Jonathan Bloom - Writer, Blogger & PR Consultant
Jonathan is an experienced writer with over 20 years writing about the Technology industry. Jon has written more than 750 journal and magazine articles, blogs and other materials that have been published throughout the U.S. and Canada. He has expertise in a wide range of subjects within the IT industry including software development, enterprise software, mobile, database, security, BI, SaaS/Cloud, Health Care IT and Sustainable Technology. In his free time, Jon enjoys attending sporting events, cooking, studying American history and listening to Bruce Springsteen music.
To compete in a fast-paced digital world, CIOs need the best information about software health to make smart decisions.
CIO Perspective: Using Software Intelligence to Make Better Modernization Decisions
Naresh Choudhary from Infosys explains how the company is using Software Intelligence to improve software quality by up to 15%.
CIO Perspective: Software Intelligence as a Foundation for Machine Learning and AI
Cristina Alvarez, former CIO of Telefónica, shares why understanding software is increasingly important to business operations.
CIO Perspective: Why Software Intelligence is Imperative in a Digital World
Overcoming organizational hurdles to adopt an Agile culture can be tough, but the pay-off is huge.
How Fannie Mae Uses Software Intelligence: Six Steps to Successful DevOps
Connected devices in healthcare may be putting you at risk, but not in the way you imagine.
When Software Quality Becomes a Life or Death Matter
It doesn’t matter how many days removed we are from sipping champagne, singing "Auld Lang Synge" and making New Year’s resolutions, we still need to look back at 2017, lest we repeat the same mistakes we've already made.
2017: The Year of MotS (More of the Same)
Fashion retailer Forever 21 joined a very trendy, yet unexclusive club earlier this month when it announced its point-of-sales systems may have been breached. This blog examines how to integrate automated code review into application security strategies.
Don’t Be ‘Forever’ Vulnerable: Improve Your AppSec Posture
Cybersecurity is a hot-button issue these days. You can barely go a few weeks without hearing about a company suffering a breach that puts the business at risk. With all eyes focused on making software more secure, a happy side effect might just be a streamlining of software modernization initiatives.
Will Cybersecurity Efforts Change the Game for Software Modernization?
When you are a consumer credit company, victimized recently by a serious security breach where hackers exploited an application vulnerability to steal the personal information of roughly 143 million people, what do you do for an encore? For Equifax, the encore may be “get hacked a second time.”
An Encore for Equifax?

Companies worldwide use SAP, but SAP by itself does not resolve all of an organizations issues. As a result, a number of organizations need to customize SAP applications to suit their purposes, but this has met with mixed results.

CAST today released the results of the 2014-2015 CRASH Report for SAP, which revealed more than half of those organizations opting to customize SAP applications have encountered increased application risk, additional software risk management costs and disruption of critical business processes.

CRASH Report: Customized SAP Apps Increase Application Risk, Decrease Business Performance

In business, measurement is key. It’s not a new concept, of course, but it’s one that information technology has enabled to be implemented to a higher degree than ever before. Function point analysis is one of those areas where, like initiatives such as Six Sigma, the ability to measure can help insure ultimate success.

Function Points Analysis: On Point at Federal Productivity Workshop

There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.

Is Application Security Risk a Result of Outsourcing?

Over the past decade, advancements in static analysis tools from both commercial and open source communities have dramatically improved the detection of developer violations of good coding practices. The ability to detect these issues in coding practices provides the promise of better software quality.

Software Quality is More than Good Code

For the last half-decade, a debate has raged over which project management method reigned supreme – Agile or Waterfall. To determine which held the advantage, some looked at the management techniques and fluidity with which projects were completed, others judged the debate by pointing to the structural quality of the applications being developed.

Agile-Waterfall Hybrid Best for Structural Quality According to CRASH Report Findings

Dr. Carol Woody of SEI was recently featured on a CISQ webinar about the correlation of software quality and software security. Her lessons on this topic highlight why software security cannot be something added after-the-fact, it must rather be factored into the development of software applications from the moment coding begins.

This is a lesson that companies such as Sony need to learn. While past breaches like the ones carried out by the LulzSec group in 2011, affected their customers and cost them dearly in terms of reputation and reparations, the one they suffered late last year hurt them much closer to home when cyber criminals breached Sony’s entire network and threatened to expose all stolen data.

Poor Software Quality Impacts Application Security

If you read the news these days, one would think that software security is something that is layered on top of existing software systems. The truth is, however, that software security needs to be woven into the very fabric of every system and this begins with eliminating vulnerabilities by measuring software quality as the system is built.

During the CAST Software Quality Fall Users Group, Dr. Carol Woody, PhD, senior member of the technical staff at the Software Engineering Institute (SEI) at Carnegie Mellon University, whose research focuses on cyber security engineering, discussed the importance of software quality as a basis for security.

Making Software Quality the First Measure of Software Security

Last month in this space I wrote about the importance of optimizing the cost-effectiveness of Captives (i.e., Global In-House Centers) by setting metrics and enhancing process transparency for better management of them. For these management methods to work, though, an organization needs to employ automated function points as a way to way to gain insight about current costs and supplied value, which can then be used to enhance received output from current or future providers.

Automated Function Points Provide Data-Driven Captives Management

They say “if something works, don’t fix it.” This old adage may be the reason behind why some organizations hold onto legacy systems longer than they should, but it is also the reason why these same organizations struggle with software complexity. In fact, according to the GAO, Uncle Sam spends 80 percent of its $86.4 billion IT budget on legacy systems.

Digital Transformation Keeps Software Complexity from Becoming a CIO’s Legacy

Barbara Beech, an expert in the field of IT development for telecommunications companies, recently spoke to CAST in a video chat about her experience using software analysis and measurement as well as automated function points to gain visibility into IT vendor deliverables.

As a solution to gaining visibility into IT vendor deliverables, Beech points to the CAST Automated Function Points (AFP) capability – an automatic function points counting method that is based on rules defined by the International Function Point User Group (IFPUG). CAST automates the manual counting process by using the structural information retrieved by source code analysis, database structure and transactions.

VIDEO: IT Expert Calls Upon Automated Function Points for Vendor Management

Benjamin Rehberg, Partner and Managing Director of the Boston Consulting Group and former consultant for IBM Global Business Services, discusses the importance of both IT risk management and application portfolio management (APM) in a video conversation with CAST. He looks at the challenges for IT leaders, the need for software measurement and discusses how IT transformation can improve business operations.

