Jonathan is an experienced writer with over 20 years writing about the Technology industry. Jon has written more than 750 journal and magazine articles, blogs and other materials that have been published throughout the U.S. and Canada. He has expertise in a wide-range of subjects within the IT industry including software development, enterprise software, mobile, database, security, BI, SaaS/Cloud, Health Care IT and Sustainable Technology. Jon holds a B.A. in History from Gettysburg College. He enjoys attending sporting events, cooking, studying American history and listening to Bruce Springsteen music.
Companies worldwide use SAP, but SAP by itself does not resolve all of an organizations issues. As a result, a number of organizations need to customize SAP applications to suit their purposes, but this has met with mixed results.
CAST today released the results of the 2014-2015 CRASH Report for SAP, which revealed more than half of those organizations opting to customize SAP applications have encountered increased application risk, additional software risk management costs and disruption of critical business processes.
In business, measurement is key. It’s not a new concept, of course, but it’s one that information technology has enabled to be implemented to a higher degree than ever before. Function point analysis is one of those areas where, like initiatives such as Six Sigma, the ability to measure can help insure ultimate success.
There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.
Over the past decade, advancements in static analysis tools from both commercial and open source communities have dramatically improved the detection of developer violations of good coding practices. The ability to detect these issues in coding practices provides the promise of better software quality.
Yet many of these static analysis tools cannot detect the critical violations that exist in multilayer architectures, across transactions and multi-technology systems. These are the violations that lead to 90% of a systems reliability, security and efficiency issues in production.
(Figure 1 illustrates these rules at the Unit and Technology/System Levels.)
CLICK THE IMAGE FOR A LARGER AND CLEARER VIEW.
For the last half-decade, a debate has raged over which project management method reigned supreme – Agile or Waterfall. To determine which held the advantage, some looked at the management techniques and fluidity with which projects were completed, others judged the debate by pointing to the structural quality of the applications being developed.
The growing problem of technical debt cannot be overlooked. InfoWorld Editor Eric Knorr recently highlighted the need for technical debt to be paid down, noting, “I wouldn’t be surprised to learn we’re now in the process of accumulating technical debt at historic rates.”
Technical debt is expected to exceed 1.5 million per business application.
Dr. Carol Woody of SEI was recently featured on a CISQ webinar about the correlation of software quality and software security. Her lessons on this topic highlight why software security cannot be something added after-the-fact, it must rather be factored into the development of software applications from the moment coding begins.
This is a lesson that companies such as Sony need to learn. While past breaches like the ones carried out by the LulzSec group in 2011, affected their customers and cost them dearly in terms of reputation and reparations, the one they suffered late last year hurt them much closer to home when cyber criminals breached Sony’s entire network and threatened to expose all stolen data.