James Governor's Monkchips

Bugzilla for Compliance/IT Governance – War Stories, anyone?

Share via Twitter Share via Facebook Share via Linkedin Share via Reddit

I have spoken to major organizations, such as Royal Bank of Scotland, using Bugzilla to manage application development and issue tracking. As such this service is (hopefully) part of an IT Governance structure. There are plenty of vendors out there with products in this regard, and some of them even have customers. I am looking for stories about Bugzilla used in a Governance context; that is, as part of a Compliance Oriented Architecture.

I meant to throw this out there yesterday, as part of my answer to James McGovern’s COA call to action.

James wants to see analysts fill out stories about how users and using stuff, and also to see COA buildout, and also to push analysts to properly consider open source technology in their models. I am therefore trying to kill three birds with one stone. lets see if stories and anecdotes come to me. One reason i am fascinated by Bugzilla in this context is that is it also used in some cases to manage outsourced app dev. Quality control becomes harder and more critical when distributed across borders.

How is your organization using Bugzilla?
Is this purely a development function, or is it tied into a broader IT Governance strategy.
Are you using Bugzilla in non-IT contexts at all?Or perhaps IssueZilla.

I am just as interested to know if you evaluated, ignored or love the tool.

Now i just need some trackbacks to get the request out there – so lets start with a couple of folks from the Bugzilla team…
Dave, Christian, Zach

And then maybe folks like Robert, and even skeptics like littlesquare.

Oh yeah- what about O’Reilly types? Nathan?

I should also ask some IT-Governance folks such as Chris Byrne.

If this post bears any fruit i will take it off the tree and stick it in our new wiki.


  1. Though Eclipse is no longer run by IBM, they are one of the most publicly visible users of Bugzilla I know of. Perhaps you should contact someone from Eclipse.org? Some links below:

    Eclipse Project Management Committee:

    Eclipse Bugzilla instance

  2. Joel Spolsky promotes the use of his Bugzilla competitor FogBugz as more than just a defect-tracking system. He calls it project-management software, now. That’s pretty close to governance, if you can promote the use of metabugs focused on your organization in your organization.
    Also, I think it was the Mozilla organization’s pervasive use of
    meta- and tracking bugs — and therefore the incorporation of those features into Bugzilla — that made it possible to use BZ as more than a defect-tracking system.

    In a lot of ways, Siebel and Radiance and those systems solve a big part of this problem already. A COA is just a CRM system that’s aimed at yourself and regulators rather than at customers. And Bugzilla’s natural affinity to metabugs and tracking bugs makes it easier to use it as a CRM system in addition to tracking code defects.

  3. “Joel Spolsky promotes the use of his Bugzilla competitor FogBugz as more than just a defect-tracking system. He calls it project-management software, now.”

    Atlassian’s Jira is moving in this direction, though I don’t think they make those kind of claims. Certainly we use it in Propylon as planning tool, estimation tracker, defect tracker, and support ticketing system, ie all the way across the lifecycle. We also use Bugzilla, but Jira offers a good user experience for customers.

    It’s not just the issue trackers. That’s not enough. The other tool set you should be looking at here is version control, especially when you beyond raw file management into the facilities provided by the like of Subversion, Perforce and BitKeeper.

    There is opportunity in connecting version control systems with issue trackers and for those who have it, configuration management. Today things are not done at all, done by hand (error prone and inconsistent) or a far too big and process heavy to always provide value. Traceability is too expensive or too difficult, or both.

  4. When working for a medical software device company, we used BugZilla to track issues with documentation generated by the medical and regulatory affairs groups. We also integrated the BRD and FRD docs and used that highly customized BugZilla instance as the focal point for CCB meetings and reviews. There are many, many more mature applications that can get the job done today, but a few years back it was the only game in town (short of dropping a lot of cash for a half-baked solution from a big vendor).

    Today, the company that I’m working for (in the financial sector) is evaluating a range of solutions that span IT process control, governance, and compliance. For my own recommendation I consider Atlassian’s offerings (JIRA and Confluence) a much more compelling offering than Bugzilla – then again – you (sometimes) get what you pay for. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *