Tag: Software Quality

Barbara Beech, an expert in the field of IT development for telecommunications companies, recently spoke to CAST in a video chat about her experience using software analysis and measurement as well as automated function points to gain visibility into IT vendor deliverables.

As a solution to gaining visibility into IT vendor deliverables, Beech points to the CAST Automated Function Points (AFP) capability – an automatic function points counting method that is based on rules defined by the International Function Point User Group (IFPUG). CAST automates the manual counting process by using the structural information retrieved by source code analysis, database structure and transactions.

VIDEO: IT Expert Calls Upon Automated Function Points for Vendor Management

Benjamin Rehberg, Partner and Managing Director of the Boston Consulting Group and former consultant for IBM Global Business Services, discusses the importance of both IT risk management and application portfolio management (APM) in a video conversation with CAST. He looks at the challenges for IT leaders, the need for software measurement and discusses how IT transformation can improve business operations.

IT RISK MANAGEMENT: A Conversation with BCG’s Benjamin Rehberg
Here is a post that discusses why and how product managers must access and manage technical debt. Technical debt often first considered as solely theory, until the pressures of time and customer desires create the need for compromise and quick and dirty shortcuts. Once the results of these pressures start to build up and create an amount of technical debt that demands a solution.
Technical Debt: A Framework for Product Managers

There’s an old adage in the IT industry – you can’t manage what you can’t measure. Knowing how complex an organization’s application portfolio is provides insight into how to manage it best. The problem is the issues that comprise software complexity – legacy system remnants, antiquated code, overwritten and rewritten code, the integration of formerly proprietary applications, et al – are the same things that make measuring it difficult.

With multiple system interfaces and complex requirements, the complexity of software systems sometimes grows beyond control, rendering applications and portfolios too costly to maintain and too risky to enhance. Left unchecked, software complexity can run rampant in delivered projects, leaving behind bloated, cumbersome applications. In fact, Alain April, an expert in the field of IT maintenance, has stated, “the act of maintaining software necessarily degrades it.”

Five Reasons You MUST Measure Software Complexity

As IT organizations face increasing demands from business, their IT systems have become increasingly complex. Today’s applications are typically a heterogeneous web of systems and software from an array of vendors and custom development.

Top 5 Reasons to Use Code Analysis Tools with Automation to Establish Vendor Management Metrics

Have you performed code analysis on your software recently? If not, you are in good company as many companies are failing to do the one thing that could improve their software security – making sure the software isn’t vulnerable to an attack to begin with.

Closing the Back Door thru Code Analysis

The Consortium for IT Software Quality (CISQ), will host an IT Risk Management and Cybersecurity Summit on March 24 at the OMG Technical Meeting at the Hyatt Regency Hotel in Reston, VA. The CISQ IT Risk Management and Cybersecurity Summit will address issues impacting software quality in the Federal sector, including: Managing Risk in IT Acquisition, Targeting Security Weakness, Complying with Legislative Mandates, Using CISQ Standards to Measure Software Quality, and Agency Implementation Best Practices.

CISQ Hosts IT Risk Management & Cybersecurity Summit

Companies seeking to reduce time to market while improving application quality, today usually choose between assigning application development projects to either in-house teams or outsourced system integrators (SI). However, the cost arbitrage of Global In-House Centers (GIC), better known in the industry as “Captives,” continues to provide advantages in cost competitiveness that cannot be overlooked

5 Keys to Optimizing Cost-Effectiveness of Captives

Two of my great fascinations since moving to Detroit 17 years ago are the Henry Ford Museum and the Greenfield Village in Dearborn. These two places truly capture America’s legacy of ingenuity, resourcefulness and innovation. The exhibits range from Presidential limousines to heroes of the sky and evolution of manufacturing as a science. However, in one obscure corner there’s the story of Gauge Blocks.

Lessons on software development from Henry Ford!
In this presentation by Kimber Lockhart, as part of the Hack Summit (the virtual conference for programers), she discusses what to do once you’ve inherited bad code. She speaks less about the source of bad code (low budget, high pressure to meet deadlines, company’s decision to hire poor developers) and more on the steps to fix and prevent this code. She does mention that not all bad code is because of technical debt, since for her tech debt comes from a conscious decision to write poor code, but this presentation does address how to get rid of it.
Inheriting Bad Code: How to Fix and Prevent it

CAST-heartbleed-linked-to-poor-code-qualityYou’d think that after news of the Heartbleed bug broke, every IT organization worth their salt would have immediately moved to start monitoring their structural robustness and code quality to protect their sensitive consumer data. And while many did, two months after Heartbleed was announced, more than 300,000 servers were still vulnerable.

