Pete Pizzutillo
Pete Pizzutillo - Vice President
Pete Pizzutillo is Vice President at CAST and has spent the last 15 years working in the software industry. He passionately believes Software Intelligence is the cornerstone to successful digital transformation, and he actively helps customers realize the benefits of CAST's software analytics to ensure their IT systems are secure, resilient and efficient to support the next wave of modern business.
Adding Measurement to Your Application Outsourcing

A recurring issue for IT and business management is whether it’s best to build an in-house team or outsource the development of software applications. Some of the biggest factors when contemplating application outsourcing are cost, security and loss of control.

Business agility remains a top priority, but this puts added pressure on teams to move fast, and can sometimes lead to rushed projects and a lack of attention to detail. When in-house teams are under tight deadline restrictions, corners can get cut. In fact, most in the developer community agree that outsourcing is the best way to go for timely and on-budget development projects.

A Code Quality Problem in Washington State Puts Dangerous Criminals Back on the Street

We always hear about issues with systems, applications, or services caused by poor code quality or missed defects, but what happens when these problems become life threatening? Recently an article posted by npr discussed the early release of dangerous prisoners who are now being charged for murder. According to the article, Governor Jay Inslee of Washington State reported that more than 3,200 prisoners were released early due to a software defect.

Was Lack of Proper Code Analysis Tools a Root Cause of Juniper Networks Security Backdoors?

With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.

As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

Blackphone Update Removes Critical Security Threat: Did Code Quality Issues Contribute to the Problem?

As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.

What Was the Security Issue?

The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:

  • Voice Calling
  • Text Messaging
  • Video Conferencing
  • File Transfers
Software Benchmarks and Benchmarking

Reifer Consultants LLC’s recent white paper, Software Benchmarks and Benchmarking, discusses software benchmarking process and provides information on industry

Summary of the 2015 International Function Point User Group Conference (IFPUG) & International Software Measurement & Analysis Conference (ISMA10)

CAST sponsored the 2015 International Software Measurement & Analysis Conference (ISMA10) held in Charlotte, on April 30th.  This conference, hosted by the International Function Point User Group (IFPUG), brings software measurement professionals from Europe, North America, and South America to exchange software measurement and function point expertise and to network.  The conference was attended by more than 50 software measurement professional and certified function point counters from across the global.  The full day event featured presentations including:

Code Quality: CISQ Standards Create Roadmap for Better Software

Software glitches aren’t really news but now we’re seeing software flaws that can cost an organization over $100 million due to poor code quality. This past year we’ve seen major technical and retail brands suffer extensive financial and reputational damage from software disasters – driving software issues out of the back office and into the boardroom.

Function Point Counting Unleashes Business Innovation (Infographic)

In this post, we wanted to take a step back and break down exactly what a function point is and how an IT organization can use them to measure application development productivity, improve IT project planning and estimating, and better manage application service providers.

#FacebookDown is a Trend For Now, But Could Turn Into an IT Risk Management Nightmare

When the entire Facebook platform -- including mobile, web, and third party apps -- went down last week, users took to Twitter hashtag #FacebookDown in a blind panic to lament the social media outage. Though these outages might seem harmless and commonplace, Facebook’s reputation rides on their users’ ability to log onto Facebook from anywhere, at any time. And the more Facebook users have to turn to Twitter or other social networks to have their online voices heard, the harder it will be for them to log back in.

Code Quality as a Service

As the product manager for CAST Highlight, it’s refreshing to see a shift in discussions about the “quality of cloud solutions” to “cloud quality solutions.” Recently, there have been an increasing number of cloud-based static code quality analysis tools, or should I say services. A few that I’ve been watching include:

Does code quality really help the business?

Most organizations have started to realize that code quality is an important root cause to many of their issues, whether it’s incident levels or time to value. The growing complexity of development environments in IT -- the outsourcing, the required velocity, the introduction of Agile -- have all raised the issue about code quality, sometimes to an executive level.

Business applications have always been complex. You can go back to the 70s, even the 60s, and hear about systems that have millions of lines of code. But here’s the rub: In those days it was millions of lines of COBOL or some other language. But it was all one language. All one system. All one single application in a nice, neat, tidy package.

Reduce Software Risk through Improved Quality Measures with CAST, TCS and OMG

I had the pleasure of moderating a panel discussion with Bill Martorelli, Principal Analyst at Forrester Research Inc; Dr. Richard Mark Soley, Chairman and CEO of Object Management Group (OMG); Siva Ganesan, VP & Global Head of Assurance Services at Tata Consultancy Services (TCS); and Lev Lesokhin, EVP, Strategy & Market Development at CAST.

The Tech Babel Fish for CFOs

Any advocate for better software quality knows that one of the biggest challenges is helping the CIO reach the CFO. When your team needs a budget for an important project, those conversations often break down. Thanks to the unavoidable technical complexity of IT, oftentimes the CIO might as well be speaking Esperanto to the CFO.

Gartner Webinar: Get Smart about Technical Debt

Over the past 10 years or so, it has been interesting to watch the metaphor of Technical Debt grow and evolve.  Like most topics or issues in software development, there aren’t many concepts or practices that are fully embraced by the industry without some debate or controversy.  Regardless of your personal thoughts on the topic, you must admit that the concept of Technical Debt seems to resonate strongly outside of development teams and has fueled the imagination of others to expound on the concept and include additional areas such as design debt or other metaphors.  There are now a spate of resources dedicated to the topic including the industry aggregation site:

Does Moneyball Play in the Corporate World?

In the spirit of "Bull Durham", "The Natural" and "Field of Dreams", the upcoming movie, "Moneyball", looks to be the next great American baseball film. I am excited yet conflicted. I am a big fan of those movies but I happen to be a bigger fan of Michael Lewis’ book upon which the movie is based. And I am concerned that Hollywood will sift past Lewis’ exhaustive research, dodge his insightful observations and a string together a few pieces of Billy Beane’s life in the hopes of creating a romantic sports movie (a spormance).