Category Archives: CAST News

An Open Letter to BATS’ Chris Isaacson

Author: Danielle Azzara
Posted on by
Leave a reply

Every time a Wall Street firm’s trading software goes rogue, or an international bank’s back-end IT hiccups, leaving customers stranded, an audible groan rises from our offices. We’re frustrated because we’re tired of seeing common — and preventable — mistakes slip through the cracks in what are supposed to be world-class software development organizations.
Our goal is to let these organizations know just how easy it could be to improve the resiliency, security and performance of their enterprise systems. To that end, we’ve released an open letter to Chris Isaacson, the Chief Operating Officer at BATS Global Markets offering a five-point plan, as well as some friendly advice, on how to avoid future errors.
There’s no end of examples that show it only takes seconds for a faulty software system to squash your market value. Don’t make the same mistake twice. If I might borrow some wise words from history — “Those who cannot remember the past are condemned to repeat it.”
The full text of our open letter is below:
TO: Chris Isaacson
Senior Vice President, Chief Operating Officer
BATS Global Exchange
FROM: Philippe Guerin
Head of Solution Engineering for North America
CAST
DATE: February 5, 2013
SUBJECT: Recent BATS Software Glitch
The recent events at BATS were regrettable but avoidable. Unlike last year outages, which cost your CEO his job and cancelled your IPO, we do not want these latest IT issues to become forgettable. Enough is enough. As experts in software analysis and measurement, we wanted to offer some friendly advice on how to avoid a recurrence of this latest error which will no doubt prove to be a costly issue.
If, as the Wall Street Journal alleges, these structural code defects ‘…went undetected for four years, violating securities laws and allowing hundreds of thousands of bad trades to be executed’, there is need for some urgent action. Here is our five point plan:
STABILIZE

1. Know your existing code – Perform structural quality inspections for all business critical code. This should happen once for the existing live system and during early development for all new code.
2. Enforce discipline – Create and adhere to a process of test cases for all new integrations, sorted by transaction-based risk priority.

HARDEN

3. Think big picture – Use application quality analysis to hunt down potential code quality issues at the system level, not just the unit level. Functional tests, Load and Stress testing are complementary to check for scalability on ‘Go Live’, but not adequate protection to ensure system robustness.

OPTIMIZE

4. Don’t overcommit – Ensure there are no shortcuts in your ‘commitment process’. Have sufficient project management so your developers are not following a chaotic ‘death march’.
5. Go configure – All of the work above will not bring long term benefit, unless you retain strict configuration control of the source code of your system, and mandate structure analysis along the way.

Not unsurprisingly many of the world’s most IT-dependent organizations including Governments, major Financial Institutions and Telecom providers use CAST to help solve the sorts of issues which have dogged BATS in the last year. Feel free to reach out to us, or you can use internal resources too, but please believe me when I borrow some wise words — “Those who cannot remember the past are condemned to repeat it.” Twice already is too much.

Show your love for Java

Author: Danielle Azzara
Posted on by
Leave a reply


Ask a dozen techies about the best programming language and you’ll likely end up with 13 opinions, and a few objects might get thrown. But has your love of your programming tools ever won you anything other than an argument? Well, now’s your chance!
We’re running a Facebook contest to find out which Java framework (if any) you prefer, and why. When the contest ends March 12, 2013, we will randomly select one name out of the proverbial hat to win a brand new Kindle Fire HD with an 8.9” display.
So what are you waiting for? Hop on over to our Facebook page, click on the Java Sweeps tab, like us, and tell us the framework you think is best.
Good luck!

C-suite: It’s time to get techy

Author: Lev Lesokhin
Posted on by
Leave a reply

If you’re snickering at the idea of your CIO talking Java (or any programming language for that matter), trust us, you’re not alone. However, CIOs can no longer afford to be in the dark about their IT team’s choice of programming language and tools.
Initial results from CAST’s most recent CRASH report, released today, reveals which enterprise Java framework delivers the most secure and reliable applications. With this information, C-suite executives can better understand how choices made in IT can impact the security and reliability of enterprise applications.

 
Click over to read the initial results released this morning, or sign up for our webinar on Jan. 29, Java Applications and Coffee: The Variations are Endless, to take a deeper dive into the research.
 

Lev Sits Down with ComputerWeekly to Discuss the Outsourcing of Software Testing

Author: Lev Lesokhin
Posted on by
Leave a reply

Did the press club have a meeting? Because this is the second time in two weeks that we’ve been in the press.
Last week, I spoke with Business Insider in response to Marc Cuban’s comments about the NYSE’s role in high frequency trading. And this week, I sat down with Karl Flinders at ComputerWeekly.com to discuss some other issues surrounding application outsourcing and outsourced QA. Karl does a nice job summarizing some key points in a crisp way. The story ran today, and we wanted to share it with everyone to help raise awareness about how systematic analysis of your applications can improve our ability to work with outsourcing partners, and our risk profile.

 

The Evolution and Career Path of the CIO

Author: Justin Cerilli
Posted on by
Leave a reply

There’s been a lot of debate in the news and social networks about what’s in store for future CIOs. Oddly, pundits are in on the act, attempting to define exactly what we mean by CIO. Regardless of the title, the fact is that CIOs live on the knife’s edge of innovation, and today, that blade has never been sharper.
I’ll be talking about this at length in a webinar, The Evolution and Career Path of The CIO, which I encourage you to attend. Today, I wanted to offer some insight into what I’ll be covering and the impact of the changing role of the CIO.
The CIOs of Old
In the past, CIOs were measured creatively. That is, if the software they developed was on time and on budget, they got a pat on the back. Now, because of the pervasiveness of technology, CIOs can be measured in terms of business impacts, customer insights, and enabling business growth through the optimization of people, process, technology, and data & analytics. Anyone looking to carve their path to the CIOs chair can’t afford to be reactive to the business strategy. They need to be proactive, strategic, and a spot-on culture fit.
The typical path to CIO usually started in application development and gradually worked toward the CIO role. But now, we’re seeing CIOs coming from finance, and even HR. That’s because technical skills are becoming less of a priority, as top-level management want the CIO to keep their teams productive and build relationships with customers.
CIOs of the Future
While the next generation of CIOs will still likely come from the world of application development, they will need to better understand how to measure themselves in terms of their business impact.
Because of this, the prioritization of skills and competencies for CIOs has shifted from focusing on deliverables and cost, to focusing on customer analytics and business growth. IT organizations now are not only managing risk and cost, but they’re managing the business outcomes. And they’re doing all of this with less budget and staff, making the tools and assets that manage risk and cost critical to the business.
Speed is also becoming a main driver for every IT organization, and CIOs are being asked to increase their speed to market, speed to solution, and speed to understanding their customers through an improved digital strategy.
The CIO will always be measured against two factors: time and budget. That will never change. But who would have guessed that simply adding “driving business outcomes” into the mix would radically alter what CIOs need to be prepared for?
It’s a catch-22 in some ways. You could hire a non-technical CIO that knows the business but might not deliver the meat and potatoes in terms of great products and services. Or you could grab a techy CIO whose products are innovative, but who lacks the business acumen to drive results. But regardless of your choice, your CIO is going to have big shoes to fill.
How do you see the role of the CIO evolving? Do you have your career path to the CIO mapped out? Sign up for my webinar, The Evolution and Career Path of the CIO, for the answers to these questions and more to help you start your roadmap to the CIO.

The Gold Medal for Last Place

Author: Lev Lesokhin
Posted on by
Leave a reply

Who hasn’t been waking up early and staying up late to catch every second of action at the 2012 Summer Olympics in London?
The Olympics, of course, are airing on NBC in what is the first social media Olympics in history. But some of you might be old enough to remember when ABC “owned” the Olympics, and their motto for ABC Sports was “The thrill of victory and the agony of defeat.
Certainly the Olympics is all about winning, but we thought it would be fun to look at the agony of defeat — not only in the Olympics, but in software development.
So to do that, we created The Geek Games: The Battle for Last Place. Clearly the folks over at ReadWriteWeb got the joke because it ran our infotoon on its front page.
 

Vault over to ReadWriteWeb to check out what it has to say about the cartoon. And don’t forget to download a copy for yourself and share it around with your teams and any of your social handles to spread the Olympic fun.
 

The Federal Government’s Dark Cloud

Author: Lev Lesokhin
Posted on by
Leave a reply

I wrote before about the time bombs that exist in the government’s cloud migration strategy. And while I was reading an article on Wired Cloudline about this very issue, those same points were running through my head.
And since the Government Accountability Office recently reported that federal agencies were struggling to meet the cloud mandate, I thought it was important to inform Wired’s readers as to the difficulties of moving legacy systems to the cloud.
So I fired off a note to the editor offering some additional opinions on the topic he was writing about. And to my surprise, he asked me to turn it into an article. This is the result.

Let me know what you think. Are there any other issues you see in the government’s cloud migration strategy?