It looks like your document covers the signs of bad engineering, but to recognize, discover, test, and assess bad engineering, you may want to add specific methods and tools to systematically evaluate engineering quality. Here are some sections to enhance your document:
How to Recognize, Discover, Test, and Assess Bad Engineering
To identify and measure bad engineering within a product-centric company, organizations can use a structured approach that includes metrics, audits, testing, and team feedback.
1. Code Quality & Maintainability Assessment
How to Test & Assess:
✅ Code Reviews – Conduct regular peer reviews using tools like GitHub, GitLab, or Bitbucket.
✅ Static Code Analysis – Use tools like SonarQube, ESLint, or Checkstyle to identify bad patterns.
✅ Cyclomatic Complexity – Measure the number of decision points in code; high complexity indicates poor maintainability.
✅ Documentation Audit – Check if the code is properly commented and documented.
Red Flags:
❌ Large, unstructured codebases without proper modularization.
❌ Lack of documentation, making it difficult for new engineers to onboard.
❌ High code duplication and inconsistent naming conventions.
2. Production Stability & Incident Tracking
How to Test & Assess:
✅ Incident Reports & Root Cause Analysis (RCA) – Review past incidents using tools like PagerDuty or Datadog.
✅ System Logs & Monitoring – Implement observability with tools like Prometheus, New Relic, or ELK Stack.
✅ Error Rate & Downtime Metrics – Track using SLOs (Service Level Objectives) and SLAs (Service Level Agreements).
Red Flags:
❌ Frequent hotfixes or rollbacks due to production failures.
❌ Long Mean Time to Detect (MTTD) and Mean Time to Resolve (MTTR).
❌ No post-mortem process or repeated failures with no systemic fix.
3. Development Speed & Deployment Efficiency
How to Test & Assess:
✅ Cycle Time Measurement – Track how long it takes from code commit to deployment.
✅ Continuous Integration/Continuous Deployment (CI/CD) Health – Use Jenkins, GitHub Actions, or CircleCI to measure build failures.
✅ Deployment Frequency & Lead Time – Compare with industry standards (Elite DevOps teams deploy multiple times per day).
Red Flags:
❌ Deployments require manual intervention and take hours/days instead of minutes.
❌ CI/CD pipelines fail frequently, leading to delayed releases.
❌ Engineers avoid touching certain parts of the code due to high failure risks.
4. Security & Compliance Risks
How to Test & Assess:
✅ Automated Security Scanning – Use OWASP ZAP, Snyk, or Veracode to detect vulnerabilities.
✅ Penetration Testing – Conduct regular ethical hacking to test for weaknesses.
✅ Access Control & Audit Logs – Ensure least privilege access is followed.
Red Flags:
❌ Hardcoded credentials or API keys in repositories.
❌ Lack of encryption or missing security headers in APIs.
❌ No formal incident response plan for data breaches.
5. Team Health & Engineering Culture
How to Test & Assess:
✅ Employee Retention & Burnout Surveys – Conduct anonymous feedback on engineering satisfaction.
✅ Pull Request (PR) Review Quality – Track time spent on meaningful reviews vs. rushed approvals.
✅ Cross-Team Collaboration – Measure how often engineers work with product, design, and operations.
Red Flags:
❌ High engineer turnover due to frustration or lack of growth opportunities.
❌ Engineering is viewed as a cost center, not a strategic enabler.
❌ Toxic blame culture instead of blameless post-mortems.
Next Steps: How to Fix Bad Engineering
Once bad engineering is identified, companies should:
- Invest in training, mentorship, and technical leadership.
- Implement modern DevOps practices, including automation & observability.
- Foster a culture of ownership, collaboration, and innovation.