Recently I had the pleasure of speaking at QAI QUEST 2016, which showcases the latest techniques for software quality measurement and testing. It was a content-rich program with more than three days of diving deep into issues like DevOps, Open Source, Security Mobile and more. But what struck me the most above all the event chatter is that even the brightest of companies are still having a difficult time identifying and fixing code quality errors.
During my keynote, I spoke about the perils of system-level defects and how these defects, when they go undetected, can completely ruin ingenious application development strategies. There are two key reason these bugs persist: decentralized development practices and a lack of automated code review standards.
For example, Developer A and Developer B are both working on a new enterprise application. Developer A has written a simple instruction to open a database without knowing that Developer B is calling that method into a loop. Developer B has written this call without knowing that Developer A is opening and closing the database repeatedly. What we end up with is a sluggish application as it continuously engages the database perhaps thousands or tens of thousands of times a day. What’s worse is that eventually the system will come to a complete standstill.
Unintentional resource drains, non-validated user inputs and inadequate errors handling are serious defects that happen more frequently than you might expect, and is not easy to detect with human review processes – especially when developers are working separate threads simultaneously to complete a project on time.
Defects like these are nearly impossible to detect because there is no single knowledge holder who understands what is going on in various aspects of the application development cycle.
For IT-rich organizations, the greatest risks for unregulated application development include:
- Unexpected downtime
- Sudden increase in hardware costs
- Unexpected disaster recovery costs
- Delay in time-to-market
In fact, Booze Allen Hamilton asserts that decisions made in department silos can result in making an organization more vulnerable to the escalating frequency and sophistication of today’s cyber-attacks.
Automation is the main ammo against security and performance threats posed by application defects. Automated code review is the most efficient way to boost quality and reduce application risk during the development process. Technology-based solutions provide a thoroughness and cadence that human review cannot, and they arm developers with the knowledge they need to work accurately and efficiently.
For more best practices in managing the application development process, check out how RWE Supply & Trading is improving the resilience of trading systems.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.