What CAST measures

Most large IT organizations have some notion of their application portfolio. At least an inventory in a spreadsheet or a basic tracking tool. Very few, however, are able to assess the health of their application portfolio in order to drive rationalization and investment decisions. At an aggregate level, it’s difficult to get a sense of the size, relative complexity and overall quality benchmarks across the portfolio to compare applications. This is an area that CAST has researched extensively and has helped many organizations solve this problem.

Application portfolio analysis doesn't need to take years or require substantial investment. With CAST HIGHLIGHT you can inventory 100+ applications in a week, and monitor your portfolio over time to trend application size, risk, complexity, technical debt and software maintenance. It is a cloud-based solution, yet no code is uploaded to the cloud at any point in the analysis. There is no deployment process and no ongoing infrastructure, support, or configuration is needed.

Robustness is an indication of the likelihood that an application will incur defects, corrupt data or completely fail in production. Often referred to as "resilience", CAST's Robustness measure is based on industry best practices around algorithmic and control flow complexity, controlled data access at an architectural level, architectural object-oriented design, error and exception handling, and the level of coupling and inter-dependency. The Robustness measure also evaluates the ease with which an application can be tested for defects. CAST expresses the Robustness Health Factor as an index from 1 to 4, with 4 indicating the highest level of stability.

Why do companies measure software robustness?
Software robustness has a direct impact on both customer satisfaction and business continuity. Unstable applications can expose a company to significant financial risk that range from revenue loss to litigation. Understanding how likely an application is to fail and how to mitigate the risk of failure can improve user experience and minimize negative impacts on the business. Recent CRASH research has also shown empirical evidence that Robustness is highly correlated to Security.

What are the benefits of improving software robustness?
While improving the robustness of critical business applications will reduce incidents that impact user satisfaction, there are also several additional benefits:

  • Improve customer satisfaction
  • Extend business continuity
  • Reduce support and defect recovery costs
  • Help make the software more secure
  • Maximize revenue generation opportunities

Efficiency is a measure of potential performance and scalability bottlenecks in software. While traditional functional testing can identify some performance issues in applications, most serious efficiency defects manifest in live usage. By using established industry best practices, CAST measures software efficiency by evaluating the complexity of SQL statements, memory management, and use of calls in loops and expensive routines within an application's code. The Efficiency Health Factor is expressed as an index from 1 to 4, with 4 indicating the highest level of efficiency.

Software that is not efficiently designed and coded will not only leave users with a bad impression, but can also drag business productivity down and contribute to higher maintenance costs. Software performance is one of the most often cited reasons for low user satisfaction, and fixing performance issues is not a small task, especially when the software is complex and supports a key business function. Most organizations deal with poor software efficiency by throwing hardware at the problem. In the world of Cloud, that could mean much higher monthly utilization bills. By measuring software efficiency, companies can gain greater control over how they manage bad coding practices and address them before they become costly mistakes.

What are the benefits of increasing software efficiency?
Improving software efficiency can raise business productivity and lower software and operational costs, as well as many other benefits:

  • Improve the behavior of customer-facing applications
  • Reduce post-production code maintenance costs
  • Reduce hardware procurement and maintenance costs

Software risk measures the probability of adverse events due to software and the potential loss incurred by those events for a company. CAST measures risk by evaluating the violations of industry-based best practices within the code, components, and architecture of applications. Flaws in the software and violations of industry-based standards increases the chance of software to fail, perform below expectations, and be maliciously breached. These types of risks can negatively impact a company's revenue, costs, and reputation. CAST identifies critical flaws and violations of Robustness, Efficiency, and Security standards to help companies evaluate the inherent risks within their application portfolio.

Why do companies measure software risk?
In any risk management program, first step is to evaluate and measure the level of risk exposure. Often in software, it can be unclear how much and what types of risk reside within code. Visibility into inherent software risks inside the code and the architecture allows companies to evaluate levels of non-functional risk and determine the best course of action to mitigate them.

What are the benefits of reducing software risk?
Managing technical debt is an opportunity for a company to gain control over the quality and the cost of ownership of their enterprise software. Specific benefits include:

  • Introduce risk-based decisions around software launch and project status
  • Raise customer satisfaction
  • Reduce costly rework
  • Improve financial position of the company

Changeability is a software characteristic that measures how flexible and adaptable the application is when it is getting enhanced. If an application has low Changeability, that probably means it has a lot of spaghetti code, it's not very well structured, it's not well documented and it's overly complex. The primary reason why IT organizations are slow in responding to business needs is that most systems of record and differentiation, which need to support new business rules, have low Changeability. The Changeability Health Factor is expressed as an index from 1 to 4, with 4 indicating the most flexible application.

Why do companies measure software changeability?
IT organizations that want to increase their agility and responsiveness to business start by looking at their complexity, technical debt, and Changeability. Specifically, by improving the Changeability of their legacy systems through corrective maintenance procedures, leading IT teams are able to set their project teams up for faster cycle times wherever existing legacy systems are part of the project.

