CAST
Lev Lesokhin
Lev Lesokhin - EVP, Strategy and Analytics at CAST
Lev spends his time investigating and communicating ways that software analysis and measurement can improve the lives of apps dev professionals. He is always ready to listen to customer feedback and to hear from IT practitioners about their software development and management challenges. Lev helps set market & product strategy for CAST and occasionally writes about his perspective on business technology in this blog and other media.
Application Security in the Internet of Things

High-capacity network bandwidth has become more widely available, and we have quickly tapped into every last inch of its capacity. More devices are built with wi-fi capabilities, the costs of mobile devices are going down and smartphones are in the hands of more people than ever before. In fact, Apple might have already exhausted the market and is seeing drastically lower sales forecasts for the iPhone.

We are moving into an era in which virtually any device will connect to the Internet. Phones, fitness trackers, dishwashers, televisions, espresso machines, home security systems, cars. The list goes on. Analyst firm Gartner estimates that over 20 billion connectable devices will exist worldwide by 2020. Welcome to IoT—the Internet of Things. A giant network of connectable things.

What Went Wrong at Google - Software Robustness Remains a Struggle

In April, Google experienced a fairly significant cloud outage, but it was hardly news at all. In fact, it was likely the most widespread outage to hit a major public cloud to-date. The lack of coverage is strange, considering the industry’s watchful eyes like Brian Krebs and others. The even more recent Salesforce service outage seems to have received more attention. But despite the fact that Google seems to have gotten away with a “pass” this time, the glitch brings renewed attention to the fact that tech players large and small are continuing to deal with software robustness issues.

4 Keys to Successful Digital Transformation

Recently, CAST co-authored a paper with The Boston Consulting Group titled, Will Your Software Help or Hinder Digital Transformation? Navigating the digital transformation journey is a challenge, often wrought with roadblocks and IT complexities related to technical debt, disparate application development techniques and more. So how can CIOs help their company achieve digitization goals?

CISQ & IT Risk Management: Minimizing Risk in Government IT Acquisition

6On March 15, CISQ hosted the Cyber Resilience Summit in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders and attendees from private industry. The CISQ quality measures have been instrumental in guiding software development and IT organization leaders concerned with the overall security, IT risk management and performance of their technology. It was invigorating to be amongst like-minded professionals who see the value in standardizing performance measurement.

Supporting Our Global Community

As we come together to help those affected by recent global tensions, we have made a charitable donation of $10,000 to Doctors Without Borders/Médecins Sans Frontières (MSF) on behalf of the CAST community. We believe that our citizenship transcends geography and political borders as we are united within one, universal community.

CAST is proud to support an organization that values people and upholds their right to medical care regardless of gender, race, creed, religion or political affiliation. In over 60 countries around the world, MSF saves lives by providing medical aid where it is needed most — in armed conflicts, epidemics, natural disasters and other crises.

Predicting the Future of IT Risk Management with Melinda Ballou

We currently live in a futuristic world that past generations could only dream of. News, weather, updates from friends all over the world come pouring into our computers and smart devices and we don’t even think twice about the IT risk. Whether we’re at home with family, socializing with friends, or even working, technology is constantly surrounding us in one way or another.

Our reliance on technology is so heavy in fact, we often forget about the science behind it and how much goes into the IT risk management to support it. Beneath the surface of our most frequently used apps, social media accounts, games, and programs, highly complex software and code is constantly operating to maintain a satisfied user experience. Even non-tech businesses now realize they would not be able to function in today’s world without effective technological resources.

CAST Research Links Consumer Data Breaches Directly To Poor Code Quality

CAST-heartbleed-linked-to-poor-code-qualityYou’d think that after news of the Heartbleed bug broke, every IT organization worth their salt would have immediately moved to start monitoring their structural robustness and code quality to protect their sensitive consumer data. And while many did, two months after Heartbleed was announced, more than 300,000 servers were still vulnerable.

Now, three months later, CAST Research Labs has found there is a direct link between the growing number of data breaches and security incidents, and poor code quality in consumer applications. The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

Technical Debt Measurement Webinar: Reversal Strategy Q&A Follow Up

Last Wednesday we had an excellent and very interactive webinar discussion with David Sisk and Scott Buchholz, Directors at Deloitte Consulting, LLC. David and Scott are experts regarding technical debt -- both at a technical hands-on level as well as the strategy and governance topics in IT. So, we talked about the symptoms and causes of technical debt in large IT environments, as well as the organization and processes that need to be put in place in order to reverse the normal trend of technical debt accrual.