IT RISK MANAGEMENT: A Conversation with BCG’s Benjamin Rehberg

There’s an old adage in the IT industry – you can’t manage what you can’t measure. Knowing how complex an organization’s application portfolio is provides insight into how to manage it best. The problem is the issues that comprise software complexity – legacy system remnants, antiquated code, overwritten and rewritten code, the integration of formerly proprietary applications, et al – are the same things that make measuring it difficult.

With multiple system interfaces and complex requirements, the complexity of software systems sometimes grows beyond control, rendering applications and portfolios too costly to maintain and too risky to enhance. Left unchecked, software complexity can run rampant in delivered projects, leaving behind bloated, cumbersome applications. In fact, Alain April, an expert in the field of IT maintenance, has stated, “the act of maintaining software necessarily degrades it.”

Five Reasons You MUST Measure Software Complexity

As IT organizations face increasing demands from business, their IT systems have become increasingly complex. Today’s applications are typically a heterogeneous web of systems and software from an array of vendors and custom development.

Top 5 Reasons to Use Code Analysis Tools with Automation to Establish Vendor Management Metrics

Have you performed code analysis on your software recently? If not, you are in good company as many companies are failing to do the one thing that could improve their software security – making sure the software isn’t vulnerable to an attack to begin with.

Closing the Back Door thru Code Analysis

The Consortium for IT Software Quality (CISQ), will host an IT Risk Management and Cybersecurity Summit on March 24 at the OMG Technical Meeting at the Hyatt Regency Hotel in Reston, VA. The CISQ IT Risk Management and Cybersecurity Summit will address issues impacting software quality in the Federal sector, including: Managing Risk in IT Acquisition, Targeting Security Weakness, Complying with Legislative Mandates, Using CISQ Standards to Measure Software Quality, and Agency Implementation Best Practices.

CISQ Hosts IT Risk Management & Cybersecurity Summit

Companies seeking to reduce time to market while improving application quality, today usually choose between assigning application development projects to either in-house teams or outsourced system integrators (SI). However, the cost arbitrage of Global In-House Centers (GIC), better known in the industry as “Captives,” continues to provide advantages in cost competitiveness that cannot be overlooked

5 Keys to Optimizing Cost-Effectiveness of Captives

For Jay Ferro, CIO of the American Cancer Society, his employer’s mission hits far closer to home than those of most others in his position. The father of three boys, Ferro lost his 36-year-old wife, Priscilla, to cervical cancer in January 2007. In her memory, he founded Priscilla's Promise, a non-profit organization that brings greater awareness to cervical cancer.

IT Transformation Benefits for American Cancer Society Can’t Be Understated

During last week’s webinar on IT Transformation featuring Marc Cecere, vice president and principal analyst for Forrester Research, many questions presented by participants went unanswered due to time constraints. Because these questions are likely being asked by many in the IT arena, we asked Marc’s webinar co-host, Pete Pizzutillo of CAST to provide answers to the three most frequently asked questions.

IT Transformation Webinar Questions Answered

In today’s software-driven business world, IT transformation has become an enormous component of business transformation and software risk management. This is one of the key messages delivered by Marc Cecere, Vice President and Principal Analyst for Forrester Research, during a webinar held recently on Business Transformation, which was sponsored by CAST, Inc.

IT Transformation Major Component of Biz Transformation

I was watching the gymnastics competition at the Olympics on Sunday night and on more than one occasion heard commentators applaud competitors for their agility. As I watched these gymnasts move swiftly and with exacting precision across the beam, floor, vault and bars, I could not help but marvel at their abilities and at how appropriate a descriptor “agile” was for them.

Fast or Nimble? Agile Should be Both

My six-year-old can tie her own shoes. I honestly did not realize how big of a deal that was until her teacher told me a few months ago that she had, for a short time, become the designated shoe tier in her classroom. Apparently, thanks to the advent of Velcro closures for kids’ shoes, nobody else in her kindergarten class knew how to tie their shoes.

Mozzilla Thinks Crashes are a GOOD Thing...Really?

Happy Independence Day everybody! I only hope those of you reading this on your Android device have not turned it sideways or performed some other seemingly innocuous action that has made this application fail.

Android Application Failures Still Try Our Souls

I have been an East-Coaster all my life. I’ve lived, worked and even attended college in states that all lie East of the Mississippi. However, throughout my 18 years working in the technology business, my clients have been spread out around the U.S. and abroad. I’ve found myself doing phone calls before the sun rises and well after it has set. That’s just the way it is in this business.

The Personnel Side of Technical Debt

I’m not one who believes in fortune tellers or those who claim to be able to predict the future. Heck, I don’t even read my horoscope and cringe whenever someone attempts to force it upon me. Only when my wife has attempted to read me my horoscope have I offered even as much as a polite “hmm.” Nevertheless there are many out there who swear by those who claim to be able to predict the future, especially in the financial industry.

Foretelling Facebook’s IPO Failure

There’s a very old mantra around project quality that says, “If you want something done right, do it yourself.”

I disagree.

Great Expectations and How to Meet Them

Before I could enjoy my Father’s Day brunch this past weekend, I found myself with a list of things to do around the house – cleaning out the garage, vacuuming the car, replacing our mailbox which “someone” in my family (not me) ran over. The latter of these tasks, of course, required that I go out and purchase some tools and supplies – a new post, new box, numbers for the box and a post digger - to get the job done.

Who’s Minding the Store?

With all of the security issues appearing in the press these days, I’m often reminded of a conversation I had with John Kilroy, the former CIO at Cape Cod Hospital. At the time I was doing media relations work for a company in the Health Care IT industry and was working with Kilroy, who has been retired for the last five years, on an article for one of the publications that covers that space.

'Gate Closings' Before Gimmicks

In 1807, French playwright Charles-Guillaume Étienne penned the famous line, “On n'est jamais si bien servi que par soi-même.”

For those who do not speak French, you may recognize this now idiomatic phrase as the oft uttered, “If you want something done right, do it yourself.”

Done Off-Site, Done Right

Developing software, like almost any facet of business, often can be overtaken by some rather sinful thoughts and actions. This is why I really enjoyed a recent post on GigaOm by Magne Land, scrum master and tech lead at RightScale who compares issues within software development to the “Seven Deadly Sins.”

