>We could easily lie in our scripts if we wanted to, it wasn't like management was capable of checking, and it was going to encourage reclassifying/hiding certain bugs (hard issues) and pretending other things were bugs (small changes/minor feature requests) to juice the numbers.
But why would you do this???
Holy cow, some of these comments. As someone fixing bugs, why would you not be interested in the classification, status and tracking of bug-related data? Why would your first instinct be to lie about what's happening with the business? To what end?
Honestly, this thread has me wondering if the average worker does so little that they see KPIs as a way of being accountable, and don't want that in any manner.
We do pentesting to prevent us having vulnerabilities and maybe even be hacked.
But then the new manager wanted a KPI. In their infinite wisdom the management people decided that "Cost saved by preventing a hack, in Euros per product" was going to be the KPI.
So now a bunch of pentesters have to try and estimate what the impact of a potential, never happening (because we found it) vulnerability would have been on our company, if exploited by a malicious actor.
After a while of guesstimating this they started giving us flack for the number going down. We tried explaining over and over again that this makes no sense as a KPI. We're just guessing essentially. But no, they want the KPI and they shall get the KPI.
So now we just guesstimate the potential cost a little higher every month, but not too much.
I cannot understand why there are not 3 or 4 categories of incidence severity (user data exposed, etc. I think there is a standard or multiple) and management maps each of those to a quantity in euros. Then everyone would get what they want, since it is just an estimate.
> Why would your first instinct be to lie about what's happening with the business? To what end?
If your compensation or continued employment is tied to metrics, especially metrics that aren't inherently valuable, then there's much more incentive to game/fudge them than to do the work to actually resolve them.
The article touches on this somewhat. If you tie any sort of monetary benefit to KPI results, you've created an incentive to either game the system or lie. If you lose the context of the work by trying to simplify metrics and then base people's worth on those metrics, people aren't going to care as much about the quality of their work.
Humans are lazy. Most take the path of least resistance. You're incentivized to hit a goal - if you can hit that goal with minimal effort by obfuscating or exaggerating to naive management, why wouldn't you? You're just an IC, a worker bee, you probably don't have equity or any real ties to the company's overall success (which isn't an engineer's job to define in the first place).
I think op is saying that he is gaming the stupid system, to be a bit less stupid and unfair. Not that he wants to cheat or not fix issues.
Classifications of issues is indeed important, but if management is not playing a fair game, then neither am I, while still doing my job, tracking and fixing bugs efficiently
But why would you do this???
Holy cow, some of these comments. As someone fixing bugs, why would you not be interested in the classification, status and tracking of bug-related data? Why would your first instinct be to lie about what's happening with the business? To what end?
Honestly, this thread has me wondering if the average worker does so little that they see KPIs as a way of being accountable, and don't want that in any manner.