roles, escalation procedures, and data-driven predictions.

Disaster Recovery

Ensure business continuity in the event of a major system failure. Disaster recovery ensures the business can continue to operate during catastrophic failures and is a critical component of data protection and regulatory compliance.

  • Get started: Implement backup systems.
  • How to mature: Run disaster recovery drills and set up multi-region architectures with automated failover.

Security Testing

Analyze systems for vulnerabilities to protect against data breaches and cyber-attacks. Security testing maintains user trust, protects intellectual property, and ensures you’re following regulatory compliance.

  • Get started: Schedule annual penetration tests.
  • How to mature: Incorporate automated vulnerability scans, threat modeling, bug bounties, and AI-driven security analysis.

Secret Management

Securely store, access, and rotate sensitive information like API keys and passwords. Secret management prevents unauthorized access to sensitive data and is critical for maintaining compliance, particularly while growing your team.

  • Get started: Encrypt all secrets.
  • How to mature: Centralize secret management, automate secret rotation, and implement zero-trust architecture and anomaly detection

Configuration Management

Maintain consistent system configurations across environments to ensure consistency and faster deployments. 

  • Get started: Track configurations manually.
  • How to mature: Adopt version-controlled configurations, infrastructure as code, automated compliance checks, and self-service provisioning.

Prioritize Software Quality Against Business Objectives

QMM offers engineering leaders a flexible framework to enhance software quality while aligning with strategic business objectives. By combining these fourteen dimensions with DORA metrics and the SPACE framework, you can ensure you’re engineering organization is taking a holistic approach to developer productivity. Further, a data-driven approach provides the insight engineering leaders need to make the argument for prioritizing software quality and developer experience. Whether your organization is scaling rapidly or navigating the challenges of legacy systems, this model provides the tools to integrate quality into the heart of your software development process.