CAST

Is Application Security Risk a Result of Outsourcing?

by

There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.

Consistent with previous years’ CRASH results, the 2014-2015 CRASH report revealed that “The choice to develop applications in house versus outsourced had no effect on health factor scores.”

CAST Research Labs gathered evidence from 501 applications from companies that had reported source information. The applications – 224 of which were developed in-house and 277 of which were outsourced – were also all similar in terms of their number of lines of code.

The study statistically confirmed that there were no significant differences between sourcing choices on any of the health factors in the sample. Furthermore, when the Total Quality Index (TQI) scores for the two sourced options were calculated, the difference proved to be statistically insignificant – outsourced applications were equal in structural quality to in-house developed applications.

Outsource-Application-Security

The CRASH report also revealed very little difference between applications developed and maintained offshore versus onshore…put in real-world terms, China and India offer quality on par with IT service companies in Mexico and the US.

Of the 387 applications studied that were developed onshore and the 114 that were developed or maintained offshore, there were no statistically significant differences in scores for Performance, Security, and Transferability between applications regardless of their location.

The only differences in health factors appeared in the Changeability and Robustness scores, but even there the differences were very slight. Onshore applications were slightly more Changeable (2% difference) and Robust (1% difference), both minor factors. The slight difference did also lead to onshore applications having a slightly higher TQI than offshore, but by less than 1%.

So the next time someone tries to tell you that you’re better off keeping a project in-house rather than outsourcing it, CRASH their misconception with the facts!

Complete results of the most recent CRASH report can be downloaded from the CAST web site at http://www.castsoftware.com/research-labs/crash-reports/2014-crash-report.

  This report describes the effects of different industrial factors on  structural quality. Structural quality differed across technologies with COBOL  applications generally having the lowest densities of critical weaknesses,  while JAVA-EE had the highest densities. While structural quality differed  slightly across industry segments, there was almost no effect from whether the  application was in- or outsourced, or whether it was produced on- or off-shore.  Large variations in the densities in critical weaknesses across applications  suggested the major factors in structural quality are more related to  conditions specific to each application. CRASH Report 2020: CAST Research on  the Structural Condition of Critical Applications Report
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|