Jonathan Bloom
Jonathan Bloom - Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Making the Case for Better Transparency in IT Modernization.
CIO Perspective: Applying Software Intelligence to Analyze Legacy Stacks
How Software Intelligence Can Close the Security Gap in Software Development.
Secure Software Development: Error Sends UK’s NHS ‘Once More into the Breach’
Using Software Intelligence to understand where and why DevOps goes awry.
DevOps: 5 Steps to Get Derailed Projects Back on Track
Outlining the importance of secure, reliable software for the air travel industry.
CIO Perspective: Software Intelligence Puts SITA in Front of Airlines’ Back-Office App Issues
Software Intelligence holds the key to a successful transition from DevOps to DevSecOps.
DevSecOps Requires More than DevOps Patching
To compete in a fast-paced digital world, CIOs need the best information about software health to make smart decisions.
CIO Perspective: Using Software Intelligence to Make Better Modernization Decisions
Naresh Choudhary from Infosys explains how the company is using Software Intelligence to improve software quality by up to 15%.
CIO Perspective: Software Intelligence as a Foundation for Machine Learning and AI
Cristina Alvarez, former CIO of Telefónica, shares why understanding software is increasingly important to business operations.
CIO Perspective: Why Software Intelligence is Imperative in a Digital World
Overcoming organizational hurdles to adopt an Agile culture can be tough, but the pay-off is huge.
How Fannie Mae Uses Software Intelligence: Six Steps to Successful DevOps
Connected devices in healthcare may be putting you at risk, but not in the way you imagine.
When Software Quality Becomes a Life or Death Matter
It doesn’t matter how many days removed we are from sipping champagne, singing "Auld Lang Synge" and making New Year’s resolutions, we still need to look back at 2017, lest we repeat the same mistakes we've already made.
2017: The Year of MotS (More of the Same)
Fashion retailer Forever 21 joined a very trendy, yet unexclusive club earlier this month when it announced its point-of-sales systems may have been breached. This blog examines how to integrate automated code review into application security strategies.
Don’t Be ‘Forever’ Vulnerable: Improve Your AppSec Posture
Cybersecurity is a hot-button issue these days. You can barely go a few weeks without hearing about a company suffering a breach that puts the business at risk. With all eyes focused on making software more secure, a happy side effect might just be a streamlining of software modernization initiatives.
Will Cybersecurity Efforts Change the Game for Software Modernization?
When you are a consumer credit company, victimized recently by a serious security breach where hackers exploited an application vulnerability to steal the personal information of roughly 143 million people, what do you do for an encore? For Equifax, the encore may be “get hacked a second time.”
An Encore for Equifax?

Companies worldwide use SAP, but SAP by itself does not resolve all of an organizations issues. As a result, a number of organizations need to customize SAP applications to suit their purposes, but this has met with mixed results.

CAST today released the results of the 2014-2015 CRASH Report for SAP, which revealed more than half of those organizations opting to customize SAP applications have encountered increased application risk, additional software risk management costs and disruption of critical business processes.

CRASH Report: Customized SAP Apps Increase Application Risk, Decrease Business Performance

In business, measurement is key. It’s not a new concept, of course, but it’s one that information technology has enabled to be implemented to a higher degree than ever before. Function point analysis is one of those areas where, like initiatives such as Six Sigma, the ability to measure can help insure ultimate success.

Function Points Analysis: On Point at Federal Productivity Workshop

There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.

Is Application Security Risk a Result of Outsourcing?

Over the past decade, advancements in static analysis tools from both commercial and open source communities have dramatically improved the detection of developer violations of good coding practices. The ability to detect these issues in coding practices provides the promise of better software quality.

Software Quality is More than Good Code

For the last half-decade, a debate has raged over which project management method reigned supreme – Agile or Waterfall. To determine which held the advantage, some looked at the management techniques and fluidity with which projects were completed, others judged the debate by pointing to the structural quality of the applications being developed.

Agile-Waterfall Hybrid Best for Structural Quality According to CRASH Report Findings

Dr. Carol Woody of SEI was recently featured on a CISQ webinar about the correlation of software quality and software security. Her lessons on this topic highlight why software security cannot be something added after-the-fact, it must rather be factored into the development of software applications from the moment coding begins.

This is a lesson that companies such as Sony need to learn. While past breaches like the ones carried out by the LulzSec group in 2011, affected their customers and cost them dearly in terms of reputation and reparations, the one they suffered late last year hurt them much closer to home when cyber criminals breached Sony’s entire network and threatened to expose all stolen data.

Poor Software Quality Impacts Application Security

If you read the news these days, one would think that software security is something that is layered on top of existing software systems. The truth is, however, that software security needs to be woven into the very fabric of every system and this begins with eliminating vulnerabilities by measuring software quality as the system is built.

