Recap: Software Risk Summit 2016

Panel Discussion at the 2016 Software Risk Summit
Software risk has historically been overlooked as a security concern by business leaders, and companies have paid a high price as a result. Remember the JPMorgan hack of 2014? That cost the bank more than $6 billion. RBS has paid £231 million for their IT failures as of two years ago. The Target breach? The retailer posted a write down of $152 million. Or, more recently, Jeep controls being taken over by hackers, and a similar incident with Toyota-Lexus having to fix a software bug that disabled cars’ GPS and climate control systems? That costs the manufacturers valuable consumer confidence points and can seriously damage sales.
So I was thrilled to know that the topic for the first annual Software Risk Summit in New York was indeed just that, software risk. I had the pleasure of moderating the panel discussion with esteemed guests from BNY Mellon, the Software Engineering Institute at Carnegie Mellon, the Boston Consulting Group and CAST. But beforehand, I was able to sit-in on the keynote by Rana Foroohar.

Application Security in the Internet of Things

High-capacity network bandwidth has become more widely available, and we have quickly tapped into every last inch of its capacity. More devices are built with wi-fi capabilities, the costs of mobile devices are going down and smartphones are in the hands of more people than ever before. In fact, Apple might have already exhausted the market and is seeing drastically lower sales forecasts for the iPhone.
We are moving into an era in which virtually any device will connect to the Internet. Phones, fitness trackers, dishwashers, televisions, espresso machines, home security systems, cars. The list goes on. Analyst firm Gartner estimates that over 20 billion connectable devices will exist worldwide by 2020. Welcome to IoT—the Internet of Things. A giant network of connectable things.

What Went Wrong at Google – Software Robustness Remains a Struggle

In April, Google experienced a fairly significant cloud outage, but it was hardly news at all. In fact, it was likely the most widespread outage to hit a major public cloud to-date. The lack of coverage is strange, considering the industry’s watchful eyes like Brian Krebs and others. The even more recent Salesforce service outage seems to have received more attention. But despite the fact that Google seems to have gotten away with a “pass” this time, the glitch brings renewed attention to the fact that tech players large and small are continuing to deal with software robustness issues.
Google Compute Engine was down for a full 18 minutes around the 7 o’clock hour Pacific Time on April 11, disconnecting all users in all regions. This was a Google cloud outage, and the root cause was a network failure. Network outages appear to be an ongoing challenge for Google, this one being the biggest yet.

4 Keys to Successful Digital Transformation

Recently, CAST co-authored a paper with The Boston Consulting Group titled, Will Your Software Help or Hinder Digital Transformation? Navigating the digital transformation journey is a challenge, often wrought with roadblocks and IT complexities related to technical debt, disparate application development techniques and more. So how can CIOs help their company achieve digitization goals?

QAI QUEST: Fixing Quality Issues with Automated Code Review

John Chang, Head of Solution Design, CAST Software at QAI QUEST, 2016
Recently I had the pleasure of speaking at QAI QUEST 2016, which showcases the latest techniques for software quality measurement and testing. It was a content-rich program with more than three days of diving deep into issues like DevOps, Open Source, Security Mobile and more. But what struck me the most above all the event chatter is that even the brightest of companies are still having a difficult time identifying and fixing code quality errors.
During my keynote, I spoke about the perils of system-level defects and how these defects, when they go undetected, can completely ruin ingenious application development strategies. There are two key reason these bugs persist: decentralized development practices and a lack of automated code review standards.

Using Code Quality Metrics to Improve Application Performance

For years refactoring software has been a common process used to improve the quality, efficiency, and maintainability of an application. However, a recent article by IT World discusses how CIOs may not be getting a valuable return on their investment of time and effort into the refactoring process. While many believe refactoring reduces the risk of future headaches, new findings acquired through a study by Sri Lanka researchers suggests code quality is not improved significantly by refactoring.

A Code Quality Problem in Washington State Puts Dangerous Criminals Back on the Street

We always hear about issues with systems, applications, or services caused by poor code quality or missed defects, but what happens when these problems become life threatening? Recently an article posted by npr discussed the early release of dangerous prisoners who are now being charged for murder. According to the article, Governor Jay Inslee of Washington State reported that more than 3,200 prisoners were released early due to a software defect.
This was not a result of good behavior, but rather an issue caused by a software glitch within the Department of Corrections. As reported by the governor’s general counsel, Nick Brown, approximately 3% of the occurrences since 2002 should not have been allowed. This software glitch has gone unnoticed for more than 10 years and as a result dangerous criminals have made their way back into society.