Sometimes I moan about the difficulties of being part of large company in the time it takes to get things done, but it has its advantages.
As part of a small company, stuff is often done ad hoc. People write spam rules, write little scripts to do stuff and the processes aren't really defined. Microsoft is not like that at all, at least with the undefined processes part.
Perhaps the biggest difference is that in a large company, there is a very well defined software development life cycle. This is something that I learned about in university and it was an abstract concept. Well, now I'm living it. The cycle goes something like this:
- I come up with an idea
- A requirements spec is written
- A dev spec is written
- Coding begins
- A test spec is written
- Code complete hits, testing begins
- Security reviews are undertaken, sometimes before the previous step and sometimes after
- Bug fixes are completed
- Simultaneously, interaction with Operations begins, as they will be deploying the stuff; a deployment schedule is created
- Deployment documents are written
- Staging begins (different than Test)
- Staging ends and optionally, pre-deployment
This is a very long process. As part of a small company, coding took up the bulk of a product's life cycle. Now, it's maybe 5-10% of the entire phase. Each review typically goes through a couple of iterations. Now you may be wondering what the advantage is this process, and the answer is that if there's an established process with checked-in and managed code, it is way easier to prevent bugs before they occur. It's easier to manage the code afterwards and it's easier to manage the code when people leave.
With lots of little scripts kicking around, when somebody leaves or goes on vacation and something goes wrong, it can take an eternity for someone else to figure out what is going on with the stuff that is broken. In other words, with managed code, maintenance costs come way down.
I am finding that much of our internal infrastructure becomes much more stable when we have designed around the process rather than ad hoc. Even in the realm of anti-spam where quick reaction time is required, if the architecture is stable it allows you to avoid having to fix bugs in your tools and the stuff you actually use to fight the spammers.