During the CAST Software Quality Fall Users Group, Dr. Carol Woody, PhD, senior member of the technical staff at the Software Engineering Institute (SEI) at Carnegie Mellon University, whose research focuses on cyber security engineering, discussed the importance of software quality as a basis for security.

Making Software Quality the First Measure of Software Security

Last month in this space I wrote about the importance of optimizing the cost-effectiveness of Captives (i.e., Global In-House Centers) by setting metrics and enhancing process transparency for better management of them. For these management methods to work, though, an organization needs to employ automated function points as a way to way to gain insight about current costs and supplied value, which can then be used to enhance received output from current or future providers.

Automated Function Points Provide Data-Driven Captives Management

They say “if something works, don’t fix it.” This old adage may be the reason behind why some organizations hold onto legacy systems longer than they should, but it is also the reason why these same organizations struggle with software complexity. In fact, according to the GAO, Uncle Sam spends 80 percent of its $86.4 billion IT budget on legacy systems.

Digital Transformation Keeps Software Complexity from Becoming a CIO’s Legacy

Barbara Beech, an expert in the field of IT development for telecommunications companies, recently spoke to CAST in a video chat about her experience using software analysis and measurement as well as automated function points to gain visibility into IT vendor deliverables.

As a solution to gaining visibility into IT vendor deliverables, Beech points to the CAST Automated Function Points (AFP) capability – an automatic function points counting method that is based on rules defined by the International Function Point User Group (IFPUG). CAST automates the manual counting process by using the structural information retrieved by source code analysis, database structure and transactions.

VIDEO: IT Expert Calls Upon Automated Function Points for Vendor Management

Benjamin Rehberg, Partner and Managing Director of the Boston Consulting Group and former consultant for IBM Global Business Services, discusses the importance of both IT risk management and application portfolio management (APM) in a video conversation with CAST. He looks at the challenges for IT leaders, the need for software measurement and discusses how IT transformation can improve business operations.

IT RISK MANAGEMENT: A Conversation with BCG’s Benjamin Rehberg

There’s an old adage in the IT industry – you can’t manage what you can’t measure. Knowing how complex an organization’s application portfolio is provides insight into how to manage it best. The problem is the issues that comprise software complexity – legacy system remnants, antiquated code, overwritten and rewritten code, the integration of formerly proprietary applications, et al – are the same things that make measuring it difficult.

With multiple system interfaces and complex requirements, the complexity of software systems sometimes grows beyond control, rendering applications and portfolios too costly to maintain and too risky to enhance. Left unchecked, software complexity can run rampant in delivered projects, leaving behind bloated, cumbersome applications. In fact, Alain April, an expert in the field of IT maintenance, has stated, “the act of maintaining software necessarily degrades it.”

Five Reasons You MUST Measure Software Complexity

As IT organizations face increasing demands from business, their IT systems have become increasingly complex. Today’s applications are typically a heterogeneous web of systems and software from an array of vendors and custom development.

Top 5 Reasons to Use Code Analysis Tools with Automation to Establish Vendor Management Metrics

Have you performed code analysis on your software recently? If not, you are in good company as many companies are failing to do the one thing that could improve their software security – making sure the software isn’t vulnerable to an attack to begin with.

Closing the Back Door thru Code Analysis

The Consortium for IT Software Quality (CISQ), will host an IT Risk Management and Cybersecurity Summit on March 24 at the OMG Technical Meeting at the Hyatt Regency Hotel in Reston, VA. The CISQ IT Risk Management and Cybersecurity Summit will address issues impacting software quality in the Federal sector, including: Managing Risk in IT Acquisition, Targeting Security Weakness, Complying with Legislative Mandates, Using CISQ Standards to Measure Software Quality, and Agency Implementation Best Practices.

CISQ Hosts IT Risk Management & Cybersecurity Summit

Companies seeking to reduce time to market while improving application quality, today usually choose between assigning application development projects to either in-house teams or outsourced system integrators (SI). However, the cost arbitrage of Global In-House Centers (GIC), better known in the industry as “Captives,” continues to provide advantages in cost competitiveness that cannot be overlooked

5 Keys to Optimizing Cost-Effectiveness of Captives

For Jay Ferro, CIO of the American Cancer Society, his employer’s mission hits far closer to home than those of most others in his position. The father of three boys, Ferro lost his 36-year-old wife, Priscilla, to cervical cancer in January 2007. In her memory, he founded Priscilla's Promise, a non-profit organization that brings greater awareness to cervical cancer.

IT Transformation Benefits for American Cancer Society Can’t Be Understated

During last week’s webinar on IT Transformation featuring Marc Cecere, vice president and principal analyst for Forrester Research, many questions presented by participants went unanswered due to time constraints. Because these questions are likely being asked by many in the IT arena, we asked Marc’s webinar co-host, Pete Pizzutillo of CAST to provide answers to the three most frequently asked questions.

IT Transformation Webinar Questions Answered

In today’s software-driven business world, IT transformation has become an enormous component of business transformation and software risk management. This is one of the key messages delivered by Marc Cecere, Vice President and Principal Analyst for Forrester Research, during a webinar held recently on Business Transformation, which was sponsored by CAST, Inc.

IT Transformation Major Component of Biz Transformation

My six-year-old can tie her own shoes. I honestly did not realize how big of a deal that was until her teacher told me a few months ago that she had, for a short time, become the designated shoe tier in her classroom. Apparently, thanks to the advent of Velcro closures for kids’ shoes, nobody else in her kindergarten class knew how to tie their shoes.

Mozzilla Thinks Crashes are a GOOD Thing...Really?

I have been an East-Coaster all my life. I’ve lived, worked and even attended college in states that all lie East of the Mississippi. However, throughout my 18 years working in the technology business, my clients have been spread out around the U.S. and abroad. I’ve found myself doing phone calls before the sun rises and well after it has set. That’s just the way it is in this business.

The Personnel Side of Technical Debt

I’m not one who believes in fortune tellers or those who claim to be able to predict the future. Heck, I don’t even read my horoscope and cringe whenever someone attempts to force it upon me. Only when my wife has attempted to read me my horoscope have I offered even as much as a polite “hmm.” Nevertheless there are many out there who swear by those who claim to be able to predict the future, especially in the financial industry.

Foretelling Facebook’s IPO Failure

Before I could enjoy my Father’s Day brunch this past weekend, I found myself with a list of things to do around the house – cleaning out the garage, vacuuming the car, replacing our mailbox which “someone” in my family (not me) ran over. The latter of these tasks, of course, required that I go out and purchase some tools and supplies – a new post, new box, numbers for the box and a post digger - to get the job done.

Who’s Minding the Store?

Developing software, like almost any facet of business, often can be overtaken by some rather sinful thoughts and actions. This is why I really enjoyed a recent post on GigaOm by Magne Land, scrum master and tech lead at RightScale who compares issues within software development to the “Seven Deadly Sins.”

Overcoming the Need for Greed

We’re a society that is always looking for the “next big thing.”

Just check out the TV listings. We tune in to find out who will be the “Next Top Model,” “Next Food Network Star,” “Next Design Star” and “Next Iron Chef.” Technology is also quite interested in “The Next Big Thing” as witnessed by the 19.9 million results you get when you Google “Next Big Thing in Technology.” But while most of the TV “Next” searches focus on the individual, most of the “next big things” discussed in Tech have been on a trend level.

Next AppDev Star

Catchy slogans are catchy for two good reasons – the put an extremely true point into very simple, succinct language. This is probably why they call these true, simple statements, “catch phrases.”

One of the most effective catch phrases of my youth was for a product called Fram Oil Filters. Sometime in the 1970’s, Fram came out with a set of television and radio commercials where a mechanic would explain how a simple thing like replacing your oil filter on a regular basis could prevent major engine problems. The catch phrase uttered by the mechanic at the end of each commercial was, “You can pay me now, or you can pay me later.”

Shortcuts Today Lead to Shortcomings Tomorrow

By definition, standards are supposed to be a set of bare minimum requirements for meeting levels of acceptability. In school, the students who took the “standard” level courses were those who were performing “at grade level” and just focused on graduating. Every April in the United States we need to decide whether we will take the “standard deduction” – the bare minimum we can claim for our life’s expenses – or do we have enough to itemize our living expenses and therefore deduce more from our base income before taxes.

Living Up to Standards

Since the time of my first household chores, I cannot recall an age when I did not look at a “to do” list of mine and see the need to prioritize things. Whether it was taking out the trash first because trash collection was the next day or recognizing the need to finish edits to a press release going out the next day, prioritization has always been the first step to me getting work done.

I don’t think I’m alone on this one. Prioritization is probably as important to getting things done successfully as the actual taking on of a task.

Priorities: Fix it First!

I love my job!

I’ve always been an avid writer, even as a kid. So when it came to career choices my decision to enter a profession that demanded writing skills seemed like a natural fit.

I started out as a newspaper reporter, following in my father’s footsteps, but as the jobs and money there began drying up in the mid-1990’s I took my interest in Technology and made the jump to writing for high tech companies and have been happy doing this job ever since.

Quality is a Happy Place

Almost everyone has heard about the Titanic and the sinking of the unsinkable.  I guess if you assume your ship is unsinkable, having only 20 lifeboats for a few thousands people seems reasonable.  Maybe it gets overlooked when there are so many important “features” to get right on the maiden voyage.   I’m sure the pressure to ensure the comfort of hundreds of VIP’s must have been immense.  Sometimes it takes a real disaster for change to take place.

Is your Critical Application the next Titanic?

With every passing day the world’s technical debt continues to expand.  Industry research shows the average business application carries as much as $2 million in Technical Debt.  Analysts at Gartner estimate industry IT debt at $500 billion---and on target to reach $1 trillion by 2015.   What’s interesting about Technical Debt is every ADM team knows they have some, but how much and how critical the debt is typically remains a mystery.  Most financial debt obligations are easy to calculate and definitively known at any given time.  Of course both Financial and Technical Debt both become frightening when they are aggregated, just take a look at a national debt clock if you don’t agree.

Time to Get Smart about Technical Debt

My tastes in entertainment are pretty broad. While I really enjoy attending sporting events and when Bruce Springsteen is in town I lay aside nearly everything else to attend his concert (as I did in Boston on March 26), I’m also one who enjoys catching a Broadway or Off Broadway Show now and then. In fact, I over the next six weeks I will attend two Red Sox games and two shows at the New World Stages theatre in Midtown.

Replaying the Data Breach Blues

I hate Geometry.

Actually, I do not hate the concept of Geometry – I’m rather partial to shapes and appreciate the need to calculate the areas, perimeters, volumes, et al that they represent. What I hate about the subject – or should I say “hated” (past tense) since I haven’t had a Geometry class since the mid-1980’s – were the proofs I had to do in order to get full credit for my work.

Will the REAL Agile Please Stand Up?

I’ve never been much of a horror movie fan. I think my deep-seated love and background of history and my fascination for things that are real diminishes my ability to kick back and allow my wits to be uprooted by monsters and other ghoulish figures like Jason from Friday the 13th or Freddie Krueger from Nightmare on Elm Street.

New Year, Same Fear

I couldn’t let this week go by without making at least one mention of what is taking place this weekend. This annual event held every year since the year I was born brings most of the United States to a mesmerized halt on the first Sunday in February…and this year I’ll be more mesmerized than I have been the past few years.

Sacking the Hackers

Legendary football coach Vince Lombardi once said that "Winning isn't everything; it's the only thing." But decades after Lombardi's Green Bay Packers dominated the NFL, a new slogan joined the sports lexicon - "moral victory."

Mobilizing Security Failure

One of my favorite television shows these days is one of the highly successful USA Network dramas called “White Collar.” The plot revolves around a stellar FBI agent and a highly educated criminal mastermind, who specializes in art thefts and forgeries, whom the FBI agent brought to justice. The FBI agent then turns the criminal into a consultant to the FBI and together they go on to flourish as a crime-fighting team, clearing 94% of their caseload.

Who Secures Security?

My father was proud of his military service. He believed that young men and women could learn a lot not only from having served in the armed forces, but from having actually experienced the stress that comes with "taking fire."

Taking Fire over Technical Debt

As a writer, I frequently go back and review pieces I’ve written over time. When I do, I’d like to think that I’ll be happy and satisfied with each and every article, announcement, blog or brochure.

Hey Agile: Good Enough Ain’t Good Enough

Some among us may remember Earl Scheib who owned a chain of auto painting facilities; at least, that's what he called them. In actual fact, his shops were a national joke. In his TV commercials he would tell viewers, “I’ll paint any car for $99.95” and would promise one-day service. He did just that, but as the old saying goes, "You get what you pay for."

Speed Kills

After listening for many years about the European debt crisis, the downgrading of U.S. debt and every other tale of woe about debt, I believe my patience is owed an enormous debt...and seeing as today is my birthday I would like it paid off immediately!

Stop Passing the Buck on Technical Debt

My wife often jokes that we had a child for the sole purpose of giving me a good reason to read Dr. Seuss' books on a regular basis. When she does this I object- vehemently; she is absolutely wrong! I would most definitely read Dr. Seuss whether or not I had a child.

Will You Source Them Here or There

Marketers frequently discuss the benefits of market leadership – the ability to charge premium pricing, attract the best talent, retain customers – and the like. Today, there is a new metric: if you develop operating systems, applications and other kinds of software, if someone isn’t trying to hack your work, then you must not be a market leader.

The Dark Side of the Limelight
p>Last week, CAST issued a report on the summary findings of its second annual CAST Report on Application Software Health (aka CRASH), which delves into the structural quality of business application software. The report has earned significant coverage throughout the technology media, including InformationWeek, InfoWorld and Computerworld, as well as the Wall Street Journal.

A Crash Course on CAST’s New CRASH Report

As we all know, Sundays are for football, and this past Sunday brought some choice matchups. Although I am a devout fan of the New England Patriots, one of my favorite games paired the undefeated Green Bay Packers, led by quarterback Aaron Rodgers, and Eli Manning's New York Giants. Tied with less than two minutes to go in regulation, Rodgers did his best Tom Brady imitation, leading his team on a spectacularly engineered drive that preserved their as-yet unblemished record.

What the New York Giants Can Teach Us about Software Quality

Recently, @dangerroom posted about a computer virus infecting the software that manages the U.S. Air Force’s Predator and Raptor drones -- the ones that perform reconnaissance and attack insurgents in Afghanistan, Iraq and other hot spots. The software hasn’t prevented the drone program from continuing, but so far the Air Force has resisted attempts to remove it.

What We Don't Know is Hurting Us

Kudos to Roger Sessions, the CTO of ObjectWatch. Recently, Sessions took a stand supporting “the intentional architectural design of simplicity into a software application,” which he dubbed “simplility.”

Sealed with a K.I.S.S.: Keeping IT Software Simple

In just over 250 days, the eyes of the world will turn to London, England, for the opening of the Summer Olympic Games. Athletes from countries around the globe are deep into training regimens in preparation for the largest stage of athleticism on the planet.

Olympic Hacking

November’s most popular day in the United States is arguably the fourth Thursday of the month – Thanksgiving Day. In the Tech industry, however, it is the second Tuesday of the month – yesterday to be exact – that garners heightened interest. The reason for the additional interest is that the second Tuesday of the month means Microsoft Patch Tuesday.

And this month in particular there was a bit more interest in Patch Tuesday than is ordinary, only the added interest was not due to the patches released by Microsoft; in fact, those were quite light. It was a kernel patch NOT released that drew the greatest attention.

Microsoft Ducks Duqu

Last week’s admissions of bugs in newly released software by Apple and Google were just the latest reminders that the battle between bringing software products to market quickly and optimizing software quality is coming to a head in a year that has seen far more than its share of software outages, malfunctions and security breaches. Most of these problems have been the direct result of problems with the structural quality of software and have cost the companies hit by them a great deal both financially and in terms of reputation.

Toast, Coffee & Software Quality

I keep asking the question over and over again in this blog – why won’t tech companies take the time and get it right before getting it out?

Marketing over Matter

As a parent to a young kid, nights out are pretty rare. But every now and then, my daughter's "Auntie Ellen" will throw us a bone and watch our daughter overnight so we can hit the town. We're very grateful, of course, but more often than not, our daughter returns home in full-on crazy mode. We can never be entirely sure the reasons - apparently, much like the Las Vegas ads, "What Happens at Auntie Ellen's, Stays at Auntie Ellens" - but we suspect the crazies were brought on by free-flowing sugar binges and a very late bedtime.

Luckily, sugar highs and sleep deprivation in a kid whose childcare was "outsourced" to one of her favorite aunts are pretty easy to remedy. The same cannot be said, however, for faulty software builds that were outsourced to an offshore team.

Become an Outsourcing Over-SEA-er

While it was far from being the “shot heard ‘round the world” of Revolutionary War fame, the cyber attack on the Pacific Northwest National Laboratory over July 4th weekend this year did represent a significant first blow in the search for liberty for that organization – specifically, liberty from being hacked.

Seeking Independence from Being Hacked

For those of us who remember the 90's, two lessons stand out that would be wise to heed in today's highly interconnected technology kitchen:

You Are What You Eat: Secrets to Healthy IT

We know there’s “no such thing as a free lunch,” that “freedom isn’t free” and that if you get something for free, you probably got what you paid for. Even in the tech industry, when we talk about open source software, we immediately think “free”, yet instantly jump to the old caveat of “think free speech, not free beer,” the idea there being that open source is the layer-by-layer developed product of well-intentioned developers seeking to produce high quality software that competes with established applications.

Sibling Rivalry: Code Quality & Open Source

Back in August, "CIO Zone" posted a blog outlining the top five cloud computing trends. Smack-dab in the middle of the top five was this one: "Custom cloud computing services," which delved into how outsourced IT organizations must focus on automated software and become experts in migrating to SaaS, PaaS and IaaS in order to ensure the least painful cloud migrations. It brought to mind how, in an effort to save money, so many businesses blindly hand over their whatever-it-is-to-be-done to outsourcers and hope for the best.

Clouding the Outsourcing Issue

I cannot believe how much our education system has changed. When I went to kindergarten, most of curriculum revolved around getting along with others (a lesson some will argue never took with me) and some basic verbal skills. I learned at my daughter's kindergarten orientation that blocks and finger painting have been replaced by geography, math, science and civics.

Structural Quality Must Be Part of Agile Vocabulary

Bravo to Joe Little, who writes the Agile & Business blog.

Little recently penned a piece about the intersection of Scrum and technical debt titled “Scrum Hates Technical Debt.” I’m sure it does, but I think what he really means is that true Scrum hates technical debt.

Scrum & Technical Debt: Love the One You're With

I’m strictly an “American Car” guy. Every car I’ve ever owned since my 1988 Ford Escort when I was in college has been American made.

