Report: Numerous Coding Errors in Custom SAP Applications Increase Costs and Risks, Decrease Business Performance

Less-experienced coders, many without IT background, seen as culprits; basic coding violations seen in more than half of all instances

NEW YORK, June 11, 2015 – At a time that SAP is making a renewed push to simplify the use of its enterprise software, a new study reveals that too often, software developers writing customized, company-specific programs using SAP’s programming language are making junior-level coding errors.  Those violations, according to the report, complicate matters and jeopardize companies’ ability to deliver the kinds of business advantages that their customers are demanding.

CAST, the world leader in software analysis and measurement, issued the report.  The latest CRASH report (CAST Research on Application Software Health) focuses on SAP, examining the structural quality of almost 50 million lines of customized applications written in ABAP, SAP’s programming language.  The report says the analyzed software too often contained significant flaws, driving down business performance and increasing risk, while simultaneously incurring additional costs to companies’ bottom lines.

The research reveals a staggering number of applications are highly vulnerable, with companies exposing themselves to operational problems such as outages, performance degradation, unauthorized access or data corruption. Some of the other specific findings include:

  • Basic software engineering errors account for more than half of all violations. Many of the mistakes suggest that junior or inexperienced programmers are completing the work.
  • SAP customizations have more complexity issues than equivalent applications written in Java or C.
  • Overall, developers complied with ABAP coding rules only one-third of the time.

“Enterprise-level SAP customizations are far from simple,” said Dr. Bill Curtis, Chief Scientist at CAST. “Some require millions of lines of code and grow extremely complex. The more complex the code, the costlier it is to maintain and the longer it takes to add new functionality. That puts the business at a competitive disadvantage.”

The CAST CRASH report covers 78 SAP applications and data from 29 major organizations across eight different industry sectors, including manufacturing, government and retail. The study measures code on a scale of one to four, based on five areas: security; reliability; efficiency; changeability; and transferability. With the exception of security, at least one-quarter of all measurements fell below 3.0, CAST’s recommended minimal threshold for software safety.

“CAST’s report correctly emphasizes that the value of SAP implementations can easily be limited by customized applications that are poorly written by well-meaning developers,” said Thomas Justin, chairman of the New Jersey chapter of ASUG, the world’s largest independent SAP users' group.  “Precise analysis and measurement of these applications is critical to achieving maximum value from customizing SAP.”

“The agility of any business is directly tied to the quality of their code,” Curtis said. “Structural quality is often sacrificed for speed to deployment.  Yet structural weaknesses are root causes of security breaches, outages, and other business risks. Businesses can improve their competitive agility and reduce costs by managing the quality of their SAP customizations.”

A copy of the CAST CRASH report for SAP can be downloaded at

About CAST

CAST (Euronext: CAS) is the world leader in software analysis and measurement, with unique technology that introduces fact-based transparency into application development and sourcing, transforming it into a management discipline. More than 250 companies across all industry sectors globally rely on CAST to prevent business disruption while reducing their hard IT costs and software risk. CAST is an integral part of software delivery and maintenance at the world's leading IT service providers. Founded in 1990, CAST serves IT-intensive enterprises worldwide with offices in North America, Europe and India. 

For more information about CAST:

PR Contacts:
Katie Farrell