Most large IT organizations have some notion of their application portfolio. At least an inventory in a spreadsheet or a basic tracking tool. Very few, however, are able to assess the health of their application portfolio in order to drive rationalization and investment decisions. At an aggregate level, it’s difficult to get a sense of the size, relative complexity and overall quality benchmarks across the portfolio to compare applications. This is an area that CAST has researched extensively and has helped many organizations solve this problem.
Application portfolio analysis doesn't need to take years or require substantial investment. With CAST HIGHLIGHT you can inventory 100+ applications in a week, and monitor your portfolio over time to trend application size, risk, complexity, technical debt and software maintenance. It is a cloud-based solution, yet no code is uploaded to the cloud at any point in the analysis. There is no deployment process and no ongoing infrastructure, support, or configuration is needed.
Robustness is an indication of the likelihood that an application will incur defects, corrupt data or completely fail in production. Often referred to as "resilience", CAST's Robustness measure is based on industry best practices around algorithmic and control flow complexity, controlled data access at an architectural level, architectural object-oriented design, error and exception handling, and the level of coupling and inter-dependency. The Robustness measure also evaluates the ease with which an application can be tested for defects. CAST expresses the Robustness Health Factor as an index from 1 to 4, with 4 indicating the highest level of stability.
Why do companies measure software robustness?
Software
robustness has a direct impact on both customer satisfaction and business
continuity. Unstable applications can expose a company to significant financial
risk that range from revenue loss to litigation. Understanding how likely
an application is to fail and how to mitigate the risk of failure can improve
user experience and minimize negative impacts on the business. Recent CRASH
research has also shown empirical evidence that Robustness is highly correlated
to Security.
What are the benefits of improving software robustness?
While improving the robustness of critical business applications will reduce
incidents that impact user satisfaction, there are also several additional
benefits:
Efficiency is a measure of potential performance and scalability bottlenecks in software. While traditional functional testing can identify some performance issues in applications, most serious efficiency defects manifest in live usage. By using established industry best practices, CAST measures software efficiency by evaluating the complexity of SQL statements, memory management, and use of calls in loops and expensive routines within an application's code. The Efficiency Health Factor is expressed as an index from 1 to 4, with 4 indicating the highest level of efficiency.
Software that is not efficiently designed and coded will
not only leave users with a bad impression, but can also drag business productivity
down and contribute to higher maintenance costs. Software performance is
one of the most often cited reasons for low user satisfaction, and fixing
performance issues is not a small task, especially when the software is
complex and supports a key business function. Most organizations deal with
poor software efficiency by throwing hardware at the problem. In the world
of Cloud, that could mean much higher monthly utilization bills. By measuring
software efficiency, companies can gain greater control over how they manage
bad coding practices and address them before they become costly mistakes.
What are the benefits of increasing software efficiency?
Improving software efficiency can raise business productivity and lower
software and operational costs, as well as many other benefits:
Software risk measures the probability of adverse events due to software and the potential loss incurred by those events for a company. CAST measures risk by evaluating the violations of industry-based best practices within the code, components, and architecture of applications. Flaws in the software and violations of industry-based standards increases the chance of software to fail, perform below expectations, and be maliciously breached. These types of risks can negatively impact a company's revenue, costs, and reputation. CAST identifies critical flaws and violations of Robustness, Efficiency, and Security standards to help companies evaluate the inherent risks within their application portfolio.
Why do companies measure software risk?
In any risk
management program, first step is to evaluate and measure the level of risk
exposure. Often in software, it can be unclear how much and what types of
risk reside within code. Visibility into inherent software risks inside
the code and the architecture allows companies to evaluate levels of non-functional
risk and determine the best course of action to mitigate them.
What are the benefits of reducing software risk?
Managing technical debt is an opportunity for a company to gain control
over the quality and the cost of ownership of their enterprise software.
Specific benefits include:
Changeability is a software characteristic that measures how flexible and adaptable the application is when it is getting enhanced. If an application has low Changeability, that probably means it has a lot of spaghetti code, it's not very well structured, it's not well documented and it's overly complex. The primary reason why IT organizations are slow in responding to business needs is that most systems of record and differentiation, which need to support new business rules, have low Changeability. The Changeability Health Factor is expressed as an index from 1 to 4, with 4 indicating the most flexible application.
Why do companies measure software changeability?
IT organizations that want to increase their agility and responsiveness
to business start by looking at their complexity, technical debt, and Changeability.
Specifically, by improving the Changeability of their legacy systems through
corrective maintenance procedures, leading IT teams are able to set their
project teams up for faster cycle times wherever existing legacy systems
are part of the project.
What are the benefits of improving application changeability?
The biggest benefit to improving changeability is increasing future speed
of deliver. Other benefits include:
Transferability is a health factor that evaluates the ability for new teams or members of new teams to quickly understand and begin working with an application. Code that has high transferability exhibits things like good modularity, clarity, testability, and reusability. Often, issues of transferability don’t take the form of critical violations, but instead are the result of hundreds or thousands of minor violations from following best practices around documentation, complexity avoidance, and basic programming practices. These best practices make the difference between clean and easy to read code versus ugly and difficult to read code. The Transferability Health Factor is expressed as an index from 1 to 4, with 4 indicating the highest level of transferability.
Why Measure Transferability?Transferability is an important metric for two primary reasons:
The biggest benefits to improving Transferability are:
Software complexity is a key driver of the level of effort it takes to enhance or maintain an application. CAST measures software complexity by evaluating the level of cyclomatic complexity, essential complexity, SQL complexity, coupling and integration complexity using system-level static analysis. Complexity is expressed by CAST inside the application Health Factors of Changeability and Transferability. CAST also uses complexity measurements to estimate Technical Debt and Development Effort.
Why do companies measure software complexity?
While
some complexity is essential to the proper function of your applications,
all complexity, essential or accidental, invariably increases total cost
of ownership. By measuring complexity, IT leaders can estimate the cost
and effort needed to maintain or enhance an application more accurately,
pinpointing applications or components within an application that can be
simplified.
What are the benefits of reducing software complexity?
It is important to control the complexity of frequently enhanced applications.
Some of the benefits are:
Functional size is a standardized measure of the amount of business function within applications, expressed as function points. Function points are quantified by identifying transactional functions, which are a single user interaction with a data entity within the application, and evaluating of the complexity of that transaction. A transaction will typically account for several function points that span across multiple components, technology layers, and languages. CAST measures functional size using an automated method, Automated Function Points, based on a standard methodology developed by the Object Management Group (OMG).
Why do companies measure application functional size?
Application functional size can deliver valuable insights into an IT organizations
resource management, productivity, and the quality of their outputs. Because
function points are standardized, it allows IT leaders to compare teams
and suppliers assigned to different applications or portfolio groups on
a fair and even basis. For example, the cost per function point of different
applications can be compared to identify where resources of lacking or in
surplus. This type of analysis can be applied to both internal teams and
ADM services providers. Further, function points serve as normalizing unit
to evaluate the quality of software. For example, IT leader can divide the
number of reported defects by the number of function points in different
applications to compare their quality objective.
What are the benefits of automating functional sizing?
Automated functional sizing creates a path towards a standard unit of measure
within the enterprise's IT landscape. Specific benefits include:
Technical debt measures the accumulated amount of rework that is needed to correct or recover from mistakes made and short cuts taken during the development process. Not only an indication of cost and effort, technical debt also represents the level of risk post-production issues and increased cost of ownership within applications. CAST evaluates technical debt based on software flaws found in the application and violations of industry-accepted best practices, the contextual complexity of the objects where the violations incur, and the estimated cost of labor to rectify the violations. Technical Debt is expressed as a dollar amount, and can be analyzed at the portfolio, demographic group, or application level.
Why do companies measure software technical debt?
While it is natural for some technical debt to accumulate in business applications,
it is dangerous to ignore it. Very much like managing personal debt, or
a country's deficit, typically, companies take a first step by limiting
the technical debt incurred with new development or maintenance activities.
Once, technical debt is stabilized, skilled IT leaders will prioritize existing
technical debt to reduce. And, just like in finance, some technical debt
will have a bigger return when it is eliminated, while others may not provide
as much benefit.
What are the benefits of managing technical debt?
Managing technical debt is an opportunity for a company to gain control
over the quality and the cost of ownership of their enterprise software.
Specific benefits include:
Critical Violations are the violations or defects that are detected in an application that have a direct impact on the performance or potential performance of an application. Critical violations represent the most dangerous defects that must typically be addressed first to mitigate against the very real risk of a crippling outage, software failure, or security breach.
What do typical critical violations look like?Critical violations are often not just object or component-centric code violations. In many cases, a critical violation that impacts an application is a system-level defect. System-level critical violations are ones where the way that two components interact may have an enormous impact on the risk and security of the overall application. Thus, detecting critical violations often requires a real system-level analysis of the application.
The biggest benefits to addressing critical violations are: