Category: Risk & Security

Last Wednesday the Royal Bank of Scotland (RBS) underwent an IT failure which withheld 600,000 payments from customer accounts. This occurs seven months after RBS was fined ₤56 million due to an IT Crash in 2012 that impeded customers from accessing their online accounts. The poor system performance has caused difficulties for customers and shock from the banking community.

Royal Bank of Scotland's IT Failure Exposes Vulnerabilities in Digital Banking

Benjamin Rehberg, Partner and Managing Director of the Boston Consulting Group and former consultant for IBM Global Business Services, discusses the importance of both IT risk management and application portfolio management (APM) in a video conversation with CAST. He looks at the challenges for IT leaders, the need for software measurement and discusses how IT transformation can improve business operations.

IT RISK MANAGEMENT: A Conversation with BCG’s Benjamin Rehberg

The Consortium for IT Software Quality (CISQ), will host an IT Risk Management and Cybersecurity Summit on March 24 at the OMG Technical Meeting at the Hyatt Regency Hotel in Reston, VA. The CISQ IT Risk Management and Cybersecurity Summit will address issues impacting software quality in the Federal sector, including: Managing Risk in IT Acquisition, Targeting Security Weakness, Complying with Legislative Mandates, Using CISQ Standards to Measure Software Quality, and Agency Implementation Best Practices.

CISQ Hosts IT Risk Management & Cybersecurity Summit

We welcome guest blogger Bill Dickenson, an independent consultant and former VP of Application Management Services for IBM, who brings decades of experience in application development and DevOps. Dickenson’s post below discusses how using CAST’s automated software analysis and measurement solutions helps achieve the benefits of DevOps, while eliminating the risks.

The recent move to cloud based development/operations (DevOps) is changing the testing and development lifecycle by accelerating the speed that code can migrate from development, through testing, and into production. Cloud based testing environments can be instantiated and refreshed at an unprecedented speed.

Improving Code Quality in DevOps

During last week’s webinar on IT Transformation featuring Marc Cecere, vice president and principal analyst for Forrester Research, many questions presented by participants went unanswered due to time constraints. Because these questions are likely being asked by many in the IT arena, we asked Marc’s webinar co-host, Pete Pizzutillo of CAST to provide answers to the three most frequently asked questions.

IT Transformation Webinar Questions Answered

In today’s software-driven business world, IT transformation has become an enormous component of business transformation and software risk management. This is one of the key messages delivered by Marc Cecere, Vice President and Principal Analyst for Forrester Research, during a webinar held recently on Business Transformation, which was sponsored by CAST, Inc.

IT Transformation Major Component of Biz Transformation
It is becoming more and more obvious that the software risks and complexity that face today's legacy systems is a growing problem for many IT organizations.
Executive Dinner Series: Managing Software Risk within the Insurance Industry

We currently live in a futuristic world that past generations could only dream of. News, weather, updates from friends all over the world come pouring into our computers and smart devices and we don’t even think twice about the IT risk. Whether we’re at home with family, socializing with friends, or even working, technology is constantly surrounding us in one way or another.

Our reliance on technology is so heavy in fact, we often forget about the science behind it and how much goes into the IT risk management to support it. Beneath the surface of our most frequently used apps, social media accounts, games, and programs, highly complex software and code is constantly operating to maintain a satisfied user experience. Even non-tech businesses now realize they would not be able to function in today’s world without effective technological resources.

Predicting the Future of IT Risk Management with Melinda Ballou

When the entire Facebook platform -- including mobile, web, and third party apps -- went down last week, users took to Twitter hashtag #FacebookDown in a blind panic to lament the social media outage. Though these outages might seem harmless and commonplace, Facebook’s reputation rides on their users’ ability to log onto Facebook from anywhere, at any time. And the more Facebook users have to turn to Twitter or other social networks to have their online voices heard, the harder it will be for them to log back in.

#FacebookDown is a Trend For Now, But Could Turn Into an IT Risk Management Nightmare

We just finished up the 30-minute webinar where Dr. Bill Curtis, our Chief Scientist, described some of the findings that are about to be published by CAST Research Labs. The CRASH (CAST Research on Application Software Health) report for 2014 is chock full of new data on software risk, code quality and technical debt. We expect the initial CRASH report to be produced in the next month, and based on some of the inquiries we’ve received so far, we will probably see a number of smaller follow-up studies come out of the 2014 CRASH data.

This year’s CRASH data that we saw Bill present is based on 1316 applications, comprising 706 million lines of code – a pretty large subset of the overall Appmarq repository.  This means the average application in the sample was 536 KLOC. We’re talking big data for BIG apps here. This is by far the biggest repository of enterprise IT code quality and technical debt research data. Some of the findings presented included correlations between the health factors – we learned that Performance Efficiency is pretty uncorrelated to other health factors and that Security is highly correlated to software Robustness. We also saw how the health factor scores were distributed across the sample set and the differences in structural code quality by outsourcing, offshoring, Agile and CMMI level.

CRASH Webinar: Code Quality Q & A Discussion
With the cost of U.S. data breaches increasing nine percent from last year, and the news of Target CEO Gregg Steinhafel announcing his resignation amidst the fallout of their massive credit card breach, every IT organization has software risk management top of mind in 2014.
Launch Party Wrap-Up: Software Risk Management Goes to Broadway

The current state of outsourced application development is a sorry state of affairs because of myriad software quality issues causing unprecedented glitches and crashes. It’s not that all outsourcers are making terrible software, rather, it’s that governments and organizations have no way of accurately measuring the performance, robustness, security, risk, and structural quality of the applications once they’ve been handed the keys.

CISQ Aims to Bring Software Quality Sanity Back to Federal Outsourcing