Integration has proven to be the most enlightening activity in exposing the architecturally significant risks in software development. Resolving architectural uncertainties earlier is paramount to reducing the burdens of the typical late-in-the-life-cycle rework that stifles agility.
Enterprise applications are made of multiple layers incorporating different components, software frameworks, heterogeneous technologies, and different languages and mobile, distributed & cloud computing is making applications even more complicated. Add to this the fact that most of today’s enterprise systems are an assembly of old legacy software with newly developed application code interacting with software packages from different vendors using different standards. Ultimately, what we find supporting mission critical business processes is a sophisticated, but extremely complex stack of technologies integrated into what we euphemistically call as software ‘product’ for which there is no overall design nor architecture.
Mission critical applications must be analyzed in the context of numerous interconnections among code components, databases, middleware, frameworks and APIs. This results in a holistic analysis of the structural quality of an application. System level analysis makes sense not just for developing high quality code, but it is very important for delivering business value.Table 1 compares the number of rules that are in CAST AIP and open source JEE analyzers that are applicable at different stages of the development cycle. Research shows that 90% of defects found in production and 60% of defects found in QA are related to cross component or cross technology interactions. Even though at initial glance open source analyzers might seem to have higher number of rules, majority of these (1100) are directly related to basic code hygiene, which is important for long term maintainability, but may not directly result in defects. Of the remaining more than 400 rules are only useful to identify component level defects at the developer IDE.
More importantly, research shows that the cost of fixing these defects in production is exponentially higher. Not to mention the damage some of the fatal failures can cause to the business, which can even threaten the very existence of the company.
Software Analysis & Measurement solutions come with different capabilities, ranging from developer-centric tools to enterprise-wide solutions. It is important to understand that there are two broad categories of solutions that measure software structural quality. The first category measures code quality of individual components at unit level, which are language-specific and narrowly focused. The second category measures system level quality, in addition to analyzing the code at component level. This second category of solutions is also involved in the analysis of how components interact with one another across multiple layers (UI, logic and data) and across multiple technologies. The exact same piece of code can be safe and of excellent quality or highly dangerous, depending on its interaction with other components.