Overcoming the Need for Greed

It’s funny how early stress can manifest itself in human beings. Even my young daughter has found herself under stress lately as she prepares for her annual dance recital this weekend.

De-Stressing over Software

We’re a society that is always looking for the “next big thing.”

Just check out the TV listings. We tune in to find out who will be the “Next Top Model,” “Next Food Network Star,” “Next Design Star” and “Next Iron Chef.” Technology is also quite interested in “The Next Big Thing” as witnessed by the 19.9 million results you get when you Google “Next Big Thing in Technology.” But while most of the TV “Next” searches focus on the individual, most of the “next big things” discussed in Tech have been on a trend level.

Next AppDev Star

Facebook, the galactically popular social networking site that for so long has weathered friction regarding weaknesses in its software – particularly around security and privacy issues – may have seen its own IPO effort submarined by a software glitch in the NASDAQ stock exchange.

Did NASDAQ's App Glitch Cause FB's IPO Hitch?

After a very mild winter this year, the Northeast part of the country found itself stuck in a prolonged “early spring” where it seemed like but for a couple of days temperatures refused to warm up from the 40’s and 50’s. We seemed to be stuck in the ether between “actual cold” and “comfy warm” for quite a while until the past week or so.

Fix a Hole, Stop a Bug

This blog has long professed the need for businesses to analyze, measure and assess their IT application portfolios to identify those issues with application software that cause a whole spate of headaches, from application failure, to business risk to increased technical debt.

Cloud Gives Clear Vision to IT Portfolio

Catchy slogans are catchy for two good reasons – the put an extremely true point into very simple, succinct language. This is probably why they call these true, simple statements, “catch phrases.”

One of the most effective catch phrases of my youth was for a product called Fram Oil Filters. Sometime in the 1970’s, Fram came out with a set of television and radio commercials where a mechanic would explain how a simple thing like replacing your oil filter on a regular basis could prevent major engine problems. The catch phrase uttered by the mechanic at the end of each commercial was, “You can pay me now, or you can pay me later.”

Shortcuts Today Lead to Shortcomings Tomorrow

By definition, standards are supposed to be a set of bare minimum requirements for meeting levels of acceptability. In school, the students who took the “standard” level courses were those who were performing “at grade level” and just focused on graduating. Every April in the United States we need to decide whether we will take the “standard deduction” – the bare minimum we can claim for our life’s expenses – or do we have enough to itemize our living expenses and therefore deduce more from our base income before taxes.

Living Up to Standards

Since the time of my first household chores, I cannot recall an age when I did not look at a “to do” list of mine and see the need to prioritize things. Whether it was taking out the trash first because trash collection was the next day or recognizing the need to finish edits to a press release going out the next day, prioritization has always been the first step to me getting work done.

I don’t think I’m alone on this one. Prioritization is probably as important to getting things done successfully as the actual taking on of a task.

Priorities: Fix it First!

I love my job!

I’ve always been an avid writer, even as a kid. So when it came to career choices my decision to enter a profession that demanded writing skills seemed like a natural fit.

I started out as a newspaper reporter, following in my father’s footsteps, but as the jobs and money there began drying up in the mid-1990’s I took my interest in Technology and made the jump to writing for high tech companies and have been happy doing this job ever since.

Quality is a Happy Place

Almost everyone has heard about the Titanic and the sinking of the unsinkable.  I guess if you assume your ship is unsinkable, having only 20 lifeboats for a few thousands people seems reasonable.  Maybe it gets overlooked when there are so many important “features” to get right on the maiden voyage.   I’m sure the pressure to ensure the comfort of hundreds of VIP’s must have been immense.  Sometimes it takes a real disaster for change to take place.

Is your Critical Application the next Titanic?

With every passing day the world’s technical debt continues to expand.  Industry research shows the average business application carries as much as $2 million in Technical Debt.  Analysts at Gartner estimate industry IT debt at $500 billion---and on target to reach $1 trillion by 2015.   What’s interesting about Technical Debt is every ADM team knows they have some, but how much and how critical the debt is typically remains a mystery.  Most financial debt obligations are easy to calculate and definitively known at any given time.  Of course both Financial and Technical Debt both become frightening when they are aggregated, just take a look at a national debt clock if you don’t agree.

Time to Get Smart about Technical Debt

My tastes in entertainment are pretty broad. While I really enjoy attending sporting events and when Bruce Springsteen is in town I lay aside nearly everything else to attend his concert (as I did in Boston on March 26), I’m also one who enjoys catching a Broadway or Off Broadway Show now and then. In fact, I over the next six weeks I will attend two Red Sox games and two shows at the New World Stages theatre in Midtown.

Replaying the Data Breach Blues

Last week, Capgemini released its second Financial Services World Quality Report. The report cited that while corporations across the globe continue to be constrained by budget issues, the complexity and volume of application software they handle continues to increase exponentially. As a result, Quality Assurance organizations are turning more and more to the cloud and outsourcing as strategies to achieve quality applications, while attaining optimal business value.

Getting Quality to the Core of Outsourcing

I hate Geometry.

Actually, I do not hate the concept of Geometry – I’m rather partial to shapes and appreciate the need to calculate the areas, perimeters, volumes, et al that they represent. What I hate about the subject – or should I say “hated” (past tense) since I haven’t had a Geometry class since the mid-1980’s – were the proofs I had to do in order to get full credit for my work.

Will the REAL Agile Please Stand Up?

I will never be confused or lumped in with the modern assemblage of DIY’ers (Do It Yourselfers for those even less handy than I). My father was a firm believer in the idea that if you learned how to fix something yourself, you were putting someone else out of a job, and that was unfair, unpatriotic and un-American.

Fixing Broken Windows

Without going into specific finances, I make twice as much money as I did just 10 years ago. You would think this would be an indication that times, for me anyway, are good; yet I still seem to have the same question every month the week before I get paid, “Where did all my money go?”

CRASHing Into Technical Debt

It’s a presidential election year in the U.S. That means lots of attention being paid to people saying what they think they want us to hear in order to secure election to office. It also means the standard operations of government tend to fade into the background.

Take the Federal budget debate. Most years it would be forefront material, particularly in a year when Congress vowed to make significant cuts to the budget in order to reduce the deficit. With election news grabbing the spotlight every night, though, preliminary discussions have generated very little news.

