Finding the right tools for the right challenge The growing cost of most software development efforts can be traced back to one underlying cause – the lack of visibility into the software. As the size and system complexity grows for business critical applications — along with the complexity of sourcing environments — there is an increasing need for app owners, architects, and developers to truly understand their codebases. Without visibility into the implementation, it is hard for a developer to understand all the nuances of the code. This explains the disproportional amount of time that is needed for developers to identify the root cause of defects.
Most organizations have started to realize that code quality is an important root cause to many of their issues, whether it’s incident levels or time to value. The growing complexity of development environments in IT — the outsourcing, the required velocity, the introduction of Agile — have all raised the issue about code quality, sometimes to an executive level. Business applications have always been complex. You can go back to the 70s, even the 60s, and hear about systems that have millions of lines of code. But here’s the rub: In those days it was millions of lines of COBOL or some other language. But it was all one language. … Read More
We’ve made it a point on our blog to highlight the fact that software glitches in important IT systems — like NatWest and Google Drive — can no longer be “the cost of doing business” in this day and age. Interestingly, we’re starting to see another concerning trend: more and more crashes blamed on faulty hardware or network problems, while the software itself is ignored. It’s funny that the difference in incidents can be more than 10 times between applications with similar functional characteristics. Is it possible that the robustness of the software inside the applications has something to do with apparent hardware failures? I think I see a frustrated … Read More
The perimeter surrounding enterprise applications expanded exponentially since the birth of mobile and cloud, and IT security professionals are looking in all the wrong places to try and find a fix. Traditionally, organizations secured their data using a walled off perimeter — like the walls of a medieval castle — which contained a multitude of layers to help mitigate the risk of data compromise or exposure. The advent of mobile has altered that landscape dramatically, essentially opening up the front door of the castle and allowing that data to escape into unknown territory — the mobile device. I’ll be presenting a webinar on this subject, Managing Security Risks with the … Read More
These days, it doesn’t matter where I go or which media channel I watch, I hear about the same thing: cost reduction. From governments to households to companies, budgets are on a diet — saving is the new sacred word. Therefore, everyone must do more with much less. When it comes to companies, the first budget to shrink is usually the IT budget. But what can be cut, and how? Sometimes, entire projects are stopped. With luck, maybe only features will be abandoned. Sadly, lowering the cost to develop or maintain a project doesn’t lower customers’ expectations. In fact, those expectations increase as time passes and customers’ needs stay the … Read More
Static code analysis is used more and more frequently to improve application software quality. Management and development teams put specific processes in place to scan the source code (automatically or not) and control the architecture of the applications they are in charge of. Multiple analyzers are deployed to parse the files that are involved in application implementation and configuration, and they generate results like lists of violations, ranking indexes, quality grades, and health factors. Based on the information that is presented in dedicated tools like dashboards or code viewers, managers and team leaders can then decide which problems must be solved and the way the work has to be done. … Read More
Modern Integrated development environments (IDEs) are equipped with more and more tools to help developers code faster and better. Among these are plug-ins that allow developers to scan the source code for error-prone constructs, dangerous or deprecated statements, or practices that should be avoided. IDEs come in a variety of flavors — both free and commercial — but in all cases, developers can install them to improve the quality of the code they produce. Some organizations encourage their developers to explore and deploy such tools, but as any good app developer knows, there is a difference between installing an app and using it consistently. Installing a tool is one thing, … Read More