When it comes to designing and operating your static analysis solution, there are many options you can go with. I like to think that the institution of static analysis in an organization as being divided into several phases.
- Requirements - what goals do you hope to get out of it, usage models
- Design / Architecting of the solution within your existing infrastructure
- Implementation - the fine art of setting it all up and automating it
- Maintenance - the ongoing management of the solution, including dealing with the inevitable changes to the code, build environment and the static analysis solution
We walk through the various choices with their own advantages and disadvantages:
- Consulting Firm
- Outsourcing / Offshoring
- Institutionalize all the expertise with your employees
- Flexibility to control your resources and move them to different responsibilities rapidly
- Employees benefit from already existing relationships in the company
- The fully loaded costs of a full-time employee are significantly higher than the salary. Put in the cost of insurance, training, office space, machine costs, etc. and a $100,000 employee starts looking like a $150,000 cost. The budgeting process reflects these extra costs and the cost of extra headcount.
- Employees are often fairly flexible resources that are assigned many different responsibilities but are therefore constantly being pulled onto other urgent projects of the day.
- Hiring takes extra effort. Employee hiring should be looked upon as a permanent action. Will this person with these specialized skills be the optimum fit years from now?
- You may need to train this person. It's hard to hire someone who is both flexible for the long term and highly specialized for your need today. It takes months to even years of investment to develop a good level of expertise in-house.
- Gaps in time such as for vacation and sick days require coverage, particularly for ongoing management and administration.
- Some roles don't need to be full-time. Particularly for a younger company, you may not be able to justify a full-time build engineer or a static analysis expert.
- Part-time enables you to pay for only what you need but still get what you need for the amount that you need it for.
- If you predict growth, then part-timers are not very scalable.
- Part-timers also carry a fully-loaded cost, oftentimes higher in proportion to a full-time employee.
- Contractors need to prove their existence every day. They know they have to provide a high level of service or be replaced.
- Contractors can be started up quickly and can be removed at the end of the project without any HR headache. Some projects make sense for a period of time and not forever.
- You can hire contractors that are highly specialized. Perhaps it's a particular product expertise, or a particular process expertise - you can hire highly experienced people from a temporary time period to get best practices.
- Contractors enable you to focus your best resources on the most strategic activities while leaving the rest to nonstrategic resources.
- Contractors need start up time. They are used to getting up to speed fast but still require ramp up time.
- Contractors may or may not be available after the project completes.
- If you don't plan properly for this, contractors will leave at the end of the project (or even midway in extenuating circumstances) with all the institutional knowledge gained during the process. You should build in time early to transition knowledge through mentorship and documentation throughout the project.
- Contractors need to develop relationships during the project.
- You have a firm to back you up. If you need to have varying levels of expertise throughout a project, it's up to the consulting firm to provide the right person. You can draw upon a larger set of expertise from a consulting firm. You can get the best experts in every area you need that don't need any training.
- Consulting firms tend to be solutions and results focused.
- You can ramp up and down a team easily - from a whole team down to a part-time consultant.
- You get coverage when you need it. No need to worry about sick and vacation days.
- You have one place to go to for as many of your needs as possible
- You allocate budget and responsibilities and are less able to be sidetracked than an employee
- Consulting firms enable customers to focus their best resources on their company's strategic needs while still leaving nonstrategic items to experts in their field
- Consultants require some ramp up time
- If you don't plan properly for this, consultants will leave at the end of the project with institutional knowledge. You need to work in transition time through mentorship and documentation.
- Depending upon market rates, consultants may be more expensive than the fully loaded costs of an employee.
- Consultants must develop relationships during the project.
- The cost advantage is usually significant
- Outsourcing is a good way to pass off non-core competence work leaving your developers to focus on more strategic work
- Communication is usually difficult. Many outsourced teams are located in different countries with different timezones and languages spoken.
- Management overhead is increased. Interfaces between teams must be micromanaged.
Every organization is different. No one solution fits all. The key though is to have the expertise you need when you need it in order to institute static analysis as quickly, efficiently and effectively as possible. Consider these questions as you consider what are your best options:
- Many organizations recognize the investment required to develop expertise in-house. Is the investment of becoming static analysis experts worthwhile or not?
- Do you value best practices? Will having an expert who's done it many times before guide you through the process more efficiently than trying to do it yourself?
- What are my architecting versus operating costs? How can I create the best solution that requires the least amount of management and administration?
- How much time is required and what expertise is needed for architecting and operating static analysis? It may not be full-time.
- What are my contingency plans if priorities change or people leave?
- What are your true core competences? What do you want to be best at doing?
- What kind of budget do you have? Initially and ongoing? What is the return you get to justify the expenditure?
- Are pieces of the requirements-architect-implement-administrate better served by the same person or different people? Is continuity of resource more valuable than best practices in each area?