Everyone wants to do DevOps like Netflix, but is it really right for your organization?
Netflix Envy
The recent spate of IT glitches and ‘power outages’ at British Airways which caused the UK’s national carrier to cancel all its flights worldwide at the start of May bank holiday along with the WannaCry ransomware attack which ground the National Health Service to a halt have exposed again the importance of IT systems in today’s business. The complexity of these IT systems, the number of vulnerabilities that exist in critical software used by critical infrastructure sectors such as the NHS, airlines, telecom operators has made headlines once more.
Need for Holistic IT Systems’ Risk Assessment
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
Recap: Software Risk & Innovation Summit 2017
At the upcoming Software Risk and Innovation Summit, CIOs address challenges around DevOps and the next big tech innovation trends.
CISQ Is Helping CIOs Master Digital Transformation
;
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Quality of Open Source Software Projects Report
CAST recently participated in a TechMarketView round table in London, discussing the effectiveness of digital strategies in banking.
Are Digital Strategies in Banking Working?
This fall, CAST hosted its first Seminar on Productivity Measurement in the Context of IT Transformation featuring representatives from the retail, banking and insurance industries in the Netherlands. Featured speakers included CISQ, Allianz, BNP Paribas and METRI.
Why Productivity Measurement Matters
The key to security is to ensure that your most sensitive data is handled with proper controls in place. This should include working with your architects to explore the architecture of applications that handle the most critical data, starting from the data elements themselves and fanning out via impact diagrams (for example, CAST does this with the Application Intelligence Platform). Over time, your team will be able to establish secure architecture components that should handle all sensitive data.
Following Best Practices to Achieve Application Security & Reduce Risk

In software maintenance and evolution, it is important to assess both code health and application architecture in order to identify issues impeding software quality goals. One way to move the needle toward software quality is to use Technical Debt (TD) indexing as a method to evaluate development projects.

We recently presented a paper at MTD 2016, the International Workshop on Managing Technical Debt put on by the Software Engineering Institute at Carnegie Mellon, where we discussed the way five different and widely known tools used to compute Technical Debt Indexes (TDI), for example numbers synthesizing the overall quality and/or TD of an analyzed project.

Technical Debt Indexes Provided by Tools: A Preliminary Discussion
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper

It seems more and more frequently we see security and cyber-attacks in the news today. From Yahoo’s apparent cover up of a massive security breach that is damaging its merger with Verizon to the even more recent bank hack in India, where millions of debit cards were compromised, it’s apparent that there are holes in our current defense systems. Adding to the complexity of it all, eWeek has reported that DDoS attacks hit record highs in Q3 2016.

For most data-intensive organizations, it would spell disaster if mission-critical or customer information was leaked. What’s more, security gaps are known to go undetected for much longer in enterprises with a high percentage of legacy systems.

Legacy Modernization is About Application Security Not Just Cost

Insurance organizations have reached a tipping point. Historic institutions, with in some cases hundreds of years of service, they are being forced to transform due to changing consumer demands and nimble, technology-centric startups bringing innovative products to market. No stranger to regulatory and privacy concerns, Insurance carriers have overcome many roadblocks throughout their lifetime of doing business. Now they must tackle their legacy IT systems and improve software risk management to deliver the value today’s market is after.

The Insurance Industry Challenge: Improve Software Risk Management
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey

Earlier this month, CAST held its annual customer and partner conference in Munich, Germany.

IT and business executives from the Insurance, Banking, Telco and IT Consulting sectors shared how they are working with CAST and why software measurement is critical to the success of their IT projects.

CAST Celebrates 25 Years of Customer Success at Oktoberfest in Munich

It’s no question that Cloud is no longer a passing phase. In the span of a few years, Cloud has moved from an interesting concept to a useful business tool. What began as a creative tool for testing has moved into the mainstream as a way to improve hardware utilization and expand capacity. The benefits for Cloud are well established, and more customers are moving to consumption-based models, either with captive or public Cloud solutions. Many tools exist to help with Cloud migrations, but few have the flexibility to “see through the Cloud” to the application code, and make that code fit this new world.

See Through the Cloud!

This blog is from CAST’s keynote speech at MeGSuS’16, 3rd International Workshop on Measurement and Metrics for Green and Sustainable Software. Download the presentation here.

Fueled by our growing thirst for constant connectivity and the dawn of the Internet of Things, the energy required to power all the world’s computers, data storage and communications networks is expected to double by 2020 according to the latest research by McKinsey & Company. This would increase the total impact of IT technology, in terms of global carbon emissions, by at least 3%.

Green Indexes Used in CAST to Measure Energy Consumption of Code

There is more data to manage today than ever before, and this is creating an increasingly pounding headache for business executives that no dose of aspirin will soon relieve. With so many different forms of data and ways of storing that information within the organization, new data management methodologies are needed to make sense of this mind-numbing flood also known as Big Data.

Enter NoSQL. Differing from its much older and experienced brother – SQL – NoSQL has come onto the scene as the “new” and “hip” database paradigm (much like we talk about the Millennial generation). Also known as “Not Only SQL”, NoSQL is a flexible approach to data management and design that is useful for very large sets of distributed, unstructured data.

Big Data and NoSQL: Analyzing Complex Application Portfolios

Software has always been risky business compared to more mature industries such as telecommunications and manufacturing. Historically, software has seen more canceled projects, higher costs and more frequent schedule overruns than any other industry.

Today in 2016 we are also on the forefront of receiving an increasing amount of cyber-attacks in many different forms such as denial of service, data theft, phishing and the like. Of course, other industries are also risk prone, such as banking and finance as seen by their many failures circa 2008. Indeed the insurance industry centers around risk and has developed sophisticated actuarial methods for predicting the costs of risks and when they will occur.

Software Risk and Security in 2016

While you're reading this article, if you come across words – and even sentences – that you don’t understand, there's a high chance you feel like developers do when they're looking at lines of code with a high level of nested complexity. A high level of software complexity can make it difficult to determine architectural hotspots where risk and cost emanate.

Software Complexity Is Killing Us