Today, CAST is meeting hundreds of Enterprise Architect aficionados, gurus, practitioners and professionals in National Harbor at the Gartner EA Summit. When glancing at the agenda, it is evident that EA has become omnipresent and is interacting either directly or indirectly with 100% of hot IT challenges such as Digital Transformation, Cloud Readiness, Internet of Things, Cyber Security and Innovation - the topics that are keeping many executives up at night.

The intent of this post is to share “one” view of the EA journey and provide some personal insight into software risk management and what I think will be the upcoming challenges in our favorite discipline.

EA Insights – The Fact-Based Measurement Effect
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
In this post, there is a distinct warning being made to banks in the UK: another banking outage, similar to RBS major failure in 2012, is on its way.
UK Banking at risk of IT Failure and Technical Debt

The term “Digital Transformation” has become more than just a buzzword as companies continuously work toward the goal of realigning and investing in the digitization of all business aspects to meet and predict customer demands. In the midst of these big changes, there has been much confusion about what it means to actually achieve digital transformation and how to monitor your progression through each stage of the transition.

The Age of Digital Transformation: Where to Start?
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Quality of Open Source Software Projects Report

Recently I had the pleasure of speaking at QAI QUEST 2016, which showcases the latest techniques for software quality measurement and testing. It was a content-rich program with more than three days of diving deep into issues like DevOps, Open Source, Security Mobile and more. But what struck me the most above all the event chatter is that even the brightest of companies are still having a difficult time identifying and fixing code quality errors.

QAI QUEST: Fixing Quality Issues with Automated Code Review

For years refactoring software has been a common process used to improve the quality, efficiency, and maintainability of an application. However, a recent article by IT World discusses how CIOs may not be getting a valuable return on their investment of time and effort into the refactoring process. While many believe refactoring reduces the risk of future headaches, new findings acquired through a study by Sri Lanka researchers suggests code quality is not improved significantly by refactoring.

Using Code Quality Metrics to Improve Application Performance
In simple terms, technical debt is the work that you've been putting off that is needed in order to complete a job.
Get a Grip on your Technical Debt
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
Mergers and acquisitions can always result in some sort of unplanned issue emerging – whether it be about competition or integrating two disparate IT or HR systems.
On Technical Debt and Mergers and Acquisitions
One of the greatest issues of dealing with technical debt is the brittle code that comes along with it.
How to Avoid the Brittle Code of Technical Debt
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey

1On April 6th, CAST held a user group meeting on the topic of function point analysis and software productivity measurement. The meeting gathered more than 20 software measurement professionals from major companies in the banking, IT consulting, telecom, aviation and public sectors for a two-hour working session to discuss the benefits of function point analysis testing.

The event featured presentations including:

  1. An IBM case study on how they worked with CAST to integrate and secure an Automated Function Point (AFP) approach with a big player in the aeronautic sector within TMA Systems
  2. Functional sizing case study
  3. Updates on the new CISQ standards for Automated Function Points
  4. The importance of internal and external benchmarking
CAST User Group on Function Point Analysis: Key Findings
A CFO's job is to form a company's investment strategy, and one critical area of investment in any organization is technology.
A CFO's Guide to Technical Debt

6On March 15, CISQ hosted the Cyber Resilience Summit in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders and attendees from private industry. The CISQ quality measures have been instrumental in guiding software development and IT organization leaders concerned with the overall security, IT risk management and performance of their technology. It was invigorating to be amongst like-minded professionals who see the value in standardizing performance measurement.

CISQ & IT Risk Management: Minimizing Risk in Government IT Acquisition
Most technical professionals can agree on at least one thing: that things would've been done better and problems would've been solved quicker if they had more time to work on them and if they knew the how negatively the impact of not dealing with these issues would effect software quality.
How To Deal with Technical Debt in Different Environments
When working on a legacy codebase, you might start to wonder how anyone could have ever let it get to be such a mess.
How To Rescue Legacy Code Through Refactoring
Ward Cunningham, when coining the term technical debt, warned of incremental debt that allows code to run effectively but imperfectly.
The Path from Technical Debt to Bad Code
This post presents an interesting and effective analogy to for those of us that struggle with handling technical debt: spilled juice.
How Spilled Juice is just like Technical Debt
A relationship that is often overlooked in software development and maintenance is the one between incidents and technical debt.
The Relationship Between Incident Management and Technical Debt

UntitledSoftware Risk Management in Digital Transformation was the focus during the 4th edition of the Information Technology Forum, hosted by International Institute of Research (IIR).  Massimo Crubellati, CAST Italy Country Manager, discussed how Digital Transformation processes are changing the ICT scenario and why software risk management and prevention is mandatory.

 

Massimo shared our recipe for Digital Governance evolution: including a specific ICT Risk chapter in the design of the governance structure of the digital transformation, whose most relevant aspect is to determine which methods and through which key performance indicators to measure the operational risk inherent in the application portfolio. Measurement needs to be continuous and structural, it must include the assessment of application assets inherent weaknesses, through the analysis of correlations between the layers composing them. Thus obtaining, not only an effective prevention of direct damage ensuring the service resilience, but a reduction in maintenance and application management costs.

Software Risk Management: Risk Governance in the Digital Transformation
This post presents an interesting mindset from which to build software: treating infrastructure as code so that the systems and devices which are used in software are treated as software themselves.
Infrastructure as Code and Avoiding Technical Debt