Category: Risk & Security

System Level Analysis Keeps Coca-Cola Smiling Webinar Recap
Stephanie W.
Dec 11, 2014
Software Quality In Action Forum: Confronting IT Risk & Cost
Stephanie W.
Sep 25, 2014
Software Risk Infographic: The IT Industry is Blind to Their Lurking Brand Problem
Stephanie W.
Aug 28, 2014
CAST Discusses Software Risk and Measuring Development Productivity in Belgium
Stephanie W.
Jul 15, 2014
Wall Street IT Execs: Don’t Ignore Software Risk
Stephanie W.
Jun 26, 2014
Executive IT Decision Making: Am I Properly Measuring IT Risk?
Stephanie W.
Jun 25, 2014
#FacebookDown is a Trend For Now, But Could Turn Into an IT Risk Management Nightmare

When the entire Facebook platform -- including mobile, web, and third party apps -- went down last week, users took to Twitter hashtag #FacebookDown in a blind panic to lament the social media outage. Though these outages might seem harmless and commonplace, Facebook’s reputation rides on their users’ ability to log onto Facebook from anywhere, at any time. And the more Facebook users have to turn to Twitter or other social networks to have their online voices heard, the harder it will be for them to log back in.

Pete Pizzutillo
Jun 24, 2014
CRASH Webinar: Code Quality Q & A Discussion

We just finished up the 30-minute webinar where Dr. Bill Curtis, our Chief Scientist, described some of the findings that are about to be published by CAST Research Labs. The CRASH (CAST Research on Application Software Health) report for 2014 is chock full of new data on software risk, code quality and technical debt. We expect the initial CRASH report to be produced in the next month, and based on some of the inquiries we’ve received so far, we will probably see a number of smaller follow-up studies come out of the 2014 CRASH data.

This year’s CRASH data that we saw Bill present is based on 1316 applications, comprising 706 million lines of code – a pretty large subset of the overall Appmarq repository.  This means the average application in the sample was 536 KLOC. We’re talking big data for BIG apps here. This is by far the biggest repository of enterprise IT code quality and technical debt research data. Some of the findings presented included correlations between the health factors – we learned that Performance Efficiency is pretty uncorrelated to other health factors and that Security is highly correlated to software Robustness. We also saw how the health factor scores were distributed across the sample set and the differences in structural code quality by outsourcing, offshoring, Agile and CMMI level.

Lev Lesokhin
May 20, 2014
Launch Party Wrap-Up: Software Risk Management Goes to Broadway
With the cost of U.S. data breaches increasing nine percent from last year, and the news of Target CEO Gregg Steinhafel announcing his resignation amidst the fallout of their massive credit card breach, every IT organization has software risk management top of mind in 2014.
Stephanie W.
May 12, 2014
CISQ Aims to Bring Software Quality Sanity Back to Federal Outsourcing

The current state of outsourced application development is a sorry state of affairs because of myriad software quality issues causing unprecedented glitches and crashes. It’s not that all outsourcers are making terrible software, rather, it’s that governments and organizations have no way of accurately measuring the performance, robustness, security, risk, and structural quality of the applications once they’ve been handed the keys.

Lev Lesokhin
Mar 24, 2014
Application Risk Management: Good Software Architecture is Good Business

The software architecture is one of the most important artifacts created in the lifecycle of an application. Architectural decisions directly impact the achievement of business goals, as well as functional and quality requirements. Yet once the architecture has been designed, most architectural descriptions are seldom verified or maintained over time. Architecture compliance checking is a sound application risk management strategy that can detect deviations between the intended architecture and the implemented architecture.

Pete Pizzutillo
Dec 20, 2013
Software Risk: 3 Things Every IT Manager Must Know About A Risk-Based Testing Model

Because the world of software development is so incredibly complex and modular, quality assurance and testing for software risk has become costly, time-consuming, and at times, inefficient. That’s why many organizations are turning towards a risk-based testing model that can identify problem areas in the code before it’s moved from development to testing. But be careful, because hidden risks can still exist if you don’t implement the model properly throughout your organization.

Kate Slick
Dec 6, 2013
Software Risk Goes to Washington

As technology increasingly becomes the backbone of business, it is also becoming the single most expensive asset within any organization—bringing the topic straight to the boardroom. What most of us may not appreciate is that the custom software being built for enterprises has surpassed a threshold of complexity that would allow for any one person to understand an entire mission-critical system. And, unlike any other part of our critical infrastructure, there is no single manager who is responsible and accountable for the integrity of a company’s software backbone.