Now, three months later, CAST Research Labs has found there is a direct link between the growing number of data breaches and security incidents, and poor code quality in consumer applications. The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

CAST Research Links Consumer Data Breaches Directly To Poor Code Quality

So, you’re ready to get started on building your own multi-language custom source code analyzer platform using open source components.  Your return estimates are still looking pretty good, even after taking into account the costs in our previous post, “6 Hidden Costs of Building Your Own Multi-Language Code Analyzer Platform”.

Well, we have a quick list of maintenance costs that you may not have considered.  So, before you break ground on that project, see if you thought of all these.

6 Hidden Costs of Maintaining an Open Source Code Analyzer Platform

Thinking about building your own multi-language custom source code analyzer platform using open source components?  Sure, the upsides seem to add up: no licensing fees, great customization ability, and an impressive new entry on your resume (making it even shinier).  Read that project charter once more before you sign it in ink, because our experience has shown it’s not quite that simple.

6 Hidden Costs of Building Your Own Open Source Code Analyzer Platform

It’s simple physics: a piece of application code gets caught in a logic loop, the CPU heats up as the increased throughput tries to make sense of the commands, the computer reacts by pumping more power to the motherboard and cooling system to keep everything up and running, and your electricity bill goes up.

CAST Tries To Save the Planet with Green IT Index

Last Thursday we had a fascinating discussion with Suresh Bala, the head of Application Management at Wipro, Diego LoGiudice of Forrester, and Dr. Bill Curtis, the Director of the Consortium for IT Software Quality. Diego presented the latest trends in IT organizations in reference to splitting their activities and applications into systems of engagement and systems of record. This has been the Forrester view on IT, or what they call Business Technology (BT), for some time now. The systems of engagement being the fast-moving, often mobile-based, applications that are meant to disrupt competition and engage the customer in new ways. The systems of record being the traditional backbone IT systems that manage the core enterprise data and business processes.

Webinar Q&A Follow Up: Quality and Velocity in Large IT Set-up
The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

  • 6 Hidden Costs of Maintaining an Open Source Code Analyzer Platform

    So, you’re ready to get started on building your own multi-language custom source code analyzer platform using open source components.  Your return estimates are still looking pretty good, even after taking into account the costs in our previous post, “6 Hidden Costs of Building Your Own Multi-Language Code Analyzer Platform”.

    Well, we have a quick list of maintenance costs that you may not have considered.  So, before you break ground on that project, see if you thought of all these.

  • Making The Case For Energy Efficient Code

  • 6 Hidden Costs of Building Your Own Open Source Code Analyzer Platform

    Thinking about building your own multi-language custom source code analyzer platform using open source components?  Sure, the upsides seem to add up: no licensing fees, great customization ability, and an impressive new entry on your resume (making it even shinier).  Read that project charter once more before you sign it in ink, because our experience has shown it’s not quite that simple.

  • Modernize QA with Automated Structural Quality Gates

  • CAST Tries To Save the Planet with Green IT Index

    It’s simple physics: a piece of application code gets caught in a logic loop, the CPU heats up as the increased throughput tries to make sense of the commands, the computer reacts by pumping more power to the motherboard and cooling system to keep everything up and running, and your electricity bill goes up.

  • Agile: The Eerie Similarities Between Climate and Agile

  • Webinar Q&A Follow Up: Quality and Velocity in Large IT Set-up

    Last Thursday we had a fascinating discussion with Suresh Bala, the head of Application Management at Wipro, Diego LoGiudice of Forrester, and Dr. Bill Curtis, the Director of the Consortium for IT Software Quality. Diego presented the latest trends in IT organizations in reference to splitting their activities and applications into systems of engagement and systems of record. This has been the Forrester view on IT, or what they call Business Technology (BT), for some time now. The systems of engagement being the fast-moving, often mobile-based, applications that are meant to disrupt competition and engage the customer in new ways. The systems of record being the traditional backbone IT systems that manage the core enterprise data and business processes.

  • -->