Jonathan Bloom
Jonathan Bloom - Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Is Application Security Risk a Result of Outsourcing?

There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.

Software Quality is More than Good Code

Over the past decade, advancements in static analysis tools from both commercial and open source communities have dramatically improved the detection of developer violations of good coding practices. The ability to detect these issues in coding practices provides the promise of better software quality.

Agile-Waterfall Hybrid Best for Structural Quality According to CRASH Report Findings

For the last half-decade, a debate has raged over which project management method reigned supreme – Agile or Waterfall. To determine which held the advantage, some looked at the management techniques and fluidity with which projects were completed, others judged the debate by pointing to the structural quality of the applications being developed.

Poor Software Quality Impacts Application Security

Dr. Carol Woody of SEI was recently featured on a CISQ webinar about the correlation of software quality and software security. Her lessons on this topic highlight why software security cannot be something added after-the-fact, it must rather be factored into the development of software applications from the moment coding begins.

This is a lesson that companies such as Sony need to learn. While past breaches like the ones carried out by the LulzSec group in 2011, affected their customers and cost them dearly in terms of reputation and reparations, the one they suffered late last year hurt them much closer to home when cyber criminals breached Sony’s entire network and threatened to expose all stolen data.

Making Software Quality the First Measure of Software Security

If you read the news these days, one would think that software security is something that is layered on top of existing software systems. The truth is, however, that software security needs to be woven into the very fabric of every system and this begins with eliminating vulnerabilities by measuring software quality as the system is built.

During the CAST Software Quality Fall Users Group, Dr. Carol Woody, PhD, senior member of the technical staff at the Software Engineering Institute (SEI) at Carnegie Mellon University, whose research focuses on cyber security engineering, discussed the importance of software quality as a basis for security.

Automated Function Points Provide Data-Driven Captives Management

Last month in this space I wrote about the importance of optimizing the cost-effectiveness of Captives (i.e., Global In-House Centers) by setting metrics and enhancing process transparency for better management of them. For these management methods to work, though, an organization needs to employ automated function points as a way to way to gain insight about current costs and supplied value, which can then be used to enhance received output from current or future providers.

VIDEO: IT Expert Calls Upon Automated Function Points for Vendor Management

Barbara Beech, an expert in the field of IT development for telecommunications companies, recently spoke to CAST in a video chat about her experience using software analysis and measurement as well as automated function points to gain visibility into IT vendor deliverables.

As a solution to gaining visibility into IT vendor deliverables, Beech points to the CAST Automated Function Points (AFP) capability – an automatic function points counting method that is based on rules defined by the International Function Point User Group (IFPUG). CAST automates the manual counting process by using the structural information retrieved by source code analysis, database structure and transactions.

Five Reasons You MUST Measure Software Complexity

There’s an old adage in the IT industry – you can’t manage what you can’t measure. Knowing how complex an organization’s application portfolio is provides insight into how to manage it best. The problem is the issues that comprise software complexity – legacy system remnants, antiquated code, overwritten and rewritten code, the integration of formerly proprietary applications, et al – are the same things that make measuring it difficult.

With multiple system interfaces and complex requirements, the complexity of software systems sometimes grows beyond control, rendering applications and portfolios too costly to maintain and too risky to enhance. Left unchecked, software complexity can run rampant in delivered projects, leaving behind bloated, cumbersome applications. In fact, Alain April, an expert in the field of IT maintenance, has stated, “the act of maintaining software necessarily degrades it.”

Closing the Back Door thru Code Analysis

Have you performed code analysis on your software recently? If not, you are in good company as many companies are failing to do the one thing that could improve their software security – making sure the software isn’t vulnerable to an attack to begin with.

CISQ Hosts IT Risk Management & Cybersecurity Summit

The Consortium for IT Software Quality (CISQ), will host an IT Risk Management and Cybersecurity Summit on March 24 at the OMG Technical Meeting at the Hyatt Regency Hotel in Reston, VA. The CISQ IT Risk Management and Cybersecurity Summit will address issues impacting software quality in the Federal sector, including: Managing Risk in IT Acquisition, Targeting Security Weakness, Complying with Legislative Mandates, Using CISQ Standards to Measure Software Quality, and Agency Implementation Best Practices.

5 Keys to Optimizing Cost-Effectiveness of Captives

Companies seeking to reduce time to market while improving application quality, today usually choose between assigning application development projects to either in-house teams or outsourced system integrators (SI). However, the cost arbitrage of Global In-House Centers (GIC), better known in the industry as “Captives,” continues to provide advantages in cost competitiveness that cannot be overlooked

IT Transformation Major Component of Biz Transformation

In today’s software-driven business world, IT transformation has become an enormous component of business transformation and software risk management. This is one of the key messages delivered by Marc Cecere, Vice President and Principal Analyst for Forrester Research, during a webinar held recently on Business Transformation, which was sponsored by CAST, Inc.

Time to Get Smart about Technical Debt

With every passing day the world’s technical debt continues to expand.  Industry research shows the average business application carries as much as $2 million in Technical Debt.  Analysts at Gartner estimate industry IT debt at $500 billion---and on target to reach $1 trillion by 2015.   What’s interesting about Technical Debt is every ADM team knows they have some, but how much and how critical the debt is typically remains a mystery.  Most financial debt obligations are easy to calculate and definitively known at any given time.  Of course both Financial and Technical Debt both become frightening when they are aggregated, just take a look at a national debt clock if you don’t agree.