Fed Should Budget for Technical Debt

I’ve never been much of a horror movie fan. I think my deep-seated love and background of history and my fascination for things that are real diminishes my ability to kick back and allow my wits to be uprooted by monsters and other ghoulish figures like Jason from Friday the 13th or Freddie Krueger from Nightmare on Elm Street.

New Year, Same Fear

Money isn’t everything…yeah, right!

There are few, if any, who are so idealistic in this world that they will actually believe money isn’t everything. It doesn’t matter if it’s the scheduled time for a television show or a high-level decision to produce a controversial product, the motivation is money.

Crash Course on CRASH Report, part 3: Technical Debt

I couldn’t let this week go by without making at least one mention of what is taking place this weekend. This annual event held every year since the year I was born brings most of the United States to a mesmerized halt on the first Sunday in February…and this year I’ll be more mesmerized than I have been the past few years.

Sacking the Hackers

Legendary football coach Vince Lombardi once said that "Winning isn't everything; it's the only thing." But decades after Lombardi's Green Bay Packers dominated the NFL, a new slogan joined the sports lexicon - "moral victory."

Mobilizing Security Failure

One of my favorite television shows these days is one of the highly successful USA Network dramas called “White Collar.” The plot revolves around a stellar FBI agent and a highly educated criminal mastermind, who specializes in art thefts and forgeries, whom the FBI agent brought to justice. The FBI agent then turns the criminal into a consultant to the FBI and together they go on to flourish as a crime-fighting team, clearing 94% of their caseload.

Who Secures Security?

Our economy goes through periods of intense merger and acquisition activity, which often reshapes entire industries dramatically in one fell swoop.

Caution: Merger Ahead

My father was proud of his military service. He believed that young men and women could learn a lot not only from having served in the armed forces, but from having actually experienced the stress that comes with "taking fire."

Taking Fire over Technical Debt

After many years of close collaboration and significant industrialization investments led initially in France, Capgemini Group has completed a worldwide investment in automation from CAST.

The agreement will enable Capgemini to extend extended CAST technology, which has been in use at Capgemini’s Application Intelligence Center since 2006, on a global basis. This will ensure the highest software quality standards in application development and maintenance across all its clients worldwide and enable Capgemini to accelerate the introduction of new application risk assessment offers based on advanced structural software analytics from CAST.

Capgemini Extends CAST Globally

As a writer, I frequently go back and review pieces I’ve written over time. When I do, I’d like to think that I’ll be happy and satisfied with each and every article, announcement, blog or brochure.

Hey Agile: Good Enough Ain’t Good Enough

Some among us may remember Earl Scheib who owned a chain of auto painting facilities; at least, that's what he called them. In actual fact, his shops were a national joke. In his TV commercials he would tell viewers, “I’ll paint any car for $99.95” and would promise one-day service. He did just that, but as the old saying goes, "You get what you pay for."

Speed Kills

I confess – I’m an “Urban Myths” junkie. That doesn’t mean I believe in every Urban Myth that comes across my email inbox; much to the contrary, in fact, I’m a born skeptic. I snicker at the widespread beliefs and openly wonder how someone could believe that Bill Gates would send them a check for forwarding an email or that Mr. Rogers was a Marine sniper or that some currently popular entertainer was born a different gender.

Crash Course on CRASH Report, part 2: New Insights

Don't bother trying to reach me the next few weekends; it’s playoff time in the NFL!

Clouding the Outsourcing Issue, part 2

After listening for many years about the European debt crisis, the downgrading of U.S. debt and every other tale of woe about debt, I believe my patience is owed an enormous debt...and seeing as today is my birthday I would like it paid off immediately!

Stop Passing the Buck on Technical Debt

My wife often jokes that we had a child for the sole purpose of giving me a good reason to read Dr. Seuss' books on a regular basis. When she does this I object- vehemently; she is absolutely wrong! I would most definitely read Dr. Seuss whether or not I had a child.

Will You Source Them Here or There

Marketers frequently discuss the benefits of market leadership – the ability to charge premium pricing, attract the best talent, retain customers – and the like. Today, there is a new metric: if you develop operating systems, applications and other kinds of software, if someone isn’t trying to hack your work, then you must not be a market leader.

The Dark Side of the Limelight
Pentagon to the Department of Energy, government organizations have been hard hit this year by IT systems outages, performance issues and security failures, most of which have stemmed from structural quality issues. But as bleak as this may sound, the good news is that these problems seem to have served as a wake-up call.

The Department of Homeland Security has already taken steps to begin addressing software structural quality issues by acknowledging they exist and bringing in IT leaders who can help them spot issues and fix them. Similarly, the U.S. Air Force announced in October that it had certified CAST's Application Intelligence Platform (AIP) to review its systems and applications and detect structural quality issues.

CAST Defends the Defenders

I’ve been accused of being a 'homer' – someone who is so devoted to the metro area he lives near that he overplays its good points and has a blind spot for its shortcomings. I make no apologies for being this way about Boston, for as the Standels sang long ago: “I love that dirty water; oh, Boston, you’re my home.”

Hacking Up a Hospital
p>Last week, CAST issued a report on the summary findings of its second annual CAST Report on Application Software Health (aka CRASH), which delves into the structural quality of business application software. The report has earned significant coverage throughout the technology media, including InformationWeek, InfoWorld and Computerworld, as well as the Wall Street Journal.

A Crash Course on CAST’s New CRASH Report

This year has been marked by high-profile outages and security breaches at global organizations like Sony, Sega, RIM, Citi, RSA, Honda, the International Monetary Fund the International Olympic Committee and multiple airlines, not to mention the U.S. Department of Defense. What each of these have in common is they each have at their root some structural quality flaw that led to malfunctions in their IT systems, failures in their application software or loss of sensitive data.

It should come as little surprise, therefore, that the 2011 CAST Report on Application Software Health (CRASH) this morning reported that organizations are squandering millions of dollars in technical debt due to issues in their application software – issues that could have been eliminated during pre-production had proper structural assessments taken place.

CRASH Report Exposes Millions in Technical Debt

As we all know, Sundays are for football, and this past Sunday brought some choice matchups. Although I am a devout fan of the New England Patriots, one of my favorite games paired the undefeated Green Bay Packers, led by quarterback Aaron Rodgers, and Eli Manning's New York Giants. Tied with less than two minutes to go in regulation, Rodgers did his best Tom Brady imitation, leading his team on a spectacularly engineered drive that preserved their as-yet unblemished record.

