QAI QUEST: Fixing Quality Issues with Automated Code Review

John Chang, Head of Solution Design, CAST Software at QAI QUEST, 2016
John Chang, Head of Solution Design, CAST Software at QAI QUEST, 2016

Recently I had the pleasure of speaking at QAI QUEST 2016, which showcases the latest techniques for software quality measurement and testing. It was a content-rich program with more than three days of diving deep into issues like DevOps, Open Source, Security Mobile and more. But what struck me the most above all the event chatter is that even the brightest of companies are still having a difficult time identifying and fixing code quality errors.

During my keynote, I spoke about the perils of system-level defects and how these defects, when they go undetected, can completely ruin ingenious application development strategies. There are two key reason these bugs persist: decentralized development practices and a lack of automated code review standards.

For example, Developer A and Developer B are both working on a new enterprise application. Developer A has written a simple instruction to open a database without knowing that Developer B is calling that method into a loop. Developer B has written this call without knowing that Developer A is opening and closing the database repeatedly. What we end up with is a sluggish application as it continuously engages the database perhaps thousands or tens of thousands of times a day. What’s worse is that eventually the system will come to a complete standstill.

Unintentional resource drains, non-validated user inputs and inadequate errors handling are serious defects that happen more frequently than you might expect, and is not easy to detect with human review processes – especially when developers are working separate threads simultaneously to complete a project on time.

Defects like these are nearly impossible to detect because there is no single knowledge holder who understands what is going on in various aspects of the application development cycle.

For IT-rich organizations, the greatest risks for unregulated application development include:

  • Unexpected downtime
  • Sudden increase in hardware costs
  • Unexpected disaster recovery costs
  • Delay in time-to-market

In fact, Booze Allen Hamilton asserts that decisions made in department silos can result in making an organization more vulnerable to the escalating frequency and sophistication of today’s cyber-attacks.

Automation is the main ammo against security and performance threats posed by application defects. Automated code review is the most efficient way to boost quality and reduce application risk during the development process. Technology-based solutions provide a thoroughness and cadence that human review cannot, and they arm developers with the knowledge they need to work accurately and efficiently.

For more best practices in managing the application development process, check out how RWE Supply & Trading is improving the resilience of trading systems.

  This report describes the effects of different industrial factors on  structural quality. Structural quality differed across technologies with COBOL  applications generally having the lowest densities of critical weaknesses,  while JAVA-EE had the highest densities. While structural quality differed  slightly across industry segments, there was almost no effect from whether the  application was in- or outsourced, or whether it was produced on- or off-shore.  Large variations in the densities in critical weaknesses across applications  suggested the major factors in structural quality are more related to  conditions specific to each application. CRASH Report 2020: CAST Research on  the Structural Condition of Critical Applications Report
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
John Chang
John Chang
John Chang has helped Fortune 2000 companies leverage CAST’s solutions to reduce system-level defects and improve application development outcome success.
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item