The 2014 CRASH Report finds applications built with either Agile or Waterfall methods alone are more susceptible to security, reliability, performance, and cost issues
September 17 2014--New York/London—CAST, a leader in software analysis and measurement, today revealed new findings from its 2014 CAST Research on Application Software Health (CRASH) that confirms enterprise software built using a mixture of Agile and Waterfall methods – with an up-front emphasis on architectural quality and design – will result in more robust and secure applications than those built using either Agile or Waterfall methods alone.
“This research confirms a suspicion that many in the industry have long held – but that some in the Agile community ignored: Development teams that disregard architectural quality at the start of development are introducing serious business risk into their organization,” says Dr. Bill Curtis, SVP and Chief Scientist at CAST and primary author of the CRASH Report. “Our research shows that applications produced using traditional Agile or Waterfall methods alone have more security vulnerabilities, more reliability and performance issues, and a higher cost to maintain than those produced with a mixed method. It’s time to take the religion out of software development and get back to sound software engineering.”
Analyzing architectural and code quality weaknesses in 186 different enterprise-grade applications built using Java-EE, the CRASH Report found that over three quarters of the robustness, security, and changeability scores for applications developed with a mix of Agile and Waterfall methods were higher than the median scores for projects using only Agile methods. In essence, applications developed and maintained using a mix of Agile and Waterfall methods were found to have far fewer architectural and code quality weaknesses that could result in outages, security breaches, or lengthy enhancement cycles. In addition, there was less variation in the structural quality of applications developed with an Agile/Waterfall mix compared to projects developed using other methods. The report did not find differences in architectural or code quality between applications developed with only Agile or Waterfall methods. However, applications reported to be developed using no defined method resulted in the lowest code quality.
“There are quite a few organizations claiming they’re Agile, but aren’t actually following how it was designed. Rather, they use it as an excuse to do whatever they want and crank out code quickly,” says CAST Executive Vice President Lev Lesokhin, a co-author of the report. “Other Agile organizations assume that the right architecture will emerge over time, only to run into problems down the line trying to refactor the architecture with a growing code base. It’s becoming increasingly important to secure your architectural quality and design before writing the first line of code.”
The CRASH Report also produced the first confirmation that the code quality of applications produced by low maturity, CMMI Level 1 organizations is significantly worse than that produced by organizations appraised at CMMI Level 2 or higher. Whether applications were developed in-house or outsourced had no impact on code quality, and whether they were developed on-shore or off-shore had only minor effects. Applications developed for more than 5000 users, typically those that are customer-facing, were found to have higher code quality than those developed for use by fewer than 5000. For those interested in more findings from the 2014 CRASH Report, you can register today to receive a copy of the Executive Summary when it’s published in mid-September.
CAST is a pioneer and world leader in Software Analysis and Measurement, with unique system-level code analysis technology resulting from more than $100 million in R&D investment. CAST introduces fact-based transparency into application development and sourcing to establish management discipline and drive continual improvement. More than 250 companies across all industry sectors and geographies rely on CAST to prevent business disruption while reducing hard IT costs. CAST is an integral part of software delivery and maintenance at the world's leading IT service providers.
Founded in 1990, CAST is listed on NYSE-Euronext (Euronext: CAS) and serves IT intensive enterprises worldwide with a network of offices in North America, Europe and India.
For more information about CAST:
Benedict Sycamore / Keso Kendall
email@example.com / firstname.lastname@example.org
0208 237 1056 / 0208 237 1104
The Press Release download should start shortly. If not, click on the button below: