The Software Intelligence Blog

  • CISQ & IT Risk Management: Minimizing Risk in Government IT Acquisition

    6On March 15, CISQ hosted the Cyber Resilience Summit in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders and attendees from private industry. The CISQ quality measures have been instrumental in guiding software development and IT organization leaders concerned with the overall security, IT risk management and performance of their technology. It was invigorating to be amongst like-minded professionals who see the value in standardizing performance measurement.

  • Software Risk Management: Risk Governance in the Digital Transformation

    UntitledSoftware Risk Management in Digital Transformation was the focus during the 4th edition of the Information Technology Forum, hosted by International Institute of Research (IIR).  Massimo Crubellati, CAST Italy Country Manager, discussed how Digital Transformation processes are changing the ICT scenario and why software risk management and prevention is mandatory.


    Massimo shared our recipe for Digital Governance evolution: including a specific ICT Risk chapter in the design of the governance structure of the digital transformation, whose most relevant aspect is to determine which methods and through which key performance indicators to measure the operational risk inherent in the application portfolio. Measurement needs to be continuous and structural, it must include the assessment of application assets inherent weaknesses, through the analysis of correlations between the layers composing them. Thus obtaining, not only an effective prevention of direct damage ensuring the service resilience, but a reduction in maintenance and application management costs.

tst mze
  • A Code Quality Problem in Washington State Puts Dangerous Criminals Back on the Street

    We always hear about issues with systems, applications, or services caused by poor code quality or missed defects, but what happens when these problems become life threatening? Recently an article posted by npr discussed the early release of dangerous prisoners who are now being charged for murder. According to the article, Governor Jay Inslee of Washington State reported that more than 3,200 prisoners were released early due to a software defect.

  • The HSBC Failure Has Many Wondering: Are Banking Providers Taking the Appropriate Measures to Ensure Code Quality and System Dependability?

    The banking industry has definitely had its share of ups and downs when it comes to service reliability. In the past year, there have been a number of instances where customers have been unable to gain access to funds, receive deposits, and pay bills. As reported in an article by theguardian, HSBC experienced a system failure at the end of August, which left thousands of their customers in a bind over a major banking holiday.

  • Was Lack of Proper Code Analysis Tools a Root Cause of Juniper Networks Security Backdoors?

    With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.

    As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

  • Blackphone Update Removes Critical Security Threat: Did Code Quality Issues Contribute to the Problem?

    As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.

    What Was the Security Issue?

    The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:

    • Voice Calling
    • Text Messaging
    • Video Conferencing
    • File Transfers
  • Supporting Our Global Community

    As we come together to help those affected by recent global tensions, we have made a charitable donation of $10,000 to Doctors Without Borders/Médecins Sans Frontières (MSF) on behalf of the CAST community. We believe that our citizenship transcends geography and political borders as we are united within one, universal community.

    CAST is proud to support an organization that values people and upholds their right to medical care regardless of gender, race, creed, religion or political affiliation. In over 60 countries around the world, MSF saves lives by providing medical aid where it is needed most — in armed conflicts, epidemics, natural disasters and other crises.

  • IT Leaders Address the Value of Software Measurement & Government Mandates Impacting Development

    IT leaders from throughout the federal government discussed the value of how software measurement can positively impact their development process at CAST’s recent Cyber Risk Measurement Workshop in Arlington, VA – just outside of the Washington, D.C. area. The event brought together more than 40 IT leaders from several governmental agencies, including the Department of Defense and Department of State, system integrators and other related organizations. The group shared their experiences in how their respective organizations are driving value to end users and taxpayers.

  • Key Discussion Points from Forrester Webinar: Agile Portfolio Management Requires Rapid Transparency

    Application portfolio analysis was at the center of discussion as Forrester Research Vice President and Principal Analyst, Margo Visitacion, presented how Agile development is affecting the application development process and IT’s portfolio planning. Ms. Visitacion explained that in the “Age of the customer,” they want more for less and expect companies to fluidly change based on their needs and demands. As companies shift their attention to customers’ experiences rather than production figures, it’s leading directly to higher revenue and a longer-lasting relationships.

