The Software Intelligence Blog

  • CAST Discusses Software Risk and Measuring Development Productivity in Belgium

    In the past decade, it’s become even more obvious that reducing software risk has one of the strongest correlations to cost and overall impact on the value of all applications. That is why last month we organized a CIO conference with our partners Steria in Belgium focused on software risk and productivity management. The objective of the conference was to identify a roadmap for efficient software risk and productivity management practices to better control cost, minimize risks, and increase the value of enterprise applications.

    Don’t miss out on our videos from the conference exploring reducing business risks and improving productivity.

  • The Problem with Ignoring the Code Quality of Open Source Applications

    Thanks to the Heartbleed bug, the code quality of open source software was thrown into the limelight this year as the world realized how unsecure the IT services they use daily actually are. However, while enterprise IT organizations have come to realize the benefits of using open source, blindly trusting the open source community to catch every mistake in the code is not a sound business decision, and quite frankly, unfair towards open source developers.

tst mze
  • Guest Webinar: Software Quality Metrics that Enable Velocity for Large IT

    What does it mean to institute software quality and velocity in large IT set-ups? Many organizations have IT teams that diverge into two separate groups. One group works in the “Scrum” -- following the speed of the business, adapting new technologies, and pushing innovation. The second group is still in the traditional waterfall-driven operational and process management IT model. How would you address the velocity vs. quality tradeoff when bridging both opens the door for software issues?

  • Wall Street IT Execs: Don’t Ignore Software Risk

    Today there is no question that monitoring software risk analytics has become a critical enabler to management and many business processes. Executives in any technology-driven business know that, if they're not already working on big data and real-time analytics, they're falling behind their competition.

  • Executive IT Decision Making: Am I Properly Measuring IT Risk?

    Business decisions made in organizations today are moving away from a gut feeling and more towards data-driven, objective decision making. But what can IT do to prepare? For IT to have true visibility and scientific decision-making into their application development they need to have a view at the end product itself -- its stability, robustness, performance, security, and development velocity.

  • #FacebookDown is a Trend For Now, But Could Turn Into an IT Risk Management Nightmare

    When the entire Facebook platform -- including mobile, web, and third party apps -- went down last week, users took to Twitter hashtag #FacebookDown in a blind panic to lament the social media outage. Though these outages might seem harmless and commonplace, Facebook’s reputation rides on their users’ ability to log onto Facebook from anywhere, at any time. And the more Facebook users have to turn to Twitter or other social networks to have their online voices heard, the harder it will be for them to log back in.

  • Technical Debt Measurement Webinar: Reversal Strategy Q&A Follow Up

    Last Wednesday we had an excellent and very interactive webinar discussion with David Sisk and Scott Buchholz, Directors at Deloitte Consulting, LLC. David and Scott are experts regarding technical debt -- both at a technical hands-on level as well as the strategy and governance topics in IT. So, we talked about the symptoms and causes of technical debt in large IT environments, as well as the organization and processes that need to be put in place in order to reverse the normal trend of technical debt accrual.

    One of the topics that came up a lot is how to get the business onboard. Our guest presenters gave us some very interesting approaches to making the case, even when the immediate symptoms of the debt are not evident to business stakeholders. I think this discussion by itself is valuable to listen to.

    Another topic that came up a lot in the Q&A was different ways of asking how to set up a technical debt measurement program.  As in our last webinar, we wound up going a couple minutes over our timeslot to address some of the questions, but we had to leave many unanswered due to time. The goal here is to try and answer some of those questions in our blog. If anyone wants to get into a more detailed discussion on any of these points, please contact us and we’ll be happy to talk to you. So, here goes:

  • ComTimeCastWarner: An Application Portfolio Management Nightmare

    In a merger, integrating company names is hard enough -- imagine having to integrate massive application portfolios?

    As the Justice Department and the FCC evaluate the proposed merger between corporate behemoths Time Warner Cable and Comcast, I wonder if the C-suite at both companies are investing as much time evaluating the health and security of one another’s application portfolio. Historically, technical due diligence has lagged greatly behind the financial due diligence.

  • Fishackathon: Fishing for Sustainable Code

    Few moments compare to the pressure-filled environments of hackathons, where the best developers from around the globe cram into a rented room with 24 hours to conceive, design, and create an app that wins a chance to present an idea, showcase talent, and gain invaluable exposure.