What are the benefits of improving application changeability?
The biggest benefit to improving changeability is increasing future speed of deliver. Other benefits include:

  • Faster response to business demands and shorter time to market
  • Lower maintenance costs
  • Lower sourcing costs
  • More predictable project estimates

Transferability is a health factor that evaluates the ability for new teams or members of new teams to quickly understand and begin working with an application. Code that has high transferability exhibits things like good modularity, clarity, testability, and reusability. Often, issues of transferability don’t take the form of critical violations, but instead are the result of hundreds or thousands of minor violations from following best practices around documentation, complexity avoidance, and basic programming practices. These best practices make the difference between clean and easy to read code versus ugly and difficult to read code. The Transferability Health Factor is expressed as an index from 1 to 4, with 4 indicating the highest level of transferability.

Why Measure Transferability?

Transferability is an important metric for two primary reasons:

  • As your application evolves, typically the teams working on them will evolve as well, so supporting that movement of development work is important
  • For outsourced work, it is important to understand how easily your own team or other vendors will be able to understand and maintain the code if/when your vendor relationship ends
What are the Benefits of Improving Transferability?

The biggest benefits to improving Transferability are:

  • Improve efficiency when adjusting team compositions and size
  • Improve the productivity of your team as they take over or begin supporting an existing code base (learning curve)
  • Reduce vendor lock-in risk
  • Make it easier for developers to move to new projects

Software complexity is a key driver of the level of effort it takes to enhance or maintain an application. CAST measures software complexity by evaluating the level of cyclomatic complexity, essential complexity, SQL complexity, coupling and integration complexity using system-level static analysis. Complexity is expressed by CAST inside the application Health Factors of Changeability and Transferability. CAST also uses complexity measurements to estimate Technical Debt and Development Effort.

Why do companies measure software complexity?
While some complexity is essential to the proper function of your applications, all complexity, essential or accidental, invariably increases total cost of ownership. By measuring complexity, IT leaders can estimate the cost and effort needed to maintain or enhance an application more accurately, pinpointing applications or components within an application that can be simplified.

What are the benefits of reducing software complexity?
It is important to control the complexity of frequently enhanced applications. Some of the benefits are:

  • Decrease maintenance and enhancement cost and effort
  • Speed up time-to-market and time-to-value
  • Respond faster to business and market demands
  • Introduce enhancements at higher quality

Functional size is a standardized measure of the amount of business function within applications, expressed as function points. Function points are quantified by identifying transactional functions, which are a single user interaction with a data entity within the application, and evaluating of the complexity of that transaction. A transaction will typically account for several function points that span across multiple components, technology layers, and languages. CAST measures functional size using an automated method, Automated Function Points, based on a standard methodology developed by the Object Management Group (OMG).

Why do companies measure application functional size?
Application functional size can deliver valuable insights into an IT organizations resource management, productivity, and the quality of their outputs. Because function points are standardized, it allows IT leaders to compare teams and suppliers assigned to different applications or portfolio groups on a fair and even basis. For example, the cost per function point of different applications can be compared to identify where resources of lacking or in surplus. This type of analysis can be applied to both internal teams and ADM services providers. Further, function points serve as normalizing unit to evaluate the quality of software. For example, IT leader can divide the number of reported defects by the number of function points in different applications to compare their quality objective.

What are the benefits of automating functional sizing?
Automated functional sizing creates a path towards a standard unit of measure within the enterprise's IT landscape. Specific benefits include:

  • Accelerates measurement standardization
  • Less costly and faster than manual function point counting
  • Standardized methodology between all applications, regardless of supplier or team
  • More options and capabilities in the measurement process

Technical debt measures the accumulated amount of rework that is needed to correct or recover from mistakes made and short cuts taken during the development process. Not only an indication of cost and effort, technical debt also represents the level of risk post-production issues and increased cost of ownership within applications. CAST evaluates technical debt based on software flaws found in the application and violations of industry-accepted best practices, the contextual complexity of the objects where the violations incur, and the estimated cost of labor to rectify the violations. Technical Debt is expressed as a dollar amount, and can be analyzed at the portfolio, demographic group, or application level.

Why do companies measure software technical debt?
While it is natural for some technical debt to accumulate in business applications, it is dangerous to ignore it. Very much like managing personal debt, or a country's deficit, typically, companies take a first step by limiting the technical debt incurred with new development or maintenance activities. Once, technical debt is stabilized, skilled IT leaders will prioritize existing technical debt to reduce. And, just like in finance, some technical debt will have a bigger return when it is eliminated, while others may not provide as much benefit.

What are the benefits of managing technical debt?
Managing technical debt is an opportunity for a company to gain control over the quality and the cost of ownership of their enterprise software. Specific benefits include:

  • Improve the key quality aspects of applications: resiliency, performance, security, and complexity
  • Reduce total cost of ownership by minimizing complexity
  • Improve developer performance by education on how to minimize new technical debt

Critical Violations are the violations or defects that are detected in an application that have a direct impact on the performance or potential performance of an application. Critical violations represent the most dangerous defects that must typically be addressed first to mitigate against the very real risk of a crippling outage, software failure, or security breach.

What do typical critical violations look like?

Critical violations are often not just object or component-centric code violations. In many cases, a critical violation that impacts an application is a system-level defect. System-level critical violations are ones where the way that two components interact may have an enormous impact on the risk and security of the overall application. Thus, detecting critical violations often requires a real system-level analysis of the application.

Identify Possible Erratic Behavior identify-possible-erratic-behavior
Identify Possible Security Breaches identify-possible-security-breaches
What are the Benefits of Addressing Critical Violations?

The biggest benefits to addressing critical violations are:

  • Improved security of an application
  • Greater application performance
  • Reduced risk of outages and downtime