  • Software Risk: Executive Insights on Application Resiliency

    Software risks to the business, specifically Application Resiliency, headline a recent executive roundtable hosted by CAST and sponsored by IBM Italy, ZeroUno and the Boston Consulting Group.  European IT executives from the financial services industry assembled to debate the importance of mitigating software risks to their business.

  • Software Quality and Developer Productivity: Together Improve Efficiency

    Software Quality and Developer Productivity took center stage last week during a software development and productivity event hosted by Leda and CAST.  Findings from two studies showed that application benchmarking is essential to measure software quality and development team productivity.
    Merino, CAST’s Solutions Designer explained that, “It is necessary to understand the state of applications, and to base your strategy on that data. In addition, measurement, to be effective, accurate and accepted by others, must be based on standards.” Merino further explained how software measurement and analysis has different objectives, the primary purpose is to make better decisions based on real data; decision that help increase revenues or reduce costs.

  • Faltering Software Quality and Standards: Why Programmers Should Stop Calling Themselves Engineers

    In the current tech scene, it has become common practice to refer to programmers as engineers. It seems that if you aren't part of sales or marketing teams you are now entitled to being designated as an engineer. However, what has been forgotten over the 50 years of looking to turn software development into a legitimate engineering practice, is that we still haven't reached the aspiration of being just that: a legitimate engineering practice. Traditional engineers have to go through stringent regulation, certification, and apprenticeships in order to gain the title. This creates an implicit responsibility of providing reliability and public safety. Software development hasn't reached this point yet - software quality and standards are not universally valued.

    So why is the tech industry using the engineering title to describe its technical workers?

  • Bad Software Quality Crashes Airlines’ IT Systems, Again: When Is Enough Enough?

    Southwest Airlines is the latest victim of the airline scandal. What scandal? It’s the one where airlines continue to cause travel delays due to poorly managed IT systems. It’s the one that caused Southwest to delay 836 flights on Monday and distribute HAND written tickets to passengers because of a ‘software glitch’. Southwest isn’t alone. United Airlines grounded hundreds of flights in July and American Airlines did the same in September and April. How long will consumers have to wait before these organizations figure out that the glitches are caused by bad software quality, which creates bad service?

  • Software Benchmarks and Benchmarking

    Reifer Consultants LLC’s recent white paper, Software Benchmarks and Benchmarking, discusses software benchmarking process and provides information on industry

  • Software Risk: 4 Case Studies in Software Quality and Software Schedules by Capers Jones

    This post is taken from Capers Jones, VP and CTO, Namcook Analytics LLC original paper Software Risk Master (SRM) Estimating Examples For Quality and Schedules.

  • IT Trends 2016: Insights from the CAST CIO and IT Leaders’ Roundtable Discussion

    Last week, CAST, a global leader in software analytics, invited more than 100 IT professionals to participate in a software risk and analytics roundtable in New York, NY. The daylong exchange included CIOs, industry analysts, systems integrators and IT advisory firms. As an outcome of this gathering, CAST published an IT Trends 2016 Report. The following post attempts to capture some of the exchange between participants and key takeaways.

  • IT Trends 2016

    Topping the list of IT Trends 2016 is helping CIOs take advantage of Big Data for themselves, while cutting through the clutter. Accelerating the time from data to decision requires analytics that highlight areas of risk and opportunity in support of business decisions, not technical ones. Proactive, predictive insight arms CIOs with the ability to ask the right questions, to challenge the status quo and surface technical risks that jeopardize revenue, reputation or brand. Real-time solutions that improve the signal-to-noise ratio top the CIO’s wish list for 2016.

  • Measuring Legacy Systems for Technical Debt and Quality

    Legacy Code

    When a business develops software, new technologies eventually outgrow the software. But that doesn’t mean the software stops working, which is why businesses continue to use legacy software. In fact, after all the fixes and patches, the legacy software still gets used because it simply works, even if it means the users are forced to run older operating systems and older web browsers to use it.