A recurring issue for IT and business management is whether it’s best to build an in-house team or outsource the development of software applications. Some of the biggest factors when contemplating application outsourcing are cost, security and loss of control.

Business agility remains a top priority, but this puts added pressure on teams to move fast, and can sometimes lead to rushed projects and a lack of attention to detail. When in-house teams are under tight deadline restrictions, corners can get cut. In fact, most in the developer community agree that outsourcing is the best way to go for timely and on-budget development projects.

We always hear about issues with systems, applications, or services caused by poor code quality or missed defects, but what happens when these problems become life threatening? Recently an article posted by npr discussed the early release of dangerous prisoners who are now being charged for murder. According to the article, Governor Jay Inslee of Washington State reported that more than 3,200 prisoners were released early due to a software defect.

The banking industry has definitely had its share of ups and downs when it comes to service reliability. In the past year, there have been a number of instances where customers have been unable to gain access to funds, receive deposits, and pay bills. As reported in an article by theguardian, HSBC experienced a system failure at the end of August, which left thousands of their customers in a bind over a major banking holiday.

With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.

As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.

What Was the Security Issue?

The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:

• Voice Calling
• Text Messaging
• Video Conferencing
• File Transfers

Southwest Airlines is the latest victim of the airline scandal. What scandal? It’s the one where airlines continue to cause travel delays due to poorly managed IT systems. It’s the one that caused Southwest to delay 836 flights on Monday and distribute HAND written tickets to passengers because of a ‘software glitch’. Southwest isn’t alone. United Airlines grounded hundreds of flights in July and American Airlines did the same in September and April. How long will consumers have to wait before these organizations figure out that the glitches are caused by bad software quality, which creates bad service?

Reifer Consultants LLC’s recent white paper, Software Benchmarks and Benchmarking, discusses software benchmarking process and provides information on industry

Topping the list of IT Trends 2016 is helping CIOs take advantage of Big Data for themselves, while cutting through the clutter. Accelerating the time from data to decision requires analytics that highlight areas of risk and opportunity in support of business decisions, not technical ones. Proactive, predictive insight arms CIOs with the ability to ask the right questions, to challenge the status quo and surface technical risks that jeopardize revenue, reputation or brand. Real-time solutions that improve the signal-to-noise ratio top the CIO’s wish list for 2016.

CAST sponsored the 2015 International Software Measurement & Analysis Conference (ISMA10) held in Charlotte, on April 30^th.  This conference, hosted by the International Function Point User Group (IFPUG), brings software measurement professionals from Europe, North America, and South America to exchange software measurement and function point expertise and to network.  The conference was attended by more than 50 software measurement professional and certified function point counters from across the global.  The full day event featured presentations including:

Software glitches aren’t really news but now we’re seeing software flaws that can cost an organization over $100 million due to poor code quality. This past year we’ve seen major technical and retail brands suffer extensive financial and reputational damage from software disasters – driving software issues out of the back office and into the boardroom.

Software analysis and measurement is the intelligent use of application information to improve IT investment decisions, operational performance, and customer outcomes. While the notion of measuring application development (ADM) has long been a controversial one; as application development and maintenance matures and measurement capabilities evolve organizations are finding that the ability to effectively measure application development output can lead to many benefits:

In this post, we wanted to take a step back and break down exactly what a function point is and how an IT organization can use them to measure application development productivity, improve IT project planning and estimating, and better manage application service providers.

You’d be hard pressed to find any organization that isn't using measurement -- either for marketing, sales, social media, and countless other ways. In fact, a recent report from IDC predicts that by 2017, 80% of the CIO’s time will be focused on analytics, cybersecurity, and creating new revenue streams through digital services.

Gartner report highlights “application development managers need new ways to demonstrate and communicate the business value of software quality for innovation projects.”

When the entire Facebook platform -- including mobile, web, and third party apps -- went down last week, users took to Twitter hashtag #FacebookDown in a blind panic to lament the social media outage. Though these outages might seem harmless and commonplace, Facebook’s reputation rides on their users’ ability to log onto Facebook from anywhere, at any time. And the more Facebook users have to turn to Twitter or other social networks to have their online voices heard, the harder it will be for them to log back in.

In a merger, integrating company names is hard enough -- imagine having to integrate massive application portfolios?

As the Justice Department and the FCC evaluate the proposed merger between corporate behemoths Time Warner Cable and Comcast, I wonder if the C-suite at both companies are investing as much time evaluating the health and security of one another’s application portfolio. Historically, technical due diligence has lagged greatly behind the financial due diligence.

Few moments compare to the pressure-filled environments of hackathons, where the best developers from around the globe cram into a rented room with 24 hours to conceive, design, and create an app that wins a chance to present an idea, showcase talent, and gain invaluable exposure.

The software architecture is one of the most important artifacts created in the lifecycle of an application. Architectural decisions directly impact the achievement of business goals, as well as functional and quality requirements. Yet once the architecture has been designed, most architectural descriptions are seldom verified or maintained over time. Architecture compliance checking is a sound application risk management strategy that can detect deviations between the intended architecture and the implemented architecture.

The ever-growing cost to maintain systems continues to crush IT organizations, robbing their ability to fund innovation while increasing risks across the organization. The cost of maintaining a software system is directly proportional to the size and complexity of the system. Therefore any effort to reduce the size and complexity translates into direct improvement of software maintenance costs. The following provides guidance on how a static code analysis of applications generates actionable insight you can take to immediately improve the maintainability of systems.

Nobody disputes the promises made by enterprise application portfolio analysis tools made over the past 20 years - visibility, risk identification, faster, better budgeting decisions.

