The Software Intelligence Blog

tst mze
  • Was Lack of Proper Code Analysis Tools a Root Cause of Juniper Networks Security Backdoors?

    With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.

    As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

  • Blackphone Update Removes Critical Security Threat: Did Code Quality Issues Contribute to the Problem?

    As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.

    What Was the Security Issue?

    The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:

    • Voice Calling
    • Text Messaging
    • Video Conferencing
    • File Transfers
  • Supporting Our Global Community

    As we come together to help those affected by recent global tensions, we have made a charitable donation of $10,000 to Doctors Without Borders/Médecins Sans Frontières (MSF) on behalf of the CAST community. We believe that our citizenship transcends geography and political borders as we are united within one, universal community.

    CAST is proud to support an organization that values people and upholds their right to medical care regardless of gender, race, creed, religion or political affiliation. In over 60 countries around the world, MSF saves lives by providing medical aid where it is needed most — in armed conflicts, epidemics, natural disasters and other crises.

  • IT Leaders Address the Value of Software Measurement & Government Mandates Impacting Development

    IT leaders from throughout the federal government discussed the value of how software measurement can positively impact their development process at CAST’s recent Cyber Risk Measurement Workshop in Arlington, VA – just outside of the Washington, D.C. area. The event brought together more than 40 IT leaders from several governmental agencies, including the Department of Defense and Department of State, system integrators and other related organizations. The group shared their experiences in how their respective organizations are driving value to end users and taxpayers.

  • Key Discussion Points from Forrester Webinar: Agile Portfolio Management Requires Rapid Transparency

    Application portfolio analysis was at the center of discussion as Forrester Research Vice President and Principal Analyst, Margo Visitacion, presented how Agile development is affecting the application development process and IT’s portfolio planning. Ms. Visitacion explained that in the “Age of the customer,” they want more for less and expect companies to fluidly change based on their needs and demands. As companies shift their attention to customers’ experiences rather than production figures, it’s leading directly to higher revenue and a longer-lasting relationships.

  • Software Risk: Executive Insights on Application Resiliency

    Software risks to the business, specifically Application Resiliency, headline a recent executive roundtable hosted by CAST and sponsored by IBM Italy, ZeroUno and the Boston Consulting Group.  European IT executives from the financial services industry assembled to debate the importance of mitigating software risks to their business.

  • Software Quality and Developer Productivity: Together Improve Efficiency

    Software Quality and Developer Productivity took center stage last week during a software development and productivity event hosted by Leda and CAST.  Findings from two studies showed that application benchmarking is essential to measure software quality and development team productivity.
    Merino, CAST’s Solutions Designer explained that, “It is necessary to understand the state of applications, and to base your strategy on that data. In addition, measurement, to be effective, accurate and accepted by others, must be based on standards.” Merino further explained how software measurement and analysis has different objectives, the primary purpose is to make better decisions based on real data; decision that help increase revenues or reduce costs.

  • Faltering Software Quality and Standards: Why Programmers Should Stop Calling Themselves Engineers

    In the current tech scene, it has become common practice to refer to programmers as engineers. It seems that if you aren't part of sales or marketing teams you are now entitled to being designated as an engineer. However, what has been forgotten over the 50 years of looking to turn software development into a legitimate engineering practice, is that we still haven't reached the aspiration of being just that: a legitimate engineering practice. Traditional engineers have to go through stringent regulation, certification, and apprenticeships in order to gain the title. This creates an implicit responsibility of providing reliability and public safety. Software development hasn't reached this point yet - software quality and standards are not universally valued.

    So why is the tech industry using the engineering title to describe its technical workers?

  • Bad Software Quality Crashes Airlines’ IT Systems, Again: When Is Enough Enough?

    Southwest Airlines is the latest victim of the airline scandal. What scandal? It’s the one where airlines continue to cause travel delays due to poorly managed IT systems. It’s the one that caused Southwest to delay 836 flights on Monday and distribute HAND written tickets to passengers because of a ‘software glitch’. Southwest isn’t alone. United Airlines grounded hundreds of flights in July and American Airlines did the same in September and April. How long will consumers have to wait before these organizations figure out that the glitches are caused by bad software quality, which creates bad service?

  • Software Benchmarks and Benchmarking

    Reifer Consultants LLC’s recent white paper, Software Benchmarks and Benchmarking, discusses software benchmarking process and provides information on industry

  • Software Analytics: Nine Steps to Create Better IT Budgets

    All businesses recognize the importance of developing software within a budget. But how do you put together that IT budget in the first place? CAST has worked with a successful CIO to create a guideline of best practices (>Click Here To Download It<). Saad Ayub, formerly CIO at Scholastic and The Hartford, suggests nine ways analytics supports better IT budgets.

  • Software Risk: 4 Case Studies in Software Quality and Software Schedules by Capers Jones

    This post is taken from Capers Jones, VP and CTO, Namcook Analytics LLC original paper Software Risk Master (SRM) Estimating Examples For Quality and Schedules.

  • IT Trends 2016: Insights from the CAST CIO and IT Leaders’ Roundtable Discussion

    Last week, CAST, a global leader in software analytics, invited more than 100 IT professionals to participate in a software risk and analytics roundtable in New York, NY. The daylong exchange included CIOs, industry analysts, systems integrators and IT advisory firms. As an outcome of this gathering, CAST published an IT Trends 2016 Report. The following post attempts to capture some of the exchange between participants and key takeaways.

  • IT Trends 2016

    Topping the list of IT Trends 2016 is helping CIOs take advantage of Big Data for themselves, while cutting through the clutter. Accelerating the time from data to decision requires analytics that highlight areas of risk and opportunity in support of business decisions, not technical ones. Proactive, predictive insight arms CIOs with the ability to ask the right questions, to challenge the status quo and surface technical risks that jeopardize revenue, reputation or brand. Real-time solutions that improve the signal-to-noise ratio top the CIO’s wish list for 2016.

  • Measuring Legacy Systems for Technical Debt and Quality

    Legacy Code

    When a business develops software, new technologies eventually outgrow the software. But that doesn’t mean the software stops working, which is why businesses continue to use legacy software. In fact, after all the fixes and patches, the legacy software still gets used because it simply works, even if it means the users are forced to run older operating systems and older web browsers to use it.

  • Join Fellow CIOs & Executives for a Session on Software Risk Management

    Consider this an invitation….to find out how you can significantly reduce the risk that exists within your applications.

    With data centers growing from dozens of single servers to hundreds or thousands of virtual servers distributed throughout the globe with software that has to accommodate such large scales, managing risk has never been so important. Software development today uses shorter cycles, continuous delivery, and agile techniques that can create additional risk.

  • Software Quality Gets Better through Standardization NOT Innovation

    DARPA's quest for better software quality is honorable but misguided.

    Terminator 2: Judgment Day, Carolco Pictures

  • What Do Software Analytics and Your Doctor Have in Common?

    Recently, the U.S. government has implemented healthcare reimbursements based on the outcome of medical treatments, rather than a traditional fee-for-service approach.   These performance-based programs are designed to improve healthcare quality while lowering treatment cost.  It’s this outcomes-based approach that Fortune 500 companies are considering as a way of reducing ADM costs while improving software quality.