A Crash Course on CAST’s New CRASH Report
p>Last week, CAST issued a report on the summary findings of its second annual CAST Report on Application Software Health (aka CRASH), which delves into the structural quality of business application software. The report has earned significant coverage throughout the technology media, including InformationWeek, InfoWorld and Computerworld, as well as the Wall Street Journal.

What We Don't Know is Hurting Us

Recently, @dangerroom posted about a computer virus infecting the software that manages the U.S. Air Force’s Predator and Raptor drones -- the ones that perform reconnaissance and attack insurgents in Afghanistan, Iraq and other hot spots. The software hasn’t prevented the drone program from continuing, but so far the Air Force has resisted attempts to remove it.

Olympic Hacking

In just over 250 days, the eyes of the world will turn to London, England, for the opening of the Summer Olympic Games. Athletes from countries around the globe are deep into training regimens in preparation for the largest stage of athleticism on the planet.

Toast, Coffee & Software Quality

Last week’s admissions of bugs in newly released software by Apple and Google were just the latest reminders that the battle between bringing software products to market quickly and optimizing software quality is coming to a head in a year that has seen far more than its share of software outages, malfunctions and security breaches. Most of these problems have been the direct result of problems with the structural quality of software and have cost the companies hit by them a great deal both financially and in terms of reputation.

Seeking Independence from Being Hacked

While it was far from being the “shot heard ‘round the world” of Revolutionary War fame, the cyber attack on the Pacific Northwest National Laboratory over July 4th weekend this year did represent a significant first blow in the search for liberty for that organization – specifically, liberty from being hacked.

Clouding the Outsourcing Issue

Back in August, "CIO Zone" posted a blog outlining the top five cloud computing trends. Smack-dab in the middle of the top five was this one: "Custom cloud computing services," which delved into how outsourced IT organizations must focus on automated software and become experts in migrating to SaaS, PaaS and IaaS in order to ensure the least painful cloud migrations. It brought to mind how, in an effort to save money, so many businesses blindly hand over their whatever-it-is-to-be-done to outsourcers and hope for the best.

Scrum & Technical Debt: Love the One You're With

Bravo to Joe Little, who writes the Agile & Business blog.

Little recently penned a piece about the intersection of Scrum and technical debt titled “Scrum Hates Technical Debt.” I’m sure it does, but I think what he really means is that true Scrum hates technical debt.

Sunny Day, Sweepin’ the Hacks Away

“S” stands for security, something “S” organizations like Sony and Sega appeared to have too little of earlier this year. You could also say “S” represents the U.S. Dollar sign ($) that is associated with the FDIC and IRS, both of which have recently fallen victim to phishing attacks and have had their security compromised. Unfortunately, they are not alone; organizations that start with many letters of the alphabet have fallen victim to security issues this year.

Microsoft Mulls Malware

Look around you. Microsoft says that if you’re among a group of people working on a PC, at least one of you has a machine infected with malware.

Based on statistics gathered by its free scanning tool, Microsoft Safety Scanner, Microsoft reported last month that 5% of computers – one out of every 20 – are infected with malware. The average number of malware applications on each infected machine? Nearly 3.5. With this much malware out there, it’s little wonder we’re seeing such a high number of security breaches at major corporations.

Going Gaga over Google

It was recently reported that within the next couple months the meteoric rise of Android Market is all but certain to overtake the iPhone App Store in terms of the number of applications offered. Taken on face value, this should come as little surprise to anyone.

Mobile App Development: Many Questions, Few Answers

Usage of Google’s Android mobile platform is growing at an exponential rate; unfortunately, so is the malware being developed to attack it.

On Monday came the news of the Malicious Mobile Threats Report 2010/2011, released last week by the Juniper Networks Global Threat Center, that reveals a frightening statistic: since the summer of 2010, “Android malware has surged 400 percent.” What is to blame? According to eWEEK’s Fahmida Y. Rashid, the report cites user naiveté and general nonchalance as a major reason for malware developers putting a big 'bulls-eye' on the Android platform.

All of this begs the question: As Android sales continue to rise at exponential rates and overtake sales of all other smartphone platforms, at what point does someone tell Google it needs to do a better job of policing its app store?

It’s Tuesday; Do You Know Where Your Patches Are?

It’s Patch Tuesday again. The monthly rite of passage for Microsoft as it attempts to patch some of the holes in its software that it didn’t bother to fix before they put it in the box as well as those exposed after the software had been installed in millions of devices.

When Good Software Goes Bad

Last week on the East Coast Main Line, which connects London to Edinburgh, a software malfunction left five trains stranded mid-track and significantly delayed others after a power supply issue knocked out the signaling system. According to reports, software that should have instructed the backup signaling system to kick in failed to function, causing all signals on the line to default to “Red,” halting trains where they stood. The failure left more than 3,000 rail passengers stranded or delayed for more than five hours on a Saturday afternoon.

Non-Risky Business: Using Static Analysis to Ensure Software Quality

Earlier this week, our own Jitendra Subramanyam joined industry luminary Capers Jones, Chief Scientist Emeritus of Software Productivity Research (SPR) to co-host a webinar on curbing application software outages like the ones seen in the financial sector over the past couple months. The webinar, titled “Stop High-Profile Outages by Quantifying Application Risks,” focused on the importance of static analysis of application software during the build and/or customization phases to identify potential issues than can them be fixed, preventing a future outage.