What the New York Giants Can Teach Us about Software Quality

Recently, @dangerroom posted about a computer virus infecting the software that manages the U.S. Air Force’s Predator and Raptor drones -- the ones that perform reconnaissance and attack insurgents in Afghanistan, Iraq and other hot spots. The software hasn’t prevented the drone program from continuing, but so far the Air Force has resisted attempts to remove it.

What We Don't Know is Hurting Us

Kudos to Roger Sessions, the CTO of ObjectWatch. Recently, Sessions took a stand supporting “the intentional architectural design of simplicity into a software application,” which he dubbed “simplility.”

Sealed with a K.I.S.S.: Keeping IT Software Simple

In just over 250 days, the eyes of the world will turn to London, England, for the opening of the Summer Olympic Games. Athletes from countries around the globe are deep into training regimens in preparation for the largest stage of athleticism on the planet.

Olympic Hacking

With the ever-growing abundance of viruses, malware and other threats to our networks, laptops, mobile and other devices, I was interested to read Peter Saddington's blog post for @agilescout that brings a software development angle to Todd Dewett’s post, “Soccer Has Ruined America.”

Gold Stars are Only for Winners

November’s most popular day in the United States is arguably the fourth Thursday of the month – Thanksgiving Day. In the Tech industry, however, it is the second Tuesday of the month – yesterday to be exact – that garners heightened interest. The reason for the additional interest is that the second Tuesday of the month means Microsoft Patch Tuesday.

And this month in particular there was a bit more interest in Patch Tuesday than is ordinary, only the added interest was not due to the patches released by Microsoft; in fact, those were quite light. It was a kernel patch NOT released that drew the greatest attention.

Microsoft Ducks Duqu

Last week’s admissions of bugs in newly released software by Apple and Google were just the latest reminders that the battle between bringing software products to market quickly and optimizing software quality is coming to a head in a year that has seen far more than its share of software outages, malfunctions and security breaches. Most of these problems have been the direct result of problems with the structural quality of software and have cost the companies hit by them a great deal both financially and in terms of reputation.

Toast, Coffee & Software Quality

I keep asking the question over and over again in this blog – why won’t tech companies take the time and get it right before getting it out?

Marketing over Matter

The issue of hacking in today’s society has gotten as serious as a heart attack – literally!

In what seems like something that should be relegated to a bad action movie or the sinister deeds of some cartoon villain, researchers have demonstrated that hackers have the capability to send radio signals that could reprogram implantable medical devices, such as pacemakers or insulin pumps. Fortunately, there have been no actual cases of fiends roaming the streets striking dead people dependent upon pacemakers, but the mere fact that it is a possibility is frightening.

Hacking the Heart of the Matter

As a parent to a young kid, nights out are pretty rare. But every now and then, my daughter's "Auntie Ellen" will throw us a bone and watch our daughter overnight so we can hit the town. We're very grateful, of course, but more often than not, our daughter returns home in full-on crazy mode. We can never be entirely sure the reasons - apparently, much like the Las Vegas ads, "What Happens at Auntie Ellen's, Stays at Auntie Ellens" - but we suspect the crazies were brought on by free-flowing sugar binges and a very late bedtime.

Luckily, sugar highs and sleep deprivation in a kid whose childcare was "outsourced" to one of her favorite aunts are pretty easy to remedy. The same cannot be said, however, for faulty software builds that were outsourced to an offshore team.

Become an Outsourcing Over-SEA-er

The Construx Software Executive Summit, which opens today in Seattle, WA, provides a forum for top executives to compare, evaluate and improve their Software Development experiences and strategies at the enterprise level. Keynoting this year’s summit will be CAST’s chief scientist, Dr. Bill Curtis, who will present on the topic, “How Governing Code Quality Reduces Business Cost and Risk."

Curtis Gives Keynote on Technical Debt at Construx

I learned recently of the passing of my first boss in the tech industry, Clint Battersby, a couple months back. Clint was a driven, highly motivated technologist. He was a creative individual with a number of patents to his name and with several tech startups founded by him.

Garbage In, Garbage Out

While it was far from being the “shot heard ‘round the world” of Revolutionary War fame, the cyber attack on the Pacific Northwest National Laboratory over July 4th weekend this year did represent a significant first blow in the search for liberty for that organization – specifically, liberty from being hacked.

Seeking Independence from Being Hacked

I was standing at the curb waiting for my daughter’s school bus to arrive when I instinctively pulled my BlackBerry Curve out of the holster on my hip. I do this dozens if not 100 times each day because I have the vibration turned down low so as not to be like “all the other” smartphone users out there who buzz every 30 seconds when they get an email or text. That doesn’t mean I check it any less, it just means I don’t buzz when I walk.

Falling Off the RIM

Organizations can ill afford to have structural quality issues bring down their software applications and interrupt the conduct of business. The implications of poor software quality are amplified if that organization is part of the government-- and accentuated even further if that organization is one charged with defending our country.

CAST Certified to Help Air Force Aim High on Structural Quality

CAST announced today an agreement with HCL Technologies, a leading global IT services company, that will augment the outsourcing company’s ASEESS-SMART software assessment services with CAST’s Application Intelligence Platform (AIP) capabilities of automated analysis and measurement.

CAST-ing Quality on HCL’s Assessment Services

For those of us who remember the 90's, two lessons stand out that would be wise to heed in today's highly interconnected technology kitchen:

You Are What You Eat: Secrets to Healthy IT

We know there’s “no such thing as a free lunch,” that “freedom isn’t free” and that if you get something for free, you probably got what you paid for. Even in the tech industry, when we talk about open source software, we immediately think “free”, yet instantly jump to the old caveat of “think free speech, not free beer,” the idea there being that open source is the layer-by-layer developed product of well-intentioned developers seeking to produce high quality software that competes with established applications.

Sibling Rivalry: Code Quality & Open Source

Ever a man ahead of his time, Albert Einstein once said, “I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”

Were he alive today, the only thing he likely would change about his statement would be how World War III would be fought. He surely would look at the threats posed by cyber attacks and surmise the most dangerous weapon of the next world war to be an invisible terror delivered electronically. He would note that the threat could come from any nation state – it would not even have to be a world power – delivered with complete stealth, hit at the most sensitive systems ,cripple infrastructures, topple economies and create chaos -- all before even a single soldier was wounded.