Lev Lesokhin
Aug 8, 2013
Does code quality really help the business?

Most organizations have started to realize that code quality is an important root cause to many of their issues, whether it’s incident levels or time to value. The growing complexity of development environments in IT -- the outsourcing, the required velocity, the introduction of Agile -- have all raised the issue about code quality, sometimes to an executive level.

Business applications have always been complex. You can go back to the 70s, even the 60s, and hear about systems that have millions of lines of code. But here’s the rub: In those days it was millions of lines of COBOL or some other language. But it was all one language. All one system. All one single application in a nice, neat, tidy package.

Pete Pizzutillo
May 6, 2013
Why good architecture is a synonym of cost reduction
Narcisa Zysman
Feb 1, 2013
Reduce Software Risk through Improved Quality Measures with CAST, TCS and OMG

I had the pleasure of moderating a panel discussion with Bill Martorelli, Principal Analyst at Forrester Research Inc; Dr. Richard Mark Soley, Chairman and CEO of Object Management Group (OMG); Siva Ganesan, VP & Global Head of Assurance Services at Tata Consultancy Services (TCS); and Lev Lesokhin, EVP, Strategy & Market Development at CAST.

Pete Pizzutillo
Dec 12, 2012
Estimating the Hidden Costs of Cost Estimation
Pete Pizzutillo
Nov 27, 2012
The Holy Grail: Objective risk level estimation

In my last post we discussed the complimentary nature of remediation cost and risk level assessment. As a follow up, I wanted to dwell on the objective risk level assessment. Is it even possible? If not, how close to it can we get? How valuable is an estimation of the risk level? Could it be the Holy Grail of software analysis and measurement? Or is it even worth the effort?

Philippe Emmanuel Douziech
Nov 19, 2012
Don't Underestimate the Impact of Data Handling
Jerome Chiampi
Sep 28, 2012
Why Performance Engineering Isn't Enough

I’ve been asked time and again how CAST is different from performance engineering. And here’s my answer: The CAST discipline of software analysis and measurement versus performance engineering couldn’t be more different. And I’ll explain why and how in a moment. But along with that, it should be noted that they also are like peanut butter and chocolate -- they can go very well together.

Lev Lesokhin
Sep 26, 2012

  • Why good architecture is a synonym of cost reduction

    Feb 1, 2013, 15:59 PM by Narcisa Zysman

  • Reduce Software Risk through Improved Quality Measures with CAST, TCS and OMG

    Dec 12, 2012, 08:47 AM by Pete Pizzutillo

    I had the pleasure of moderating a panel discussion with Bill Martorelli, Principal Analyst at Forrester Research Inc; Dr. Richard Mark Soley, Chairman and CEO of Object Management Group (OMG); Siva Ganesan, VP & Global Head of Assurance Services at Tata Consultancy Services (TCS); and Lev Lesokhin, EVP, Strategy & Market Development at CAST.

  • Estimating the Hidden Costs of Cost Estimation

    Nov 27, 2012, 15:45 PM by Pete Pizzutillo

  • The Holy Grail: Objective risk level estimation

    Nov 19, 2012, 15:33 PM by Philippe Emmanuel Douziech

    In my last post we discussed the complimentary nature of remediation cost and risk level assessment. As a follow up, I wanted to dwell on the objective risk level assessment. Is it even possible? If not, how close to it can we get? How valuable is an estimation of the risk level? Could it be the Holy Grail of software analysis and measurement? Or is it even worth the effort?

  • Don't Underestimate the Impact of Data Handling

    Sep 28, 2012, 16:10 PM by Jerome Chiampi

  • Why Performance Engineering Isn't Enough

    Sep 26, 2012, 13:24 PM by Lev Lesokhin

    I’ve been asked time and again how CAST is different from performance engineering. And here’s my answer: The CAST discipline of software analysis and measurement versus performance engineering couldn’t be more different. And I’ll explain why and how in a moment. But along with that, it should be noted that they also are like peanut butter and chocolate -- they can go very well together.

    • -->
    CAST Business Partner Day
    ×

    Get a Demo    •    Contact Us    •     Support    •     The Software Intelligence Pulse    •     Privacy Policy    •     SiteMap    •     Glossary    •     Archive

    Copyright - CAST | All Rights Reserved