We are heading into everyone’s favorite season.  No, not the kids going back-to-school or the leaves changing into a riot of fall colors -- it’s budgeting season!  Once again it’s time to make plans and set budgets for the next 12 months.  Yet the enterprise architecture is a mess (or non-existent), your portfolio management process has yet to get out of the starting gate, and you need to reduce overall spend by 8%.

You’ve taken the obvious steps to cut costs in your application portfolio, so where do you go next?  With a large, dispersed IT infrastructure and systems that operate in silos, often with duplicative functionality, it’s not necessary to take on your portfolio in a single bite.

The growing cost of most software development efforts can be traced back to one underlying cause – the lack of visibility into the software. As the size and system complexity grows for business critical applications -- along with the complexity of sourcing environments -- there is an increasing need for app owners, architects, and developers to truly understand their codebases. Without visibility into the implementation, it is hard for a developer to understand all the nuances of the code. This explains the disproportional amount of time that is needed for developers to identify the root cause of defects.

As the product manager for CAST Highlight, it’s refreshing to see a shift in discussions about the “quality of cloud solutions” to “cloud quality solutions.” Recently, there have been an increasing number of cloud-based static code quality analysis tools, or should I say services. A few that I’ve been watching include:

Most organizations have started to realize that code quality is an important root cause to many of their issues, whether it’s incident levels or time to value. The growing complexity of development environments in IT -- the outsourcing, the required velocity, the introduction of Agile -- have all raised the issue about code quality, sometimes to an executive level.

Business applications have always been complex. You can go back to the 70s, even the 60s, and hear about systems that have millions of lines of code. But here’s the rub: In those days it was millions of lines of COBOL or some other language. But it was all one language. All one system. All one single application in a nice, neat, tidy package.

I had the pleasure of moderating a panel discussion with Bill Martorelli, Principal Analyst at Forrester Research Inc; Dr. Richard Mark Soley, Chairman and CEO of Object Management Group (OMG); Siva Ganesan, VP & Global Head of Assurance Services at Tata Consultancy Services (TCS); and Lev Lesokhin, EVP, Strategy & Market Development at CAST.

Any advocate for better software quality knows that one of the biggest challenges is helping the CIO reach the CFO. When your team needs a budget for an important project, those conversations often break down. Thanks to the unavoidable technical complexity of IT, oftentimes the CIO might as well be speaking Esperanto to the CFO.

Over the past 10 years or so, it has been interesting to watch the metaphor of Technical Debt grow and evolve.  Like most topics or issues in software development, there aren’t many concepts or practices that are fully embraced by the industry without some debate or controversy.  Regardless of your personal thoughts on the topic, you must admit that the concept of Technical Debt seems to resonate strongly outside of development teams and has fueled the imagination of others to expound on the concept and include additional areas such as design debt or other metaphors.  There are now a spate of resources dedicated to the topic including the industry aggregation site:

My wife has more degrees than I do but she certainly is not a technorati. So when I accompanied her to the cellular phone store to pick out a new phone I was floored when I heard her talking about 4G with the sales guy. I’ve been in marketing for 20 years and, for most of that time, involved in high tech, complex sales marketing. We spend a lot of time and effort trying to simplify our marketing messages: elevator pitches, unique selling propositions, user scenarios, personas, sales decks, and PR briefing kits all designed to be concise and focus on pain-based messaging.

On a recent trip to Paris, I needed a break from the classic French cuisine. My stomach grumbled as I walked along the Marais, I encountered a line of people standing outside a restaurant. Now, I knew nothing about this place but I put my faith in the wisdom of crowds. It turned out to be an Israeli restaurant that specialized in falafel.  Actually, "The World’s Greatest Falafel," according to Lenny Kravitz (as the tattered green sign posted on the wall claimed).

Every year, Senator Tom Coburn compiles the Wastebook – A Guide to Some of the Most Wasteful and Low Priority Government Spending of 2011.

Unless you've been living under a rock or in a similar media black hole the last few years, you know that the U.S. debt ceiling debate has created a global financial panic. In all likelihood, your debt ceiling isn’t getting the same press as the national debt, but maybe it should.

We all know that the cost to maintain legacy applications prevents you from investing in new projects and as systems age their cost only increases. What you may not be paying attention to is the growth of your portfolio's technical debt and how it may be adding to this funding gap.

What's the largest organ in the human body? You might be surprised to find out that the answer is the skin, which most people don’t think of as an organ. Not only is it the biggest it’s pretty important because it holds everything together.

Recently, as I sat on the Northeast corridor train, the ticket-taker informed us that we would be delayed 15 minutes. As I thought about the impact on my day, a flutter of activity rippled through the cabin. Passengers called bosses, colleagues, wives and customers spreading the news. What was interesting was that the relayed news was different: some people doubled the time, others bumped it up to solid hour and, shockingly, no one made it shorter.

In the spirit of "Bull Durham", "The Natural" and "Field of Dreams", the upcoming movie, "Moneyball", looks to be the next great American baseball film. I am excited yet conflicted. I am a big fan of those movies but I happen to be a bigger fan of Michael Lewis’ book upon which the movie is based. And I am concerned that Hollywood will sift past Lewis’ exhaustive research, dodge his insightful observations and a string together a few pieces of Billy Beane’s life in the hopes of creating a romantic sports movie (a spormance).

Since his surprise resignation as CEO of Apple last week, there have been a plethora of tributes to Steve Jobs and I have enjoyed learning about this iconic figure from his colleagues, employees, journalists and consumers. However, while reading them, something struck me as odd. These tributes supported my personal view of Mr. Jobs as a hard-headed innovator and master designer but, reading through these testimonies and memories, I realized that innovation and design were the products of another characteristic: Quality.