Wednesday, January 24, 2007

False Comfort in Measurability

Seth Godin wrote:
The danger is when you keep score of the wrong thing because it's easy or precise.
The requirements for our products should be testable and measurable. When a prospective customer tells us the competitor's product is not secure enough and needs registration and log-in functionality, part of understanding what the prospective customer means is to determine how to measure security.

Your product manager may opt for specifications that are less challenging to measure. Rather than specify security metrics, for example, she may instead punt and simply specify the product will include registration and log-in functionality as the prospective customer requested. But doing so doesn't capture the problem the prospective customer is really trying to solve. What does it mean for the product to be secure?
  • What information is problematic for an unauthorized user to access?
  • What functionality is dangerous for an unauthorized user to employ?
  • What are the characteristics of an authorized user?
These questions are not easy to answer in measurable terms. There's precision in specifying that the product will require user registration and log-in, but it doesn't answer these questions. Yet answering these questions is critical to understanding the customer's needs and to ultimately testing whether your product satisfies them.

No comments :