Perform Application Assessments Before Purchasing IT System Components

by

Do you have processes in place to perform application assessments of existing systems before additional purchasing decisions are made? One could argue that it’s always a good time for an assessment. You could be making major upgrades to your invoice processing system, the backbone of your call center or your logistics program. All of these are core systems that your company will rely upon for the next five to 10 years, and it’s important they are robust and secure enough to be maintained over time.

Using Application Assessments Before Signing Vendor SLAs

Once your team has shortlisted two or three software vendors and it’s been confirmed they fit your specific needs, it’s important to note if software quality standards are covered by the contract. If the system, or application updates, delivered by the vendor fail in production, there will be a major impact on your business – loss of revenue, customer satisfaction, time to fix issues, and more.

You need to rest assured that the vendor you choose is well structured to respond to crises as well as your future, ongoing modernization needs. As a result, we recommend that your application assessments are two-fold:

  1. A technical assessment should analyze source code and application architectures to evaluate software quality and any associated risks.
  2. A development processes assessment should identify the maturity level of the development organization and its ability to deliver within the SLA consistently over time.


We frequently hear clients say: “Our business is complex enough without having to deal with technology issues. It is critical to select partners we know can help manage our technology for us.”

The good news is that modern vendors should see assessments as an opportunity to demonstrate the maturity of their processes and the level of their software quality standards over their competitors. If you see a vendor hesitating to participate in due diligence assessments, it’s safe to say they are probably not the right partner for you.

Why You Should Care About Application Assessments

Benchmarking software quality and ensuring it can be sustained – and hopefully improved – is a huge benefit of application assessments. Getting an objective view of application architecture and code characteristics based on industry-wide standards can only help you make better decisions across the board.

I’ve heard customers say on multiple occasions: “We thought we were about to buy a state-of-the-art logistics system, but after the assessment we realized it was more obsolete than our current one.”

Based on the data generated from application assessments, your teams are armed with real-time analytics on current code quality, the maturity of development processes being used and requirements for technical support. All these findings also help predict future quality.

If improvements are required, the assessment can help generate an action plan detailing priorities and highlighting where changes need to be made in the code. This also has trickle-down benefits for application security and risk management initiatives.

Application Assessments Support Ongoing Modernization

Too often, companies create an attractive system (i.e. efficient, elegant and functional), but they reach the limits of what they are able to manage with existing, internal resources.

In a significant number of these cases, the applications are based on obsolete technologies that are incredibly difficult to secure, or the architecture has become so complex that adding new features becomes essentially impossible. In other cases, development processes are absent, inappropriate or unscalable, so the vendor is unable to maintain standard software quality levels over time.

Adopting a model that supports ongoing application assessments can only lend visibility into modernization efforts, making them more practical, objective and simple to execute. Getting below the surface of “nice-looking” applications to see what’s actually going on will help you make productive changes to development processes, foster transparent vendor relationships and support the longevity of critical IT systems.

Filed in: Risk & Security
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Francois Xavier Albouy
Francois Xavier Albouy Senior Consultant
With more than 18 years of experience in managing software innovation projects, from front-end to delivery to users, Francois helps CAST customers gain actionable improvements from Software Intelligence. Francois is particularly knowledgeable in application audits, GDPR preparation and compliance, and managing IT outsourcing agreements.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|