Tag: code quality

Code Quality: CISQ Standards Create Roadmap for Better Software

Software glitches aren’t really news but now we’re seeing software flaws that can cost an organization over $100 million due to poor code quality. This past year we’ve seen major technical and retail brands suffer extensive financial and reputational damage from software disasters – driving software issues out of the back office and into the boardroom.

CAST Research Links Consumer Data Breaches Directly To Poor Code Quality

CAST-heartbleed-linked-to-poor-code-qualityYou’d think that after news of the Heartbleed bug broke, every IT organization worth their salt would have immediately moved to start monitoring their structural robustness and code quality to protect their sensitive consumer data. And while many did, two months after Heartbleed was announced, more than 300,000 servers were still vulnerable.

Now, three months later, CAST Research Labs has found there is a direct link between the growing number of data breaches and security incidents, and poor code quality in consumer applications. The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

6 Hidden Costs of Maintaining an Open Source Code Analyzer Platform

So, you’re ready to get started on building your own multi-language custom source code analyzer platform using open source components.  Your return estimates are still looking pretty good, even after taking into account the costs in our previous post, “6 Hidden Costs of Building Your Own Multi-Language Code Analyzer Platform”.

Well, we have a quick list of maintenance costs that you may not have considered.  So, before you break ground on that project, see if you thought of all these.

6 Hidden Costs of Building Your Own Open Source Code Analyzer Platform

Thinking about building your own multi-language custom source code analyzer platform using open source components?  Sure, the upsides seem to add up: no licensing fees, great customization ability, and an impressive new entry on your resume (making it even shinier).  Read that project charter once more before you sign it in ink, because our experience has shown it’s not quite that simple.

Software Risk: 3 Things Every IT Manager Must Know About A Risk-Based Testing Model

Because the world of software development is so incredibly complex and modular, quality assurance and testing for software risk has become costly, time-consuming, and at times, inefficient. That’s why many organizations are turning towards a risk-based testing model that can identify problem areas in the code before it’s moved from development to testing. But be careful, because hidden risks can still exist if you don’t implement the model properly throughout your organization.

Haste Makes Waste Again: Healthcare.gov Faces a Long and Expensive Recovery

We’re less than a month into the launch of HealthCare.gov, and as each day passes we’re finding out about more glitches, shoddy code quality, a lack of end-to-end testing, and rushed changes made days before the healthcare exchange was to go live. All of which are symptomatic of a software project being rushed to completion to meet a deadline without considering the implications of a botched launch.

Highlight Update Brings Rapid Portfolio Analysis to the Masses

Large and small enterprises have continually struggled with finding a way to manage the software risk inherent in their ever-increasing application portfolio. And now, in a year where companies such as NASDAQ, Knight Capital, American Airlines, and BATS have suffered costly and embarrassing IT failures, software risk is top of mind for every IT executive.

The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

  • 6 Hidden Costs of Maintaining an Open Source Code Analyzer Platform

    So, you’re ready to get started on building your own multi-language custom source code analyzer platform using open source components.  Your return estimates are still looking pretty good, even after taking into account the costs in our previous post, “6 Hidden Costs of Building Your Own Multi-Language Code Analyzer Platform”.

    Well, we have a quick list of maintenance costs that you may not have considered.  So, before you break ground on that project, see if you thought of all these.

  • 6 Hidden Costs of Building Your Own Open Source Code Analyzer Platform

    Thinking about building your own multi-language custom source code analyzer platform using open source components?  Sure, the upsides seem to add up: no licensing fees, great customization ability, and an impressive new entry on your resume (making it even shinier).  Read that project charter once more before you sign it in ink, because our experience has shown it’s not quite that simple.

  • Agile: The Eerie Similarities Between Climate and Agile

  • Software Quality: The Problem with Ignoring the Open Source Quality

    Securing open source - Lev Lesokhin spoke with CSO Online about how large IT organizations can secure their business critical applications from known vulnerabilities and shoddy software quality. Be sure to check...
  • CRASH Webinar: Code Quality Q & A Discussion

    We just finished up the 30-minute webinar where Dr. Bill Curtis, our Chief Scientist, described some of the findings that are about to be published by CAST Research Labs. The CRASH (CAST Research on Application Software Health) report for 2014 is chock full of new data on software risk, code quality and technical debt. We expect the initial CRASH report to be produced in the next month, and based on some of the inquiries we’ve received so far, we will probably see a number of smaller follow-up studies come out of the 2014 CRASH data.

    This year’s CRASH data that we saw Bill present is based on 1316 applications, comprising 706 million lines of code – a pretty large subset of the overall Appmarq repository.  This means the average application in the sample was 536 KLOC. We’re talking big data for BIG apps here. This is by far the biggest repository of enterprise IT code quality and technical debt research data. Some of the findings presented included correlations between the health factors – we learned that Performance Efficiency is pretty uncorrelated to other health factors and that Security is highly correlated to software Robustness. We also saw how the health factor scores were distributed across the sample set and the differences in structural code quality by outsourcing, offshoring, Agile and CMMI level.

  • Code Quality Infographic: You Are What You Code!

  • Software Risk: 3 Things Every IT Manager Must Know About A Risk-Based Testing Model

    Because the world of software development is so incredibly complex and modular, quality assurance and testing for software risk has become costly, time-consuming, and at times, inefficient. That’s why many organizations are turning towards a risk-based testing model that can identify problem areas in the code before it’s moved from development to testing. But be careful, because hidden risks can still exist if you don’t implement the model properly throughout your organization.

  • Investigating HealthCare.gov: What Went Wrong?

    The media has been a firestorm of ‘glitchy’ reporting since the botched launch of the Obama Administration’s healthcare exchange marketplace, mainly because no one’s quite sure what did or didn’t happened.

    If you missed it, the exchange’s Oct. 1st launch was mired with complaints, outages, and glitches. Many pundits and talking heads claimed that this was simply because of the enormous amount of Americans who were all trying to log into the brand new system. But we dived into the code to figure out what was actually going on, and what we found was much more nefarious.

  • Haste Makes Waste Again: Healthcare.gov Faces a Long and Expensive Recovery

    We’re less than a month into the launch of HealthCare.gov, and as each day passes we’re finding out about more glitches, shoddy code quality, a lack of end-to-end testing, and rushed changes made days before the healthcare exchange was to go live. All of which are symptomatic of a software project being rushed to completion to meet a deadline without considering the implications of a botched launch.

  • Executives, Management, and Testers: Are You Aligned?

    What draws me to Anaheim, Calif., in October is not the walking Disney characters (though there are plenty of those), but instead the STARWest, the West Coast’s largest conference on software testing analysis and review.

  • Highlight Update Brings Rapid Portfolio Analysis to the Masses

    Large and small enterprises have continually struggled with finding a way to manage the software risk inherent in their ever-increasing application portfolio. And now, in a year where companies such as NASDAQ, Knight Capital, American Airlines, and BATS have suffered costly and embarrassing IT failures, software risk is top of mind for every IT executive.

  • -->