In my last post, I shared my opinion on the benefits of non-representative measures for some software risk mitigation use cases. But does that mean I am always better served by non-representative measures? Of course not. No bipolar disorder here, just a pragmatic approach to different use cases that are best handled with some adapted pieces of information.
Here we go again. You probably have heard, since it’s been reported everywhere, that American Airlines was grounded Tuesday, leaving passengers stranded for several hours due to a “computer glitch” in the reservation system. Because of the glitch, gate agents were unable to print boarding passes; and some passengers described being stuck for long stretches on planes on the runway unable to take off or, having landed, initially unable to move to a gate.
Last month, I had the opportunity to discuss the expanding threat of mobile IT security with CAST’s audience. The feedback we got was so overwhelming, I wanted to answer the questions we might have missed here on the blog. Lev already answered some of your questions in a previous post, so for my follow-up post, I’ll focus on the risks that often go ignored throughout the software development process.
Many software solutions feature the detection of duplicated source code. Indeed, this is one cornerstone of software analysis and measurement: It is easy to understand the value of dealing with duplicated code: avoiding the propagation of bugs and evolutions in all copies of the faulty piece of code, promoting reuse, and avoiding an unnecessarily large code base (especially when maintenance outsourcing is billed by the line of code). Now that everyone is convinced of the importance of such capabilities, lets dive deeper into how to do it. There are various solutions and not all are equal. Can the difference be explained without looking at an algorithm or cryptic formulas? Let’s … Read More
For the past 30 years, leaders in application development have struggled to find a cost-effective way to bring the benefits of function point analysis to their larger scale ADM outsourcing contracts. Why is this an issue? As the chemist John Grebe once said, “if you cannot measure it, you cannot control it.” That’s why today, CAST is proud to announce our support for the Object Management Group’s (OMG) Automated Function Point (AFP) Standard. The standard enables wide scale adoption of function points for sizing applications to be embedded in all ADM outsourcing contracts, and signifies a game changing event that will propel function point counting from a cottage industry to … Read More
Static code analysis is used more and more frequently to improve application software quality. Management and development teams put specific processes in place to scan the source code (automatically or not) and control the architecture of the applications they are in charge of. Multiple analyzers are deployed to parse the files that are involved in application implementation and configuration, and they generate results like lists of violations, ranking indexes, quality grades, and health factors. Based on the information that is presented in dedicated tools like dashboards or code viewers, managers and team leaders can then decide which problems must be solved and the way the work has to be done. … Read More
Modern Integrated development environments (IDEs) are equipped with more and more tools to help developers code faster and better. Among these are plug-ins that allow developers to scan the source code for error-prone constructs, dangerous or deprecated statements, or practices that should be avoided. IDEs come in a variety of flavors — both free and commercial — but in all cases, developers can install them to improve the quality of the code they produce. Some organizations encourage their developers to explore and deploy such tools, but as any good app developer knows, there is a difference between installing an app and using it consistently. Installing a tool is one thing, … Read More