Government Its Own Worst Enemy in Cyber War

Back in August, "CIO Zone" posted a blog outlining the top five cloud computing trends. Smack-dab in the middle of the top five was this one: "Custom cloud computing services," which delved into how outsourced IT organizations must focus on automated software and become experts in migrating to SaaS, PaaS and IaaS in order to ensure the least painful cloud migrations. It brought to mind how, in an effort to save money, so many businesses blindly hand over their whatever-it-is-to-be-done to outsourcers and hope for the best.

Clouding the Outsourcing Issue

I cannot believe how much our education system has changed. When I went to kindergarten, most of curriculum revolved around getting along with others (a lesson some will argue never took with me) and some basic verbal skills. I learned at my daughter's kindergarten orientation that blocks and finger painting have been replaced by geography, math, science and civics.

Structural Quality Must Be Part of Agile Vocabulary

Bravo to Joe Little, who writes the Agile & Business blog.

Little recently penned a piece about the intersection of Scrum and technical debt titled “Scrum Hates Technical Debt.” I’m sure it does, but I think what he really means is that true Scrum hates technical debt.

Scrum & Technical Debt: Love the One You're With

I’m strictly an “American Car” guy. Every car I’ve ever owned since my 1988 Ford Escort when I was in college has been American made.

It’s not so much that I’m “gung-ho” pro-Union or some staunch advocate of only buying products made in the USA – although if two products were comparable I’d probably give the “Made in the USA” label the nod. Honestly, I’ve looked at foreign vehicles when car shopping, but the best deals I've found continue to come from my local Ford dealer.

Software Quality Haunts Honda

Victimized by more than a dozen hack attacks earlier this year, most of them at the hands of the LulzSec group, which gained unauthorized access to more than 100 million customer data files, the gaming, media and electronics giant has faced massive lawsuits and reparation payments not to mention the embarrassment that the massive data breaches have caused them.

Adding to the Cost of Failure

Agile development celebrates a half-birthday this month, so I figured it was time to reflect upon my comments a few months ago when I took it to task for not taking software quality more seriously.

More on Agile at 10…and a Half

Our society has a particularly annoying habit, one that’s not exclusive to any one specific walk of life, business or industry, nor is it one that we are likely to see our society give up anytime soon. The habit is known by several names, but is most commonly referred to as “finger pointing” or “the blame game.”

Dropbox Drops the Ball

“S” stands for security, something “S” organizations like Sony and Sega appeared to have too little of earlier this year. You could also say “S” represents the U.S. Dollar sign ($) that is associated with the FDIC and IRS, both of which have recently fallen victim to phishing attacks and have had their security compromised. Unfortunately, they are not alone; organizations that start with many letters of the alphabet have fallen victim to security issues this year.

Sunny Day, Sweepin’ the Hacks Away

It’s not uncommon for organizations to hold onto their application software and IT systems longer than they should. This is particularly true for government agencies – Federal, state and local. When you combine an “if it ain’t broke, don’t fix it” mentality with budget cuts and comfort levels of staffers, there is little impetus for change.

Patrolling for Issues in Legacy Apps

There’s a huge dichotomy in how the private and public sectors address security breaches.

Execution of Government IT: I’m All For It!

A couple weeks back I read the most vastly understated opening line of a blog that I’ve seen in the six months since I began blogging here on OnQuality.

Blogger @tadanderson, a .NET architect by trade, recently opened a post on his Real World Software Architecture blog by noting, “Finding the perfect balance of influence between IT and the Business Owners… is not easy.”

Technical Debt Gets the Message Across

I’m a big fan of things that make sense. Simple explanations, using metaphors to explain the otherwise inexplicable, incorporating landmarks into driving directions and splitting up large projects to get them done faster are all concepts with which I find favor.

This is why, when I first learned about Scrum, it seemed like a valid way to develop software faster, or at least more efficiently. In my mind, it made sense that if you were to build multiple parts of a single application simultaneously and then bring them together, the final product could be built much faster.

Unscrambling Scrum

Whenever a company chooses to outsource, there is a certain relinquishment of control. It is simply neither possible nor desirable to hold tightly to the reins of all aspects of an outsourced project. It stands to reason, therefore, that studies in the industry have revealed that many in IT management either are dissatisfied with their outsourcers or feel their outsourcers have “made up” work to pad their billings.

New Partnership CASTs Eye on Outsourcing

Last week’s revelation of a March cyber-attack on a U.S. Department of Defense contractor by an “unnamed foreign entity” demonstrated just how vulnerable this country has been to this “new warfare domain” as the government categorizes these cyber-attacks. Of course, as is typical of a government admission, it took four months for the Department of Defense to own up to the breach and it did so only as a means to bolster support for its new cybersecurity plan.

Did We Really Need an Act of War?

Look around you. Microsoft says that if you’re among a group of people working on a PC, at least one of you has a machine infected with malware.

Based on statistics gathered by its free scanning tool, Microsoft Safety Scanner, Microsoft reported last month that 5% of computers – one out of every 20 – are infected with malware. The average number of malware applications on each infected machine? Nearly 3.5. With this much malware out there, it’s little wonder we’re seeing such a high number of security breaches at major corporations.

Microsoft Mulls Malware

We woke today to the news that back in March a Pentagon defense contractor was the subject of a cyberattack by an unidentified nation state that resulted in 24,000 sensitive files being stolen.

The Enemy Within

As you may know from my bio here, I’m a big fan of Boston sports. So you can understand how thrilled I was a few weeks ago when “my” Boston Bruins won the Stanley Cup for the first time since I was my daughter’s age!

It wasn’t easy for them, though. Through the first round of the playoffs, they looked like they could be a “one-and-done” team and everybody – including some alleged diehard fans – were already calling for the dismissal of their head coach because of their anemic performance. Nevertheless, they made the necessary adjustments, got some stellar work out of key individuals, overcame a few adversities and in the end proved to be the best team in the National Hockey League this year.

In Defense of Agile

Sony, Sega, RSA, the International Monetary Fund, the Arizona Department of Public Safety, even the CIA. It seems no organization – private or public – is immune to hackers these days.

Hackers are Getting Smarter; are You?

