CEO in the Field: “If it was hard to write, it should be hard to understand.”

by

On a frigid day not long ago, I met a bright SVP of Quality Assurance (QA) at a large financial institution in the US. The company employs more than 10,000 people in its IT department alone, and this gentleman managed a team of nearly 2,000 QA professionals.

I was there to discuss some recipes for success, as this organization (a new customer of CAST) was just beginning to use our software intelligence platform and integrate CAST as a structural quality gate, towards the end of the development cycle, just before software would be released into production.

“Sooner being better than later, why are you only planning to use CAST technology late in the SDLC? Why aren’t you also using it to catch structural defects in software?” I asked. 

This SVP gave me an answer that hit home.

“Well, you know, when you try to socialize the idea that we’re bringing in an X-ray machine to analyze our software that looks at database structure, transaction flows, component connectivity, etc. you come up against some strong pushback from your dev team, and even architects,” he said. “That’s ‘their’ code. They want to be the only one to know. I don’t want to waste my time in a tough uphill battle to convince our folks. You know, as the old adage says, 'if it was hard to write, it should be hard to understand.' So my strategy here is to catch a few 'monsters' right before production, the kind of software defects that lead to data corruption, outages or security catastrophes, and send them back to my dev team to fix before going to production. I bet you they will be asking for CAST any time soon," he said with a grin. 

With a skillful understanding of what motivates a developer’s psyche, he found a smart and smooth way to introduce our disruptive technology, aiming to make the invisible visible. 

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Vincent Delaroche Chairman and CEO at CAST
A passionate entrepreneur and industry thought leader, Vincent has grown CAST from a start-up in a French basement to a market leader. He's a true believer in "you can’t manage why you don’t see”, and so he began the software analytics movement to help executives get the truth about their software, to help architects become software geniuses, and delivery teams deliver super-software.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|