Software Risk and Security in 2016

Software has always been risky business compared to more mature industries such as telecommunications and manufacturing. Historically, software has seen more canceled projects, higher costs and more frequent schedule overruns than any other industry.
Today in 2016 we are also on the forefront of receiving an increasing amount of cyber-attacks in many different forms such as denial of service, data theft, phishing and the like. Of course, other industries are also risk prone, such as banking and finance as seen by their many failures circa 2008. Indeed the insurance industry centers around risk and has developed sophisticated actuarial methods for predicting the costs of risks and when they will occur.

Software Complexity Is Killing Us

While you’re reading this article, if you come across words – and even sentences – that you don’t understand, there’s a high chance you feel like developers do when they’re looking at lines of code with a high level of nested complexity. A high level of software complexity can make it difficult to determine architectural hotspots where risk and cost emanate.

DevOps, Digital Transformation and IoT, ‘Oh My’!

Companies are waking up to the fact that the digital transformation journey is not a leisurely stroll. It’s more of a marathon sprint. Between externalization of processes and the Internet of Things (IoT) the need to increase “velocity” is becoming a key attribute of success. Yet the pressure to maintain cost effective solutions has not gone away. Big reasons today’s enterprises are accelerating digital transformation include:

Software Analytics, un estímulo para el éxito de negocio

Con motivo de nuestro 25 aniversario, el pasado 16 de junio tuvo lugar el primer User Workshop a nivel local, una sesión cuyo objetivo reside en crear una comunidad de usuarios de CAST AIP y mantener informados a los clientes de las novedades de nuestras soluciones.
¿Hacia dónde evolucionan las soluciones de CAST y cómo pueden influir en las organizaciones?, ¿Estoy optimizando el uso de CAST AIP en mi organización? En formato taller y para crear un ambiente dinámico y participativo se dio respuesta a esta y muchas otras inquietudes y experiencias de un grupo de usuarios de CAST AIP con el objetivo de extraer todo el valor y potencial que la herramienta puede aportar en cada organización y dependiendo del público al que se dirijan los resultados de análisis extraído.

Takeaways from the CAST Italy Summer User Group

CAST Italy users’ group conference
On June 22nd, CAST held its annual User Group in Italy, hosting software measurement professionals from major companies in the Banking, Insurance, Telco, Public Sector and IT Consulting industries for a four-hour working session. Attendees walked away from the event with a better understanding of best practices in establishing objective software measurement standards and creating better visibility in to application portfolios.
Among CAST Application Intelligence Platform presentations and updates regarding the new CISQ RFC for Automated Enhanced Points and its relationship with the AFP OMG standard, attendees also discussed software measurement in Agile and DevOps environments.

Security By Design

Le 15 Juin 2016, CAST a organisé un workshop au tour du sujet Security By Design à l’hôtel Hilton, Paris La Défense avec des intervenants de SOLUCOM, ATOS, BNP PARIBAS CARDIF et CAST en présence d’une trentaine de participants du secteur public, finance, énergie, éditeurs de logiciels, etc.
CAST security workshop
La sécurité des applications reste un enjeu majeur à la fois en termes de fréquence, de gravité et d’impact, non seulement pour le business mais également pour le DSI lui-même. Selon l’étude PWC “le nombre de cyber-attaques recensées a progressé en 2015 de 51% en France, alors que les budgets sécurité des entreprises françaises ont augmenté en moyenne de 29%, soit autant que les pertes financières estimées imputables à ces incidents (+ 28%)“. Plus particulièrement, les analystes précisent que les problèmes de sécurité sont à 75% liés à des failles d’architecture logicielle ou le « design » des applications, c’est-à-dire à la manière dont les composants et applications sont interconnectés.

Recap: Software Risk Summit 2016

Panel Discussion at the 2016 Software Risk Summit
Software risk has historically been overlooked as a security concern by business leaders, and companies have paid a high price as a result. Remember the JPMorgan hack of 2014? That cost the bank more than $6 billion. RBS has paid £231 million for their IT failures as of two years ago. The Target breach? The retailer posted a write down of $152 million. Or, more recently, Jeep controls being taken over by hackers, and a similar incident with Toyota-Lexus having to fix a software bug that disabled cars’ GPS and climate control systems? That costs the manufacturers valuable consumer confidence points and can seriously damage sales.
So I was thrilled to know that the topic for the first annual Software Risk Summit in New York was indeed just that, software risk. I had the pleasure of moderating the panel discussion with esteemed guests from BNY Mellon, the Software Engineering Institute at Carnegie Mellon, the Boston Consulting Group and CAST. But beforehand, I was able to sit-in on the keynote by Rana Foroohar.