It’s not so much that I’m “gung-ho” pro-Union or some staunch advocate of only buying products made in the USA – although if two products were comparable I’d probably give the “Made in the USA” label the nod. Honestly, I’ve looked at foreign vehicles when car shopping, but the best deals I've found continue to come from my local Ford dealer.

Software Quality Haunts Honda

Agile development celebrates a half-birthday this month, so I figured it was time to reflect upon my comments a few months ago when I took it to task for not taking software quality more seriously.

More on Agile at 10…and a Half

“S” stands for security, something “S” organizations like Sony and Sega appeared to have too little of earlier this year. You could also say “S” represents the U.S. Dollar sign ($) that is associated with the FDIC and IRS, both of which have recently fallen victim to phishing attacks and have had their security compromised. Unfortunately, they are not alone; organizations that start with many letters of the alphabet have fallen victim to security issues this year.

Sunny Day, Sweepin’ the Hacks Away

It’s not uncommon for organizations to hold onto their application software and IT systems longer than they should. This is particularly true for government agencies – Federal, state and local. When you combine an “if it ain’t broke, don’t fix it” mentality with budget cuts and comfort levels of staffers, there is little impetus for change.

Patrolling for Issues in Legacy Apps

There’s a huge dichotomy in how the private and public sectors address security breaches.

Execution of Government IT: I’m All For It!

A couple weeks back I read the most vastly understated opening line of a blog that I’ve seen in the six months since I began blogging here on OnQuality.

Blogger @tadanderson, a .NET architect by trade, recently opened a post on his Real World Software Architecture blog by noting, “Finding the perfect balance of influence between IT and the Business Owners… is not easy.”

Technical Debt Gets the Message Across

I’m a big fan of things that make sense. Simple explanations, using metaphors to explain the otherwise inexplicable, incorporating landmarks into driving directions and splitting up large projects to get them done faster are all concepts with which I find favor.

This is why, when I first learned about Scrum, it seemed like a valid way to develop software faster, or at least more efficiently. In my mind, it made sense that if you were to build multiple parts of a single application simultaneously and then bring them together, the final product could be built much faster.

Unscrambling Scrum

Whenever a company chooses to outsource, there is a certain relinquishment of control. It is simply neither possible nor desirable to hold tightly to the reins of all aspects of an outsourced project. It stands to reason, therefore, that studies in the industry have revealed that many in IT management either are dissatisfied with their outsourcers or feel their outsourcers have “made up” work to pad their billings.

New Partnership CASTs Eye on Outsourcing

Look around you. Microsoft says that if you’re among a group of people working on a PC, at least one of you has a machine infected with malware.

Based on statistics gathered by its free scanning tool, Microsoft Safety Scanner, Microsoft reported last month that 5% of computers – one out of every 20 – are infected with malware. The average number of malware applications on each infected machine? Nearly 3.5. With this much malware out there, it’s little wonder we’re seeing such a high number of security breaches at major corporations.

Microsoft Mulls Malware

We woke today to the news that back in March a Pentagon defense contractor was the subject of a cyberattack by an unidentified nation state that resulted in 24,000 sensitive files being stolen.

The Enemy Within

As you may know from my bio here, I’m a big fan of Boston sports. So you can understand how thrilled I was a few weeks ago when “my” Boston Bruins won the Stanley Cup for the first time since I was my daughter’s age!

It wasn’t easy for them, though. Through the first round of the playoffs, they looked like they could be a “one-and-done” team and everybody – including some alleged diehard fans – were already calling for the dismissal of their head coach because of their anemic performance. Nevertheless, they made the necessary adjustments, got some stellar work out of key individuals, overcame a few adversities and in the end proved to be the best team in the National Hockey League this year.

In Defense of Agile

Sony, Sega, RSA, the International Monetary Fund, the Arizona Department of Public Safety, even the CIA. It seems no organization – private or public – is immune to hackers these days.

Hackers are Getting Smarter; are You?

One of my favorite reads among tech bloggers is Dion Hinchcliffe over at ZDNet. I’ve followed his blogs for much of the last five years and whether I agree with him or not, I almost invariably find his points compelling and his willingness not to mince words refreshing; he even makes the occasional light bulb go off in my head.

Structural Quality: The Invisible Hand

Last fall, Gartner’s Andy Kyte issued a wake-up call about technical debt that was akin to a piano being dropped on the head of the IT industry. In estimating that technical debt – the cost to fix the structural quality problems in an application that, if left unfixed, put the business at serious risk – has already reached $500 billion globally and is fast on its way to exceeding $1 trillion by 2015, Kyte stirred up a hornet's nest of activity around the topic.