One of my favorite reads among tech bloggers is Dion Hinchcliffe over at ZDNet. I’ve followed his blogs for much of the last five years and whether I agree with him or not, I almost invariably find his points compelling and his willingness not to mince words refreshing; he even makes the occasional light bulb go off in my head.

Structural Quality: The Invisible Hand

Last fall, Gartner’s Andy Kyte issued a wake-up call about technical debt that was akin to a piano being dropped on the head of the IT industry. In estimating that technical debt – the cost to fix the structural quality problems in an application that, if left unfixed, put the business at serious risk – has already reached $500 billion globally and is fast on its way to exceeding $1 trillion by 2015, Kyte stirred up a hornet's nest of activity around the topic.

ID’ing the Debt

It was recently reported that within the next couple months the meteoric rise of Android Market is all but certain to overtake the iPhone App Store in terms of the number of applications offered. Taken on face value, this should come as little surprise to anyone.

Going Gaga over Google

The rate at which security issues have plagued businesses lately is staggering. Every week we hear of multiple vulnerabilities, millions of personal data records being exposed and corporations watching profits dwindle as reparation costs for these breaches extend into millions and even billions of dollars.

Insecure Over Quality

Human beings are an odd animal. We’re the only animal that experiences embarrassment over mistakes; some say we’re the only animal that realizes we make them. We also run a full gamut of emotions when we make mistakes – from frustration and self-deprecation to humor and acceptance.

Developers: They're Only Human

I’ve written quite a bit about the spate of businesses that have suffered some form of disruption over the last few months – security breaches at Sony, Android malware attacks, system outages at the London Stock Exchange, operational system failures on London’s East Coast Line and numerous others. All these cases have had one thing in common: they all have had software structural issues as their root causes.

Managing Risk, Avoiding Disruption

From the earthquake and tsunami in Japan back in March to the tornadoes that have ripped through the Midwestern United States over the last two months, we have been witness to the violence and destruction Mother Nature can inflict without warning.

As we begin to move on from the shock of the destruction wrought by these natural disasters, we turn our attention to the recovery, both in human terms and in terms of business.

Avoid Disaster in Disaster Recovery

The hits keep coming for Sony. Unfortunately for the music label and technology icon, though, its latest hits aren’t the ones that chart on Billboard, but rather the kind that cost it money and give the company a black eye in the media.

Sony: 'Oops!...I did it Again!'

In the Bible, when Moses returns to Mount Sinai after smashing the Ten Commandments, God says to him, “The LORD, the LORD, the compassionate and gracious God, slow to anger, abounding in love and faithfulness, maintaining love to thousands, and forgiving wickedness, rebellion and sin. Yet he does not leave the guilty unpunished; he punishes the children and their children for the sin of the parents to the third and fourth generation.”

Insight into the Rewrite

System outages, software failures, security breaches and IT maintenance costs are all rapidly on the rise. It seems like not a day goes by that we don’t read about one company or another announcing that their system went down or revealed personal data to hackers. Couple that with published estimates of technical debt at a half-billion dollars globally and $1 million per company and you see that things are getting out of hand. The sad part about it is it doesn’t have to be that way.

CAST Highlight Gives Enterprises a Kick in the Apps

Happy Birthday to Agile Development! You’re 10 years old now; that’s an important age. A lot of things start happening at age 10. The pre-teen years start and things will seem to get awkward. Most important, a lot more will be expected of you.

Agile Turns 10 – Time to Grow Up

Usage of Google’s Android mobile platform is growing at an exponential rate; unfortunately, so is the malware being developed to attack it.

On Monday came the news of the Malicious Mobile Threats Report 2010/2011, released last week by the Juniper Networks Global Threat Center, that reveals a frightening statistic: since the summer of 2010, “Android malware has surged 400 percent.” What is to blame? According to eWEEK’s Fahmida Y. Rashid, the report cites user naiveté and general nonchalance as a major reason for malware developers putting a big 'bulls-eye' on the Android platform.

All of this begs the question: As Android sales continue to rise at exponential rates and overtake sales of all other smartphone platforms, at what point does someone tell Google it needs to do a better job of policing its app store?

Mobile App Development: Many Questions, Few Answers

There once was a time when "settlers" were a hearty bunch. They were determined, adventurous folks who risked all to head out from their homes in the East to grab a piece of the unknown in the West on the premise of “what might be.”

Quality Doesn’t have to be an Afterthought

I’d like to begin by offering a resounding THANK YOU to CAST’s worldwide roster of customers and partners. It’s because of you that the good news just keeps coming from CAST!

Forecast Upbeat for CAST

Outsourcing is not exactly a new idea. As far back as the 1950’s, companies that found they didn’t have the resources in-house to perform tasks began looking to other individuals and companies to fulfill their needs. It wasn’t until the late 80’s that outsourcing really began to take off as companies turned to “offshoring” of outsourced projects to countries such as China and India in order to take advantage of the savings in labor costs.

IT Outsourcing: Do You Know Where Your Software Is?

It’s nearly impossible these days to pick up a trade publication covering the tech industry without reading something about cloud computing. The plethora of coverage is enough to make one think that cloud computing is the latest technological panacea, good for everything from live data storage to data archiving and all enterprise needs in between.

Who’ll Stop the Rain: Seeking Quality in the Cloud

Whether it’s in sports, medicine, music or even a military operation, I’m a firm believer in the “best man for the job” concept. This is why Agile, or more specifically, Scrum development, sounds to me like a smart play for an organization.

Is Agile Enough to Ensure Quality?

We’ve known it all along, and now the rest of the Tech industry has been told thanks to the folks at Gartner who earlier this month named us to their “Cool Vendors in Application Services, 2011” report.

Yeah, We’re Cool

In software development, much like in life, a little debt can actually be a good thing to get other more critical things moving. Although in previous blogs we have defined technical debt as “the cost to fix structural quality problems in an application that, if left unfixed, could put the business at risk,” engaging in a small, manageable amount of technical debt can actually make a project move faster and facilitate reaching the objective of executable application software. This was the thought of Ward Cunningham, the originator of the technical debt concept.

But as Derek Huether points out in his technology consulting blog for Dumas Lab regarding technical debt, “Just like regular debt, you’re going to have to pay it back sooner or later. “

Technical Debt: No Penalty for Early Payment

So sayeth the introduction to the blog page of Code Renaissance, an organization that claims to be “about building great teams and great software. By exploring best practices, team interactions, design, testing and related skills Code Renaissance strives to help you create the team and codebase that you've always wanted.”