  • Guest Webinar: How to Reverse Your Technical Debt

    The term ‘technical debt’ and the challenges it can bring are becoming more widely understood and discussed by IT and business leaders alike. But many organizations are still struggling with how to mobilize a plan to eliminate technical debt and fix related issues.

  • CAST Talks IT Risk Management and the Benefits of Human Capital in Madrid

    Last week, CAST celebrated the third edition of its CIO Conference in Spain examining the tandem between IT risk management and productivity improvement. CAST has captured the greatest moments and posted the pictures from the conference here!

  • Software Analytics and the Economic Impact of Measuring ADM Quality and Productivity

    IBM and MIT Sloan found that businesses managed with analytics perform 2.2 times better than those without. Fact-based metrics allow CEO’s, business leaders and even CIOs to make better and quicker decisions about projects, service providers, business, and budgets.

  • CRASH Webinar: Code Quality Q & A Discussion

    We just finished up the 30-minute webinar where Dr. Bill Curtis, our Chief Scientist, described some of the findings that are about to be published by CAST Research Labs. The CRASH (CAST Research on Application Software Health) report for 2014 is chock full of new data on software risk, code quality and technical debt. We expect the initial CRASH report to be produced in the next month, and based on some of the inquiries we’ve received so far, we will probably see a number of smaller follow-up studies come out of the 2014 CRASH data.

    This year’s CRASH data that we saw Bill present is based on 1316 applications, comprising 706 million lines of code – a pretty large subset of the overall Appmarq repository.  This means the average application in the sample was 536 KLOC. We’re talking big data for BIG apps here. This is by far the biggest repository of enterprise IT code quality and technical debt research data. Some of the findings presented included correlations between the health factors – we learned that Performance Efficiency is pretty uncorrelated to other health factors and that Security is highly correlated to software Robustness. We also saw how the health factor scores were distributed across the sample set and the differences in structural code quality by outsourcing, offshoring, Agile and CMMI level.

  • Code Quality Infographic: You Are What You Code!

    Like it or not you are what you code! In the aftermath of the Heartbleed bug, we've seen how the impacts of poor code quality can extend far beyond a single application or organization. And IT executives are now faced with the stunning realization that good code isn't just a software development issue -- it’s a reflection of your business and reputation.

  • Launch Party Wrap-Up: Software Risk Management Goes to Broadway

    With the cost of U.S. data breaches increasing nine percent from last year, and the news of Target CEO Gregg Steinhafel announcing his resignation amidst the fallout of their massive credit card breach, every IT organization has software risk management top of mind in 2014.

  • CAST Application Risk Analytics Launch Post-Event

    The CAST Application Risk Analytics Launch Party which took place at the Art Directors Club last Wednesday, April 23, in the heart of Manhattan was a success. CAST has captured these memorable moments.

  • Webinar: Get The Most Out Of Your Software Risk Management Strategy This Year

    Register to hear CAST SVP & Chief Scientist, Dr. Bill Curtis, discuss the current state of the IT software industry and it’s impact on your software risk management strategy.

  • Join CAST as we “launch” application risk analytics into spring!

    Spring is in the air, and that can only mean one thing: Application risk analytics! Not exactly what you were expecting? While neither are those pesky architectural glitches that are slowing down your software development and thrusting your CIO and software teams into the limelight.

  • The Heartbleed bug: how 7 missing lines of code impacted over two thirds of the Internet

    On April 7, the IT industry was rocked when it was announced that over 60 percent of the Internet -- even secure SSL connections -- were vulnerable to attack due to a new weakness codenamed Heartbleed. The weakness lives in the OpenSSL cryptographic software library, which encrypts sessions between consumer devices and websites. It’s usually referred to as the “heartbeat” since it pings messages back and forth. Hence the name of the bug.

  • CISQ Aims to Bring Software Quality Sanity Back to Federal Outsourcing

    The current state of outsourced application development is a sorry state of affairs because of myriad software quality issues causing unprecedented glitches and crashes. It’s not that all outsourcers are making terrible software, rather, it’s that governments and organizations have no way of accurately measuring the performance, robustness, security, risk, and structural quality of the applications once they’ve been handed the keys.