ID’ing the Debt

It was recently reported that within the next couple months the meteoric rise of Android Market is all but certain to overtake the iPhone App Store in terms of the number of applications offered. Taken on face value, this should come as little surprise to anyone.

Going Gaga over Google

The rate at which security issues have plagued businesses lately is staggering. Every week we hear of multiple vulnerabilities, millions of personal data records being exposed and corporations watching profits dwindle as reparation costs for these breaches extend into millions and even billions of dollars.

Insecure Over Quality

Human beings are an odd animal. We’re the only animal that experiences embarrassment over mistakes; some say we’re the only animal that realizes we make them. We also run a full gamut of emotions when we make mistakes – from frustration and self-deprecation to humor and acceptance.

Developers: They're Only Human

I’ve written quite a bit about the spate of businesses that have suffered some form of disruption over the last few months – security breaches at Sony, Android malware attacks, system outages at the London Stock Exchange, operational system failures on London’s East Coast Line and numerous others. All these cases have had one thing in common: they all have had software structural issues as their root causes.

Managing Risk, Avoiding Disruption

From the earthquake and tsunami in Japan back in March to the tornadoes that have ripped through the Midwestern United States over the last two months, we have been witness to the violence and destruction Mother Nature can inflict without warning.

As we begin to move on from the shock of the destruction wrought by these natural disasters, we turn our attention to the recovery, both in human terms and in terms of business.

Avoid Disaster in Disaster Recovery

The hits keep coming for Sony. Unfortunately for the music label and technology icon, though, its latest hits aren’t the ones that chart on Billboard, but rather the kind that cost it money and give the company a black eye in the media.

Sony: 'Oops!...I did it Again!'

In the Bible, when Moses returns to Mount Sinai after smashing the Ten Commandments, God says to him, “The LORD, the LORD, the compassionate and gracious God, slow to anger, abounding in love and faithfulness, maintaining love to thousands, and forgiving wickedness, rebellion and sin. Yet he does not leave the guilty unpunished; he punishes the children and their children for the sin of the parents to the third and fourth generation.”

Insight into the Rewrite

System outages, software failures, security breaches and IT maintenance costs are all rapidly on the rise. It seems like not a day goes by that we don’t read about one company or another announcing that their system went down or revealed personal data to hackers. Couple that with published estimates of technical debt at a half-billion dollars globally and $1 million per company and you see that things are getting out of hand. The sad part about it is it doesn’t have to be that way.

CAST Highlight Gives Enterprises a Kick in the Apps

Happy Birthday to Agile Development! You’re 10 years old now; that’s an important age. A lot of things start happening at age 10. The pre-teen years start and things will seem to get awkward. Most important, a lot more will be expected of you.

Agile Turns 10 – Time to Grow Up

Usage of Google’s Android mobile platform is growing at an exponential rate; unfortunately, so is the malware being developed to attack it.

On Monday came the news of the Malicious Mobile Threats Report 2010/2011, released last week by the Juniper Networks Global Threat Center, that reveals a frightening statistic: since the summer of 2010, “Android malware has surged 400 percent.” What is to blame? According to eWEEK’s Fahmida Y. Rashid, the report cites user naiveté and general nonchalance as a major reason for malware developers putting a big 'bulls-eye' on the Android platform.

All of this begs the question: As Android sales continue to rise at exponential rates and overtake sales of all other smartphone platforms, at what point does someone tell Google it needs to do a better job of policing its app store?

Mobile App Development: Many Questions, Few Answers

There once was a time when "settlers" were a hearty bunch. They were determined, adventurous folks who risked all to head out from their homes in the East to grab a piece of the unknown in the West on the premise of “what might be.”

Quality Doesn’t have to be an Afterthought

I’d like to begin by offering a resounding THANK YOU to CAST’s worldwide roster of customers and partners. It’s because of you that the good news just keeps coming from CAST!

Forecast Upbeat for CAST

Outsourcing is not exactly a new idea. As far back as the 1950’s, companies that found they didn’t have the resources in-house to perform tasks began looking to other individuals and companies to fulfill their needs. It wasn’t until the late 80’s that outsourcing really began to take off as companies turned to “offshoring” of outsourced projects to countries such as China and India in order to take advantage of the savings in labor costs.

IT Outsourcing: Do You Know Where Your Software Is?

It’s nearly impossible these days to pick up a trade publication covering the tech industry without reading something about cloud computing. The plethora of coverage is enough to make one think that cloud computing is the latest technological panacea, good for everything from live data storage to data archiving and all enterprise needs in between.

Who’ll Stop the Rain: Seeking Quality in the Cloud

Whether it’s in sports, medicine, music or even a military operation, I’m a firm believer in the “best man for the job” concept. This is why Agile, or more specifically, Scrum development, sounds to me like a smart play for an organization.

Is Agile Enough to Ensure Quality?

