In this era of big data, analytics has become an invaluable tool for IT organizations to succeed. Not only for ensuring a high quality product, but also keeping your customers safe from malicious hackers and application crashes. Despite the obvious need, some executives struggle with the business case for proper software analytics and opt for skunk-work metrics that are less accurate and more expensive.

The Best Software Analysis and Measurement Engine Just Got Better

Gartner report highlights “application development managers need new ways to demonstrate and communicate the business value of software quality for innovation projects.”

IT Needs New Ways To Talk About Quality!
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
;
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Quality of Open Source Software Projects Report

We knew that the most recent findings from our 2014 CRASH Report would cause a stir among the software development community -- especially Agile advocates -- but we were pleasantly surprised by the overwhelmingly positive reception the news received.

Much of the feedback mirrored opinions we’ve heard from industry insiders, but were largely ignored by the development community who accepted ‘pure’ Agile as the epitome of development methods. Many who have worked on large business critical systems felt attention to architecture up front was necessary to avoid serious constraints or painful re-architecting later in development.

IT Experts Respond to Controversial 2014 CRASH Report: Agile Alone is Not Enough
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper

CAST-heartbleed-linked-to-poor-code-qualityYou’d think that after news of the Heartbleed bug broke, every IT organization worth their salt would have immediately moved to start monitoring their structural robustness and code quality to protect their sensitive consumer data. And while many did, two months after Heartbleed was announced, more than 300,000 servers were still vulnerable.

Now, three months later, CAST Research Labs has found there is a direct link between the growing number of data breaches and security incidents, and poor code quality in consumer applications. The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

CAST Research Links Consumer Data Breaches Directly To Poor Code Quality
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey

So, you’re ready to get started on building your own multi-language custom source code analyzer platform using open source components.  Your return estimates are still looking pretty good, even after taking into account the costs in our previous post, “6 Hidden Costs of Building Your Own Multi-Language Code Analyzer Platform”.

Well, we have a quick list of maintenance costs that you may not have considered.  So, before you break ground on that project, see if you thought of all these.

6 Hidden Costs of Maintaining an Open Source Code Analyzer Platform

Thinking about building your own multi-language custom source code analyzer platform using open source components?  Sure, the upsides seem to add up: no licensing fees, great customization ability, and an impressive new entry on your resume (making it even shinier).  Read that project charter once more before you sign it in ink, because our experience has shown it’s not quite that simple.

6 Hidden Costs of Building Your Own Open Source Code Analyzer Platform

It’s simple physics: a piece of application code gets caught in a logic loop, the CPU heats up as the increased throughput tries to make sense of the commands, the computer reacts by pumping more power to the motherboard and cooling system to keep everything up and running, and your electricity bill goes up.

CAST Tries To Save the Planet with Green IT Index

Last Thursday we had a fascinating discussion with Suresh Bala, the head of Application Management at Wipro, Diego LoGiudice of Forrester, and Dr. Bill Curtis, the Director of the Consortium for IT Software Quality. Diego presented the latest trends in IT organizations in reference to splitting their activities and applications into systems of engagement and systems of record. This has been the Forrester view on IT, or what they call Business Technology (BT), for some time now. The systems of engagement being the fast-moving, often mobile-based, applications that are meant to disrupt competition and engage the customer in new ways. The systems of record being the traditional backbone IT systems that manage the core enterprise data and business processes.

Webinar Q&A Follow Up: Quality and Velocity in Large IT Set-up
Securing open source - Lev Lesokhin spoke with CSO Online about how large IT organizations can secure their business critical applications from known vulnerabilities and shoddy software quality. Be sure to check...
Software Quality: The Problem with Ignoring the Open Source Quality