When Electronic Health Records were first installed into hospitals and networks, it was seen as a great innovation. However, an important step in their implementation was glazed over: ensuring their security. According to Politico, hacks related to security lapses have cost the healthcare industry around $6 billion a year.

Healthcare Giants and Consumers Are Both Victims When It Comes To Security Violations

Shravan Dantu joins CAST as VP and Country Manager, India, from Avanade, a technology services and IT consulting company. During his 18 years of experience, playing various roles in IT consulting and outsourcing services, he has consulted customers across a range of industries such as: Life Sciences, Insurance, Healthcare, Retail, and Financial Services. Shravan has also been involved in setting up large IT, BPO global delivery, and offshoring programs. With such dynamic experience, Shravan is a crucial addition to the CAST team.

We're Growing! Shravan Dantu joins CAST as VP & Country Manager, India
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>

The purpose of this white paper is to portray the worldwide state of agile adoption for our readers. While much has been written about the strengths and weaknesses of the technology, little data has been published to show how widely agile methods are used. This paper corrects that by providing data from our databases for public consumption. As shown in Figure 1, agile methods have become the dominant software development paradigm used throughout the world based on data from 330 organizations. Some of these organizations are offshoots of the 120 firms and government organizations from which we have received data. Figure 2 summarizes which agile methodologies are in use by these organizations. As many said that they were using a hybrid approach, i.e., one that combined agile with traditional concepts, we have included their response and categorized them as either hybrid or hybrid/lean (agile combined with lean).

Agile Introduction: Are You a Laggard?
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Quality of Open Source Software Projects Report

As SAP is extended and expanded, it spawns a network of transactions, potentially written in different languages, and some inconsistencies in data models. An SAP implementation is not just SAP, it’s JEE, JSP, HTML as well as custom ABAP. Analyzing the characteristics of these applications by hand requires a set of experts in each language, and tends to be expensive.  There are excellent tools for analyzing the individual technology, but in a complex and expansive environment like SAP, what is required is a tool that can analyze across technology environments.

“SAP” is Not Just SAP

Last Wednesday the Royal Bank of Scotland (RBS) underwent an IT failure which withheld 600,000 payments from customer accounts. This occurs seven months after RBS was fined ₤56 million due to an IT Crash in 2012 that impeded customers from accessing their online accounts. The poor system performance has caused difficulties for customers and shock from the banking community.

Royal Bank of Scotland's IT Failure Exposes Vulnerabilities in Digital Banking
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper

One of the allures of SAP has been the pre-built business transactions which promise speed to value and the ability to leverage code.  With the business processes, transactions, and architecture defined, success must be just around the corner. The reality has not quite kept pace. 54% of organizations experience ERP project budget overages.

SAP Performance Does Not Come "Out of the Box"

Giovedì 11 Giugno 2015 ha avuto luogo la IV Edizione della CAST CIO Conference. Ringraziamo i numerosi aderenti alla manifestazione che hanno contribuito al successo di questo evento consentendoci di analizzare, traendo spunto dai più recenti  casi di malfunzionamento di applicazioni “mission critical”, le strategie di prevenzione dei rischi attraverso la misurazione della qualità strutturale degli asset applicativi critici.

Key Points dalla CAST CIO CONFERENCE 2015
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey

Companies worldwide use SAP, but SAP by itself does not resolve all of an organizations issues. As a result, a number of organizations need to customize SAP applications to suit their purposes, but this has met with mixed results.

CAST today released the results of the 2014-2015 CRASH Report for SAP, which revealed more than half of those organizations opting to customize SAP applications have encountered increased application risk, additional software risk management costs and disruption of critical business processes.

CRASH Report: Customized SAP Apps Increase Application Risk, Decrease Business Performance

In business, measurement is key. It’s not a new concept, of course, but it’s one that information technology has enabled to be implemented to a higher degree than ever before. Function point analysis is one of those areas where, like initiatives such as Six Sigma, the ability to measure can help insure ultimate success.

Function Points Analysis: On Point at Federal Productivity Workshop

There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.

Is Application Security Risk a Result of Outsourcing?

Over the past decade, advancements in static analysis tools from both commercial and open source communities have dramatically improved the detection of developer violations of good coding practices. The ability to detect these issues in coding practices provides the promise of better software quality.

Software Quality is More than Good Code

For the last half-decade, a debate has raged over which project management method reigned supreme – Agile or Waterfall. To determine which held the advantage, some looked at the management techniques and fluidity with which projects were completed, others judged the debate by pointing to the structural quality of the applications being developed.

Agile-Waterfall Hybrid Best for Structural Quality According to CRASH Report Findings

Digital transformationis a project many business executive leaders have recently taken on, especially those in banking and financial services. These organizations are competing to digitally transform front-end systems that are connected to brittle legacy systems. The subsequent failure to identify the structural vulnerabilities in combined applications, produces security and reliability issues the negate the value of digital transformation.

Digital Transformation Event: Join us on June 3rd in Toronto, Canada

Join software measurement practitioners from government and industry at an event on June 2nd just outside of Washington DC. Discussion topics to include: the use of software analytics in all areas of enterprise program and development management, software measurement, automated function points, and software productivity management.

Function Points, Software Analytics and Much More! Join Us in DC on June 2nd

CAST ha partecipato al 1° Evento Metrico 2015 organizzato dal GUFPI ISMA, associazione di riferimento nazionale per la misurazione del software in Italia, tenuto a Roma lo scorso 14 Maggio. La conferenza ha visto la partecipazione di Cast sui seguenti 3 topics:

Key Points dal 1° Evento Metrico 2015 GUFPI ISMA