CRASH Report: Customized SAP Apps Increase Application Risk, Decrease Business Performance

by

Companies worldwide use SAP, but SAP by itself does not resolve all of an organizations issues. As a result, a number of organizations need to customize SAP applications to suit their purposes, but this has met with mixed results.

CAST today released the results of the 2014-2015 CRASH Report for SAP, which revealed more than half of those organizations opting to customize SAP applications have encountered increased application risk, additional software risk management costs and disruption of critical business processes.

In examining almost 50 million lines of customized applications written in ABAP, SAP’s programming language, the CRASH report revealed that more than half of all instances contained significant flaws, driving down business performance and increasing risk, while simultaneously incurring additional costs to companies’ bottom lines. This news comes at a time when SAP is making a renewed push to simplify the use of its enterprise software.

“Enterprise-level SAP customizations are far from simple,” said Dr. Bill Curtis, Chief Scientist at CAST. “Some require millions of lines of code and grow extremely complex. The more complex the code, the costlier it is to maintain and the longer it takes to add new functionality. That puts the business at a competitive disadvantage.”

The research reveals a number of applications are highly vulnerable, with companies exposing themselves to operational problems such as outages, performance degradation, unauthorized access or data corruption. Some of the other specific findings include:

  • Basic software engineering errors account for more than half of all violations. Many of the mistakes suggest that junior or inexperienced programmers are completing the work.
  • SAP customizations have more complexity issues than equivalent applications written in Java or C.
  • Overall, developers complied with ABAP coding rules only one-third of the time.

Curtis is quick to emphasize that the software quality of custom SAP applications can be improved without abandoning ABAP.

“The agility of any business is directly tied to the quality of their code,” Curtis said. “Structural quality is often sacrificed for speed to deployment.  Yet structural weaknesses are root causes of security breaches, outages, and other business risks. Businesses can improve their competitive agility and reduce costs by managing the quality of their SAP customizations.”

A copy of the CAST CRASH report for SAP can be downloaded at http://goo.gl/lgamMs.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|