We’ve known it all along, and now the rest of the Tech industry has been told thanks to the folks at Gartner who earlier this month named us to their “Cool Vendors in Application Services, 2011” report.

Yeah, We’re Cool

In software development, much like in life, a little debt can actually be a good thing to get other more critical things moving. Although in previous blogs we have defined technical debt as “the cost to fix structural quality problems in an application that, if left unfixed, could put the business at risk,” engaging in a small, manageable amount of technical debt can actually make a project move faster and facilitate reaching the objective of executable application software. This was the thought of Ward Cunningham, the originator of the technical debt concept.

But as Derek Huether points out in his technology consulting blog for Dumas Lab regarding technical debt, “Just like regular debt, you’re going to have to pay it back sooner or later. “

Technical Debt: No Penalty for Early Payment

Let me start by saying that RSA is a name I generally equate with security of enterprise systems. That belief made it even more surprising a few weeks ago when I read that the security giant had been the victim of a cyber attack.

To be Forewarned is to be Forearmed

It’s Patch Tuesday again. The monthly rite of passage for Microsoft as it attempts to patch some of the holes in its software that it didn’t bother to fix before they put it in the box as well as those exposed after the software had been installed in millions of devices.

It’s Tuesday; Do You Know Where Your Patches Are?

Last week on the East Coast Main Line, which connects London to Edinburgh, a software malfunction left five trains stranded mid-track and significantly delayed others after a power supply issue knocked out the signaling system. According to reports, software that should have instructed the backup signaling system to kick in failed to function, causing all signals on the line to default to “Red,” halting trains where they stood. The failure left more than 3,000 rail passengers stranded or delayed for more than five hours on a Saturday afternoon.

When Good Software Goes Bad

Each year, software errors cost U.S. corporations in excess of $60 Billion for repairs and maintenance costs. The problem is pandemic, affecting companies of all sizes from those topping the Fortune list to pre-IPO start-ups.

And the cost of software failures is not only financial. The hit to a company’s reputation that results from software malfunctions can result in lost customers, lost new business and damaged reputation, compounding the costs to fix the problem. When it comes to software, quality counts!

Waylaying the 'Elephant in the Room'

There are many different levels of software quality related crises in the IT world. There are those that are a mere inconvenience, like when Twitter, Facebook or Gmail go down. There are those that pose a significant business difficulty, like when a number of financial organizations faced outages recently. In the medical industry, however, software quality failures go beyond inconvenience and difficulty; they result in life and death consequences!

Software Quality IS a Matter of Life & Death

Earlier this week, our own Jitendra Subramanyam joined industry luminary Capers Jones, Chief Scientist Emeritus of Software Productivity Research (SPR) to co-host a webinar on curbing application software outages like the ones seen in the financial sector over the past couple months. The webinar, titled “Stop High-Profile Outages by Quantifying Application Risks,” focused on the importance of static analysis of application software during the build and/or customization phases to identify potential issues than can them be fixed, preventing a future outage.

Non-Risky Business: Using Static Analysis to Ensure Software Quality

“Once more into the breach, dear friends…” wrote William Shakespeare in his epic work, Henry V.

Once More into the Breach

On the night of his ship’s maiden and lone voyage, the skipper of the Titanic saw the top of an iceberg, swerved  to avoid it, and in doing so piloted his ship’s hull directly into the monstrous portion of the iceberg that lied unseen beneath the surface of the ocean, tearing apart the “unsinkable” ship. Had he known what lied beneath the surface, his reaction likely would have been much different and could have yielded a very different, possibly positive result.

Titanic Dilemma: The Seen Versus the Unseen

Recently, Gartner Research VP and Fellow David Cearley hosted a webinar to discuss his group’s take on the top strategic technology trends for 2011.  The webinar followed closely the trends Gartner had announced in conjunction with its Symposium/ITExpo last October in Orlando.

Gartner Tech Trends for 2011…Or Rather the One They Forgot

Recently, Gartner Analyst Andy Kyte made quite a stir when he published a report that brought to the forefront just how expensive the cost of software maintenance is becoming for the IT industry.  As reported by Patrick Thibodeau in Computerworld, Kyte cited what he called IT Debt as already standing at $500 billion and fast on its way to surpassing $1 Trillion globally.

Don’t Dawdle on Debt: Establishing a Technical Debt Action Plan

Very often when describing a concept, technique or any way of doing something, you hear people quip, “It’s not rocket science.” While normally this holds true for static analysis of business applications, the difference between the capabilities of the type of automated analysis and measurement offered by CAST versus manual structural analysis can make the former seem like rocket science.

Sometimes it is Rocket Science

Discussions in the industry about technical debt have been focused on the IT costs involved in remediation and the potential risk to the company if applications deployed with poor structural integrity fail to perform optimally, or fail completely.

The Financial Implications of Technical Debt