IBM developed formal inspections of source code, config files, and other software artifacts in the '70s. They're still used today with applications of most any size to eliminate defects and improve quality before the apps get tested.
Formal inspections work well with development methods such as CMMI, RUP, TSP, agile, QFD, JAD, and Earned Value. They've been ranked the most efficient defect-removal process available. Because inspection participants tend to avoid making the kinds of errors that are found in formal inspections, they're also one of the top-ranked defect-prevention methods.
Given their effectiveness, you'd expect formal inspections would be used on 100% of mission-critical software projects and on all of the critical sections of other software projects. But in reality, they're underutilized. Our research shows that more than 35% of organizations developing defense, systems, and embedded applications use formal inspections, while fewer than 10% of those writing IT, commercial, and Web applications use them.
One reason for this underutilization is that no vendor is out marketing formal inspections; that provides discouraging social commentary on how the software-engineering community learns new skills. No company owns formal inspections, and the method behind them is in the public domain. No one except a few consultants who teach the technique makes any money from inspections. Although there are many books and articles about the technique, there's no active marketing of it. To discover their value, people must seek out information on effective quality methods, and few take time to do this.
Tools and methods generally are adopted either in response to well-funded vendor marketing or market momentum. When methods such as agile, RUP, and TSP achieve a critical level of usage, other companies adopt them without much analysis.
Inspections haven't achieved the critical mass necessary to become self-sustaining and expand rapidly. Many more developers use newer defect-identification methods such as static analysis than inspections, because more than a dozen tool vendors, such as CAST, Coverity, Klocwork, and Parasoft, have effective static analysis marketing programs.
Another reason people don't use inspections is because they are aware that inspections raise effort and costs during requirements, design, and coding. But they don't have enough data to realize that once testing starts inspections will dramatically reduce testing costs and speed up the schedule, allowing the entire project to be delivered faster and cheaper. Inspections raise front-end costs, but they lower downstream costs forever. Projects with inspections are about 15% more productive during development than similar uninspected projects, and their maintenance costs are about 45% lower.
Where Inspections Are Used
In addition to being the most efficient defect-removal technique, formal design and code inspections have a synergistic relationship with other defect-removal processes, such as testing, and also are quite successful in preventing defects.
Recent work by Tom Gilb, one of the more prominent authors dealing with software inspections, and his colleagues continues to support earlier findings that a human being inspecting code is the most effective way to find and eliminate complex problems that originate in requirements, design, and other noncode deliverables. Indeed, to identify deeper problems in source code, formal code inspection outranks testing in terms of defect-removal efficiency levels.
We find among our clients that about 100 enterprises out of 600 are using formal inspections more or less the way they're designed to be used. Another 125 are using semiformal inspections, design reviews, structured walkthroughs, or one of a number of local variations on the inspection process.
Large companies that produce systems and embedded software are making the most effective use of formal inspections. They've learned that if software is going to control complex physical devices, it must have the highest possible quality levels, and only inspections can achieve that.
The companies that are most likely to use inspections are those that look for software quality best practices and adopt them. It's telling that all organizations and industries most committed to quality tend to use pretest inspections. For example, formal inspections are common among computer, telecom, aerospace, defense, and medical instrument manufacturers, as well as systems software and operating systems developers. These types of companies need high-quality software to market their products; therefore, inspections are a key part of their approach.