While software quality is not an issue that dominates the news cycle, it can present massive problems for IT leaders who are rapidly trying to build new functionality into systems to support business change.
In their note, Ensuring Quality From External Agile Software Developers, Gartner analysts, Neil Barton, Joachim Herschmann and Allan Wilkins, note that application leaders still struggle to use repeated software quality measures for applications developed by external agile teams, despite spending over $300 billion on software development and services every year.
The analysts suggest two key recommendations to overcome this challenge. The first is that IT leaders should track defect levels over time, setting targets for service providers based on defects per function point. The second is that IT leaders should require service providers to demonstrate quality by augmenting automated testing with third-party static code analysis.
The CAST Perspective: Function Point Analysis
“Measuring defects per function point is the best technical solution,” says Gartner.
One of the reasons why function point analysis is so effective, particularly in Agile outsourcing agreements, is because this metric makes it possible to accurately measure developer productivity and efficiency. Traditionally, function point counting has been a manual task, but automating the process is a great way for IT leaders to consistently track that vendors are delivering software quality and that the overall quality of the software improves over time.
Additional benefits of automated function point counting include a more unified approach to ensuring that applications are delivering on business requirements. Furthermore, categorization allows every business function to be properly analyzed for a meaningful score, which can then be used to further evaluate productivity, quality, and several other factors.
In fact, CAST customer, Fannie Mae, who presented at the 2017 Gartner Sourcing Summit testified that “developers that do the most scans are also producing the most function points, at a higher quality, and at a lower cost.”
The CAST Perspective: Static Code Analysis
Static code analysis should be run during Agile development cycles to improve software maintainability and remove vulnerabilities. Additional advantages of static code analysis include:
- A third-party assessment of vendor output, which is now getting standardized by the Consortium for IT Software Quality (CISQ).
- A more thorough analysis because it doesn’t rely on executing the entire application.
- Can be used to ensure developers follow common and organization-wide standards.
“As organizations are under increasing pressure to accelerate software delivery, software code quality is no longer a nice to have but a necessity,” says Gartner. Organizations like CISQ and the Object Management Group (OMG) have come onto the scene to help IT organizations with repeatable software quality assessment and measurement standards.
If you’re interested in measuring your open source exposure, maintainability, reliability and security of business-critical software, static code analysis is a great solution for you.
To learn more about static code analysis and setting an effective software quality policy in your organization, read OMG’s white paper, How to Deliver Resilient, Secure, Efficient and Agile IT Systems in Line with CISQ Recommendations.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.