When It Comes To Code Quality: Agile, Waterfall, or Both?


Supporters of the Agile development methodology have long held that the traditional Waterfall approach to software development was slow, bloated, and unnecessary. The fast-cycle, short sprints of Agile development gave it an edge in a world that moved in Internet time. On the other hand, Waterfall advocates claimed the move to Agile was too swift and that the shorter sprint times would result in architectural weaknesses and increase coding errors. CAST-agile-waterfall-who-will-winIt seemed like a religious debate with no clear winner, one that would rage on for a long time.

But according to findings in our most recent CRASH report, announced this week, applications built using a mixture of Agile and Waterfall, with an up-front emphasis on architectural quality and design, coupled with short time-boxed releases will result in more robust and secure applications than those built using either Agile or Waterfall alone.

Analyzing architectural and code quality weaknesses in 186 different enterprise-grade applications built using Java-EE, our report found that over three quarters of the robustness, security, and changeability scores for applications developed with a mix of Agile and Waterfall methods were higher than the median scores for projects using only Agile or Waterfall methods.

If you’re interested in more findings from the 2014 CRASH Report, you can register today to receive a copy of the executive summary when it’s published later this month.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Load more reviews
Thank you for the review! Your review must be approved first
New code

You've already submitted a review for this item