All the Talent in the World

Earlier this month, Symantec released its Internet Security Threat Report for 2010, and much like other reports on the state of software security for last year it showed significant increases in malware and other threats to application software and websites. In all, Symantec reported 286 million new Internet threats in 2010.

Certifiably Mobile

Let me start by saying that RSA is a name I generally equate with security of enterprise systems. That belief made it even more surprising a few weeks ago when I read that the security giant had been the victim of a cyber attack.

To be Forewarned is to be Forearmed

It’s Patch Tuesday again. The monthly rite of passage for Microsoft as it attempts to patch some of the holes in its software that it didn’t bother to fix before they put it in the box as well as those exposed after the software had been installed in millions of devices.

It’s Tuesday; Do You Know Where Your Patches Are?

Last week on the East Coast Main Line, which connects London to Edinburgh, a software malfunction left five trains stranded mid-track and significantly delayed others after a power supply issue knocked out the signaling system. According to reports, software that should have instructed the backup signaling system to kick in failed to function, causing all signals on the line to default to “Red,” halting trains where they stood. The failure left more than 3,000 rail passengers stranded or delayed for more than five hours on a Saturday afternoon.

When Good Software Goes Bad

Each year, software errors cost U.S. corporations in excess of $60 Billion for repairs and maintenance costs. The problem is pandemic, affecting companies of all sizes from those topping the Fortune list to pre-IPO start-ups.

And the cost of software failures is not only financial. The hit to a company’s reputation that results from software malfunctions can result in lost customers, lost new business and damaged reputation, compounding the costs to fix the problem. When it comes to software, quality counts!

Waylaying the 'Elephant in the Room'

There are many different levels of software quality related crises in the IT world. There are those that are a mere inconvenience, like when Twitter, Facebook or Gmail go down. There are those that pose a significant business difficulty, like when a number of financial organizations faced outages recently. In the medical industry, however, software quality failures go beyond inconvenience and difficulty; they result in life and death consequences!

Software Quality IS a Matter of Life & Death

Earlier this week, our own Jitendra Subramanyam joined industry luminary Capers Jones, Chief Scientist Emeritus of Software Productivity Research (SPR) to co-host a webinar on curbing application software outages like the ones seen in the financial sector over the past couple months. The webinar, titled “Stop High-Profile Outages by Quantifying Application Risks,” focused on the importance of static analysis of application software during the build and/or customization phases to identify potential issues than can them be fixed, preventing a future outage.

Non-Risky Business: Using Static Analysis to Ensure Software Quality

“Once more into the breach, dear friends…” wrote William Shakespeare in his epic work, Henry V.

Once More into the Breach

Last fall, Gartner VP and Fellow Andy Kyte brought significant illumination to a long-known fact in the technology industry – that billions of dollars were being spent on Technical Debt - the cost of fixing the structural quality problems in an application that, if left unchanged, are highly likely to cause major disruption and put the business at serious risk.  Kyte said that Technical Debt has exploded in recent years; he set the current value of Technical Debt at approximately a $500 Billion globally and said it was quickly escalating to the $1 Trillion mark by 2015.

Gartner-CAST Whitepaper: Monetize Technical Debt

All business-critical applications consist of many intertwined components. In Agile Development, these components are built individually in “scrums,” but eventually have to coexist and work together, possibly across many layers (UI, data, business logic). This underscores a fundamental problem among applications created using Agile techniques: How do you ensure that the end product performs reliably and dependably outside the production environment?

Developer be Agile, Developer be Quick; Use Automated Analysis, it Does the Trick

Earlier this month, Google announced steps it was taking to remote wipe more than 50 malicious applications that infected Android devices through the DroidDream malware, which had gained root access to devices running Android OSs from 2.2.1 (Froyo) and older. Just days later, Symantec uncovered a fake Google Android update bearing a name identical to the security update intended to remove DroidDream malware from devices.

Boondoggling Google

Alyson Behr, a contributor to SD Times, wrote yesterday about companies beginning to increase their IT spending this year as the world begins to emerge from the global recession. This is all good news to those of us in the IT industry – it sure has been a long time coming! We’ve been mired in this economic quagmire for nearly a decade and the increased spending displays promising, albeit measured confidence that things are beginning to get better.

As IT Budgets Rebound, Companies Look to the Cloud for Quality

On the night of his ship’s maiden and lone voyage, the skipper of the Titanic saw the top of an iceberg, swerved  to avoid it, and in doing so piloted his ship’s hull directly into the monstrous portion of the iceberg that lied unseen beneath the surface of the ocean, tearing apart the “unsinkable” ship. Had he known what lied beneath the surface, his reaction likely would have been much different and could have yielded a very different, possibly positive result.

Titanic Dilemma: The Seen Versus the Unseen

Another day, another major IT company announcing a security vulnerability in its software.

Code Vaccination: A Health Checkup for Your Applications

Recently, Gartner Research VP and Fellow David Cearley hosted a webinar to discuss his group’s take on the top strategic technology trends for 2011.  The webinar followed closely the trends Gartner had announced in conjunction with its Symposium/ITExpo last October in Orlando.

Gartner Tech Trends for 2011…Or Rather the One They Forgot

Earlier this week, news broke that for the first time since it hit the market, Android smartphones have overtaken both BlackBerry and iPhone. The popular mobile device now claims a 29% share of the U.S. market while its chief competitors hover in second place with 27% each.

Assessing Android

Recently, Gartner Analyst Andy Kyte made quite a stir when he published a report that brought to the forefront just how expensive the cost of software maintenance is becoming for the IT industry.  As reported by Patrick Thibodeau in Computerworld, Kyte cited what he called IT Debt as already standing at $500 billion and fast on its way to surpassing $1 Trillion globally.

Don’t Dawdle on Debt: Establishing a Technical Debt Action Plan

Very often when describing a concept, technique or any way of doing something, you hear people quip, “It’s not rocket science.” While normally this holds true for static analysis of business applications, the difference between the capabilities of the type of automated analysis and measurement offered by CAST versus manual structural analysis can make the former seem like rocket science.

Sometimes it is Rocket Science

Discussions in the industry about technical debt have been focused on the IT costs involved in remediation and the potential risk to the company if applications deployed with poor structural integrity fail to perform optimally, or fail completely.

The Financial Implications of Technical Debt