Mergers and acquisitions can always result in some sort of unplanned issue emerging – whether it be about competition or integrating two disparate IT or HR systems.
On Technical Debt and Mergers and Acquisitions
One of the greatest issues of dealing with technical debt is the brittle code that comes along with it.
How to Avoid the Brittle Code of Technical Debt
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>

1On April 6th, CAST held a user group meeting on the topic of function point analysis and software productivity measurement. The meeting gathered more than 20 software measurement professionals from major companies in the banking, IT consulting, telecom, aviation and public sectors for a two-hour working session to discuss the benefits of function point analysis testing.

The event featured presentations including:

  1. An IBM case study on how they worked with CAST to integrate and secure an Automated Function Point (AFP) approach with a big player in the aeronautic sector within TMA Systems
  2. Functional sizing case study
  3. Updates on the new CISQ standards for Automated Function Points
  4. The importance of internal and external benchmarking
CAST User Group on Function Point Analysis: Key Findings
A CFO's job is to form a company's investment strategy, and one critical area of investment in any organization is technology.
A CFO's Guide to Technical Debt
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Quality of Open Source Software Projects Report

6On March 15, CISQ hosted the Cyber Resilience Summit in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders and attendees from private industry. The CISQ quality measures have been instrumental in guiding software development and IT organization leaders concerned with the overall security, IT risk management and performance of their technology. It was invigorating to be amongst like-minded professionals who see the value in standardizing performance measurement.

CISQ & IT Risk Management: Minimizing Risk in Government IT Acquisition
Most technical professionals can agree on at least one thing: that things would've been done better and problems would've been solved quicker if they had more time to work on them and if they knew the how negatively the impact of not dealing with these issues would effect software quality.
How To Deal with Technical Debt in Different Environments
When working on a legacy codebase, you might start to wonder how anyone could have ever let it get to be such a mess.
How To Rescue Legacy Code Through Refactoring
Ward Cunningham, when coining the term technical debt, warned of incremental debt that allows code to run effectively but imperfectly.
The Path from Technical Debt to Bad Code
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This post presents an interesting and effective analogy to for those of us that struggle with handling technical debt: spilled juice.
How Spilled Juice is just like Technical Debt
A relationship that is often overlooked in software development and maintenance is the one between incidents and technical debt.
The Relationship Between Incident Management and Technical Debt
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey

UntitledSoftware Risk Management in Digital Transformation was the focus during the 4th edition of the Information Technology Forum, hosted by International Institute of Research (IIR).  Massimo Crubellati, CAST Italy Country Manager, discussed how Digital Transformation processes are changing the ICT scenario and why software risk management and prevention is mandatory.

 

Massimo shared our recipe for Digital Governance evolution: including a specific ICT Risk chapter in the design of the governance structure of the digital transformation, whose most relevant aspect is to determine which methods and through which key performance indicators to measure the operational risk inherent in the application portfolio. Measurement needs to be continuous and structural, it must include the assessment of application assets inherent weaknesses, through the analysis of correlations between the layers composing them. Thus obtaining, not only an effective prevention of direct damage ensuring the service resilience, but a reduction in maintenance and application management costs.

Software Risk Management: Risk Governance in the Digital Transformation
This post presents an interesting mindset from which to build software: treating infrastructure as code so that the systems and devices which are used in software are treated as software themselves.
Infrastructure as Code and Avoiding Technical Debt

We always hear about issues with systems, applications, or services caused by poor code quality or missed defects, but what happens when these problems become life threatening? Recently an article posted by npr discussed the early release of dangerous prisoners who are now being charged for murder. According to the article, Governor Jay Inslee of Washington State reported that more than 3,200 prisoners were released early due to a software defect.

A Code Quality Problem in Washington State Puts Dangerous Criminals Back on the Street
Arlene Minkiewicz, Chief Scientist at Price Systems, recently  presented on the issues relating to technical debt and software maintenance.
At the Intersection of Technical Debt and Software Maintenance Costs

The banking industry has definitely had its share of ups and downs when it comes to service reliability. In the past year, there have been a number of instances where customers have been unable to gain access to funds, receive deposits, and pay bills. As reported in an article by theguardian, HSBC experienced a system failure at the end of August, which left thousands of their customers in a bind over a major banking holiday.

The HSBC Failure Has Many Wondering: Are Banking Providers Taking the Appropriate Measures to Ensure Code Quality and System Dependability?
It is common practice for a developer to make a quick fix in a software project and to then move onto the next shiny new feature.
Technical Debt and Reverse Grind: How to Manage it

With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.

As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

Was Lack of Proper Code Analysis Tools a Root Cause of Juniper Networks Security Backdoors?
There has become a recent trend in discussing the benefits of machine learning - however, despite its recent popularity there are few large-scale systems that actually employ it in production.
The Machine Learning Hype Dampened by Technical Debt
In 2015 there was a major slew of headlines dedicated to software failures at major companie which led to a discussion of best practices for software development.
Improving Software Quality to Avoid System Failure

As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.

What Was the Security Issue?

The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:

  • Voice Calling
  • Text Messaging
  • Video Conferencing
  • File Transfers
Blackphone Update Removes Critical Security Threat: Did Code Quality Issues Contribute to the Problem?