One of the topics that came up a lot is how to get the business onboard. Our guest presenters gave us some very interesting approaches to making the case, even when the immediate symptoms of the debt are not evident to business stakeholders. I think this discussion by itself is valuable to listen to.

Another topic that came up a lot in the Q&A was different ways of asking how to set up a technical debt measurement program.  As in our last webinar, we wound up going a couple minutes over our timeslot to address some of the questions, but we had to leave many unanswered due to time. The goal here is to try and answer some of those questions in our blog. If anyone wants to get into a more detailed discussion on any of these points, please contact us and we’ll be happy to talk to you. So, here goes:

CISQ Aims to Bring Software Quality Sanity Back to Federal Outsourcing

The current state of outsourced application development is a sorry state of affairs because of myriad software quality issues causing unprecedented glitches and crashes. It’s not that all outsourcers are making terrible software, rather, it’s that governments and organizations have no way of accurately measuring the performance, robustness, security, risk, and structural quality of the applications once they’ve been handed the keys.

AIP 7.2 Gives CIOs Software Risk Assessment at a Glance

For many CIOs, reporting on software risk is a complex problem. The reports are usually compiled once a quarter, and can take days if not weeks to complete. But worse than that, they often fail to deliver actionable insight to answer simple business questions. Which of my critical systems are most vulnerable? Are my IT vendors delivering as promised? How can we improve customer satisfaction? Are my development teams under-performing? How can we improve time-to-market for new projects?

Haste Makes Waste Again: Healthcare.gov Faces a Long and Expensive Recovery

We’re less than a month into the launch of HealthCare.gov, and as each day passes we’re finding out about more glitches, shoddy code quality, a lack of end-to-end testing, and rushed changes made days before the healthcare exchange was to go live. All of which are symptomatic of a software project being rushed to completion to meet a deadline without considering the implications of a botched launch.

American Airlines computer glitch: The day AA customers stood still

Here we go again. You probably have heard, since it’s been reported everywhere, that American Airlines was grounded Tuesday, leaving passengers stranded for several hours due to a “computer glitch” in the reservation system. Because of the glitch, gate agents were unable to print boarding passes; and some passengers described being stuck for long stretches on planes on the runway unable to take off or, having landed, initially unable to move to a gate.

When the software fails, first blame the hardware

We’ve made it a point on our blog to highlight the fact that software glitches in important IT systems -- like NatWest and Google Drive -- can no longer be “the cost of doing business” in this day and age. Interestingly, we’re starting to see another concerning trend: more and more crashes blamed on faulty hardware or network problems, while the software itself is ignored. It’s funny that the difference in incidents can be more than 10 times between applications with similar functional characteristics. Is it possible that the robustness of the software inside the applications has something to do with apparent hardware failures? I think I see a frustrated data center operator reading this and nodding violently.

Introducing Security into Mainstream Development – Part 1

We held a webcast last week with Mark Wireman of OpenSky, who is an expert in application security and has worked in this space for 15 years. We appreciate Mark taking the time to share his experience securing applications in the enterprise and responding to the onslaught of mobile-based entry points in the application development process.

C-suite: It’s time to get techy

If you’re snickering at the idea of your CIO talking Java (or any programming language for that matter), trust us, you’re not alone. However, CIOs can no longer afford to be in the dark about their IT team’s choice of programming language and tools.

Business Insider Features CAST Software on the SEC’s Kill Switch Proposal

If you were to stand outside of our building right as The Wall Street Journal dropped a story about kill switches, you’d hear our teeth gnashing. As anyone in our business knows, the kind of work that we do for our customers is not exactly front page news. (But it should be!)

Why Performance Engineering Isn't Enough

I’ve been asked time and again how CAST is different from performance engineering. And here’s my answer: The CAST discipline of software analysis and measurement versus performance engineering couldn’t be more different. And I’ll explain why and how in a moment. But along with that, it should be noted that they also are like peanut butter and chocolate -- they can go very well together.

The Federal Government’s Dark Cloud

I wrote before about the time bombs that exist in the government’s cloud migration strategy. And while I was reading an article on Wired Cloudline about this very issue, those same points were running through my head.

London Bourse is Falling Down – Time to Analyze Its Structure?

This morning’s news was rife with accounts of the London Stock Exchange Group being forced to halt trading on its main market due to a technical fault in its barely two-week-old MilleniumIT trading system.  This is yet another example of the need for pre-deployment analysis of structural quality.