QAI QUEST: Fixing Quality Issues with Automated Code Review

by
John Chang, Head of Solution Design, CAST Software at QAI QUEST, 2016
John Chang, Head of Solution Design, CAST Software at QAI QUEST, 2016

Recently I had the pleasure of speaking at QAI QUEST 2016, which showcases the latest techniques for software quality measurement and testing. It was a content-rich program with more than three days of diving deep into issues like DevOps, Open Source, Security Mobile and more. But what struck me the most above all the event chatter is that even the brightest of companies are still having a difficult time identifying and fixing code quality errors.

During my keynote, I spoke about the perils of system-level defects and how these defects, when they go undetected, can completely ruin ingenious application development strategies. There are two key reason these bugs persist: decentralized development practices and a lack of automated code review standards.

For example, Developer A and Developer B are both working on a new enterprise application. Developer A has written a simple instruction to open a database without knowing that Developer B is calling that method into a loop. Developer B has written this call without knowing that Developer A is opening and closing the database repeatedly. What we end up with is a sluggish application as it continuously engages the database perhaps thousands or tens of thousands of times a day. What’s worse is that eventually the system will come to a complete standstill.

Unintentional resource drains, non-validated user inputs and inadequate errors handling are serious defects that happen more frequently than you might expect, and is not easy to detect with human review processes – especially when developers are working separate threads simultaneously to complete a project on time.

Defects like these are nearly impossible to detect because there is no single knowledge holder who understands what is going on in various aspects of the application development cycle.

For IT-rich organizations, the greatest risks for unregulated application development include:

  • Unexpected downtime
  • Sudden increase in hardware costs
  • Unexpected disaster recovery costs
  • Delay in time-to-market

In fact, Booze Allen Hamilton asserts that decisions made in department silos can result in making an organization more vulnerable to the escalating frequency and sophistication of today’s cyber-attacks.

Automation is the main ammo against security and performance threats posed by application defects. Automated code review is the most efficient way to boost quality and reduce application risk during the development process. Technology-based solutions provide a thoroughness and cadence that human review cannot, and they arm developers with the knowledge they need to work accurately and efficiently.

For more best practices in managing the application development process, check out how RWE Supply & Trading is improving the resilience of trading systems.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
John Chang Head of Solution Design
John Chang is the Head of Solution Design for CAST in North America, helping Fortune 2000 companies leverage CAST’s solutions to reduce system-level defects and improve application development outcome success.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|