To each task its tool

by

Measuring application quality to get useful results requires proper analysis of the right source code perimeter in the most relevant way. But it doesn’t stop with just one measurement, you can follow the evolution of indicators for a given period in order to anticipate potential troubles and to be in a position to make good decisions.

Performing a software application measurement means:

  • Precisely identifying the source code to analyze to avoid missing and unnecessary parts
  • Getting the source files quickly and in one shot
  • Correctly defining all the measures to perform with respect to standards and by taking into account application specificities

Automating the measurement process requires you to be ready to quickly and easily redo or adjust to different tasks: source code delivery, configuration, analysis, computation, report generation, etc.

Using tools

The interesting thing is, each individual task can be managed by a dedicated tool that is going to allow the operator to focus on what he has to do and not on the technical aspects behind the operations to carry out. Thus, the source code management (extraction and delivery) can be done with tools like Application Intelligence Center Portal (AIC Portal), the Delivery Management Tool (DMT), and source code extractors.

Similarly, the quality model that defines all the measures, distributions, quality rules, and counting with proper weights and thresholds, adjusted to the company applications, can be configured using a tool like Assessment Model. Each time an adjustment is necessary, the AI administrator can use the tool to make the required changes easily.

Oftentimes companies created their own "world" with specifics, which must be taken into account to reflect the quality of this "world" in the global measure. If you don't do that, you will miss a part of the system.

Defining a custom quality measure on source code or on software architecture is not always an easy task. Sometimes, it is simply not feasible. However, there are tools that provide AI administrators and software architects with helpful features. For instance, Architecture Checker allows administrators to describe the layers or components of a software architecture and check if they communicate with the others by respecting the specifications done by the software architect.

It is a complex task to analyze an entire system, and technical staff are very appreciative of tools that give them a peek into the whole system. Quality Rule Studio is another tool under development at CAST to help AI administrators to implement coding guidelines. The goal, here, is to decrease the number of technical operations that must be performed to define, test, and put in production a quality rule. The user works with an IDE to implement and simulate his rules, and can inject them directly into the Assessment Model.

Once final information has been generated, other tools come into play to help AI consumers navigate the results through a portal, to manage action plans and reduce technical debt, and to deliver reports for specific needs.

A platform with inter-connected tools

It is very helpful for an Application Intelligence center and AI consumers to work with a complete platform that provides all these integrated tools. This is an important aspect because having tools that cannot easily communicate and share data can lead to a "Rube Goldberg machine” that is very often difficult to manage and makes the software application quality measurement a very complex operation to do.

Management Studio is a good example of a process management tool that integrates different tasks into a global process. This is why, at CAST, we deliver the AI Platform (all the tools I spoke about above are or will be in CAST AIP) and continuously work to improve it in all the parts of the information production chain -- from source code delivery to AI information consumption.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jerome Chiampi
Jerome Chiampi Product Owner
Jerome Chiampi is a Product Owner at CAST and is responsible for helping clients leverage Software Intelligence products to reduce software risk. He has 20 years of experience working in the software industry and is a trained software development engineer with expertise in assessing software and application security.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|