2 Tips to Ensure External Agile Teams Deliver Software Quality

by

While software quality is not an issue that dominates the news cycle, it can present massive problems for IT leaders who are rapidly trying to build new functionality into systems to support business change.

In their note, Ensuring Quality From External Agile Software Developers, Gartner analysts, Neil Barton, Joachim Herschmann and Allan Wilkins, note that application leaders still struggle to use repeated software quality measures for applications developed by external agile teams, despite spending over $300 billion on software development and services every year.

The analysts suggest two key recommendations to overcome this challenge. The first is that IT leaders should track defect levels over time, setting targets for service providers based on defects per function point. The second is that IT leaders should require service providers to demonstrate quality by augmenting automated testing with third-party static code analysis.

The CAST Perspective: Function Point Analysis

“Measuring defects per function point is the best technical solution,” says Gartner.

One of the reasons why function point analysis is so effective, particularly in Agile outsourcing agreements, is because this metric makes it possible to accurately measure developer productivity and efficiency. Traditionally, function point counting has been a manual task, but automating the process is a great way for IT leaders to consistently track that vendors are delivering software quality and that the overall quality of the software improves over time.

Additional benefits of automated function point counting include a more unified approach to ensuring that applications are delivering on business requirements. Furthermore, categorization allows every business function to be properly analyzed for a meaningful score, which can then be used to further evaluate productivity, quality, and several other factors.

In fact, CAST customer, Fannie Mae, who presented at the 2017 Gartner Sourcing Summit testified that “developers that do the most scans are also producing the most function points, at a higher quality, and at a lower cost.”

The CAST Perspective: Static Code Analysis

Static code analysis should be run during Agile development cycles to improve software maintainability and remove vulnerabilities. Additional advantages of static code analysis include:


  • A third-party assessment of vendor output, which is now getting standardized by the Consortium for IT Software Quality (CISQ).
  • A more thorough analysis because it doesn’t rely on executing the entire application.
  • Can be used to ensure developers follow common and organization-wide standards.

“As organizations are under increasing pressure to accelerate software delivery, software code quality is no longer a nice to have but a necessity,” says Gartner. Organizations like CISQ and the Object Management Group (OMG) have come onto the scene to help IT organizations with repeatable software quality assessment and measurement standards.

If you’re interested in measuring your open source exposure, maintainability, reliability and security of business-critical software, static code analysis is a great solution for you.

To learn more about static code analysis and setting an effective software quality policy in your organization, read OMG’s white paper, How to Deliver Resilient, Secure, Efficient and Agile IT Systems in Line with CISQ Recommendations.

Filed in: DevOps
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Chris White
Chris White Vice President, Marketing
My mission is to help CIO's around the globe understand the game changing significance of Software Intelligence, and how CAST is empowering data-driven IT Organizations to thrive in today's software driven world.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|