Emerging Trends and Software Quality Assurance

The future challenges for Software Quality assurance (SQA) follow a few software trends, including:

Complex and large software packages
Integration with external components and interfaces
The need to deliver quickly
The need to deliver bug free software

The standard software quality activities defined by IEEE, such as verification and validation, are integrated into the software development cycle. We see dedicated SQA roles and resources in major organizations. Also, many multi-national companies are pushing to have a central team drive and manage the quality processes, methodologies, and tools across all their sites and teams.

To each task its tool

Measuring application quality to get useful results requires proper analysis of the right source code perimeter in the most relevant way. But it doesn’t stop with just one measurement, you can follow the evolution of indicators for a given period in order to anticipate potential troubles and to be in a position to make good decisions.

Surviving the IT Perfect Storm

The economy, the complexity and pace of business, and an ongoing lack of resources have created a perfect storm for IT departments worldwide. As wave after wave of IT failures litter the press, there’s no question that the storm is here. In its wake, businesses are faltering, careers are shattering, and stockholders are left wondering “How could this happen … again?”
The key to preventing your business and career from landing on the rocks is the aggressive identification and elimination of risk. This document provides some tactics designed to identify risks across vast application portfolios and eliminate risk within critical business systems.
Red sky at morning, sailor take warning
With years of experience in exposing risks in IT systems, CAST provides a suite of offerings that yield the insight necessary to identify what can lead to high-profile production failures and cyberattacks. We also provide the remediation plans to eliminate the root cause of these issues.

Rapid Portfolio Analysis (RPA) creates transparency into vast application portfolios to identify risk. RPA derives measurements such as production failure potential and software complexity and maintainability. It also profiles portfolios to highlight short-term and long-term risks in critical systems.
CAST’s Application Intelligence Platform (AIP) provides a robust DNA-level analysis of individual enterprise systems with specific guidance for eliminating business risk caused by structural and technical quality issues. It does this either on applications you know are in trouble, or by using the insight delivered by RPA to create a prioritized list of applications to unleash AIP.

Highlight Latent System Risks
Rapid Portfolio Analysis (RPA) creates technical and business risk profiles based on automated analysis and insight to support application portfolio analysis, portfolio rationalization, or technical assessments.
RPA analyzes source code against a set of engineering rules and principles to identify potential production defects, maintenance or modification issues, and excessive complexity. These are some issues that contribute to potential failures and real business risks. RPA rounds out this assessment by generating software maintenance estimates of applications, as well as estimates of the technical debt.
A Dive Deep in to Critical Systems
Using highly sophisticated code analyzers and more than 1,000 rules based on engineering principles, AIP dives deep into an application from the largest modules down to individual methods, classes, and components. AIP analyzes and semantically understands source code, scripting, and interface languages across all layers of an application.
The resulting analysis identifies quality lapses in an application’s source code, and provides precise guidance on how to fix the problems. Additionally, AIP validates architecture, ensures adherence to frameworks, and automates sizing such as function points. Doing so provides a robust view of the systems size, complexity, and quality.
Measure the Business Impact of Quality
Through extensive research and industrial experience, CAST has identified five areas of structural software quality that most impact business risks and outcomes. Each of these five areas can be assessed by measuring numerous attributes of the software that can summarize structural software quality at a level that can be related to business value.
Navigate Risk with Actionable Insight
Identifying the root cause of system risk is only the first step. CAST assessment with AIP not only identifies these issues, it provides rationale as to which violations have been recorded and which are most critical. IT also creates action plans that lead technical teams in the remediation effort.
You Can’t Stay in the Harbor to Wait Out the Storm
As a leader, you need to ensure your team has the time and resources needed to root out and eliminate risks that can potentially damage the business. The key to effectively managing risks in an application portfolio is early detection of issues and the ability to quickly mitigate them.
With the detailed information provided by AIP in hand, application development executives and business leaders can map out and monitor aggressive remediation efforts that drive out system-level risk, resulting in more resilient and reliable applications.
Whether you need a macro-view of your portfolio risks or a micro-view of a specific application, CAST’s suite of assessment solutions can help. Contact your CAST representative now to learn how we can create the visibility needed to navigate through these troubled waters.

The Tech Babel Fish for CFOs

Any advocate for better software quality knows that one of the biggest challenges is helping the CIO reach the CFO. When your team needs a budget for an important project, those conversations often break down. Thanks to the unavoidable technical complexity of IT, oftentimes the CIO might as well be speaking Esperanto to the CFO.
When it comes to budgeting, IT might be the least-understood department in your organization. And what the CFO doesn’t understand, he doesn’t budget for. Instead, capital that should rightfully go towards IT growth and innovation is allocated to other groups and initiatives. That dulls the organization’s competitive edge, and can have a toxic effect on system quality overall.
This is why I advocate software estimation as a budget-winning process for IT leaders. It clearly correlates software quality and technical debt in ways that a CFO or CEO can understand. “Technical debt” is a useful term that helps people outside of IT understand that application risk can be measured, and has a cost that gets paid for one way or the other.
The difficult part comes in where the rubber meets the road. Your CIO has intimate knowledge of the inner-workings of your IT department; you just need to equip him with the proper metrics to interface with the CFO.
Rather than getting technical, the CIO must decode what the IT teams do and translate it into the language of planning and budgeting — with a focus on being responsive, adding new capabilities, and reducing maintenance costs and risk per head. This is one place where our technology can help — with metrics like:

Software maintenance effort over time. This metric tracks the estimated software maintenance effort of your most critical applications broken down over fiscal quarters. It gives you an immediately identifiable visual into which applications require the most upkeep, and which are actually becoming more efficient.

Change in risk and size over the last four quarters. This report shows how many applications increased or reduced their risk to the organization; and also shows which applications increased or decreased in size. A great way to tell if your bloated applications are becoming a risk to your structural quality.

Estimated vs. planned maintenance effort. This is another great metric which compares the planned maintenance per application against the estimated effort. The application size, number and type of technologies, complexity, and quality are all drivers of the estimated maintenance effort.

Top 10 applications by high risk technical debt. This might be the most telling metric to bring to your CFO. This report shows the proportion of technical debt in your application portfolio that’s driven by dangerous coding patterns and should be addressed first to minimize business risk exposure.

With all the dimensional views an organization can get through our Application Intelligence Platform and Highlight reports, they can boil down high bandwidth conversations to a place where finance and IT can intersect. And armed with those key KPIs, your CIO will have rock solid metrics — in the CFO’s language — that can foster a dialogue both can understand.