Friday 4 November 2016

The smaller the ticket scope the better

For bugs and tasks, the smaller the bug the better.

Having many small bugs and issues can be an advantage for the following reasons:

  • easier to code
  • easier to delegate (between developers)
  • easier to outsource
  • easier to test
  • easier to roll back
  • easier to merge into upstream or legacy branches
  • easier to deploy

It is better to put them in a special JIRA project(s) which can be focused on quality or non-functional requirements.

Of course, this needs to be rational and kept in context. You should only create a couple of each instance/pattern, particularly when they are not being fixed. In such cases, create a 'holding ticket' that will store references to all the individual issues, which is good for systemic vulnerabilities.

You should also aggregate issues in Stories.

(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)