New study reveals global organisations are gambling their business future on poor code
CAST, a leader in software analysis and measurement, announced findings from its latest CRASH Report, which reveals that poor code in Financial Services applications can be exploited to steal confidential information
The report, which analysed 1.03 billion lines of code across 1,850 applications submitted by over 329 organisations in 8 different countries, exposes the overall quality of too many mission critical functions across the globe is POOR. Security scores varied widely with some of the highest and worst scores observed for any Health Factor. The lowest security scores of some applications indicate there is a significant amount of unsecured code out there.
This represents a big gamble for organisations whose business operations rest on poor code. Financial Services were specifically found to be particularly susceptible to security risk. Retail and Telco scored marginally better than Financial Services. For an industry carrying large amounts of sensitive data, Financial Services organisations are at risk of severe regulatory fines.
“Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers. This is especially concerning in Financial Services applications,” said Dr. Bill Curtis, SVP and Chief Scientist at CAST Research Labs. “Despite the push to ‘go digital’ our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”
Key findings of the study include:
Security is lagging behind
· Security scores varied widely with some of the worst falling into this category. Geographically, the UK scores the lowest out of all regions. France scores best.
· The Financial Services industry scored worst with, compared to the highest, Government.
Smaller is better
· The findings reveal a team size ‘sweet spot’. Teams of under 10 people perform best across most areas of structural quality.
· Teams of over 20 consistently perform the worst across all Health factors.
Maturity must be improved to avoid gambling
· Organisations at the least mature development processes (Level 1) as measurement by the Capability Maturity Model Integration (CMMI) have the worst scores in all areas of structural quality. Such organisations too often have overworked developers on unrealistic schedules. They make myriad mistakes without having adequate time to detect and correct them. Organisations at Level 2 that have implemented basic project controls or at Level 3 that have standardised their processes produce far better software.
A hybrid method is the way to go
· Findings revealed the highest scores developed software using a Hybrid method that combines practices from both Agile and Waterfall methods. The lowest scores were obtained by those reporting use of ‘no method’. Both Agile and Waterfall were consistently achieved lower scores than Hybrid methods. This confirms the same finding in the last CRASH Report two years ago.
· By combining up front analysis and design of application architectures with rapid feedback on defects during short, iterative coding sprints, hybrid methods produce higher structural quality than Agile or Waterfall methods alone.
A copy of the CRASH Executive summary and the full report can be downloaded here.
- Almost half of UK firms hit by cyber breach or attack in the past year - April 21, 2017
- Over £109 million of funding for driverless and low carbon projects - April 19, 2017
- Is HMRC promoting tax avoidance for 29% of contractors who use its IR35 status tool? - April 17, 2017
- Apprenticeship levy: how to avoid getting ripped off - April 14, 2017
- Angry Brits reach boiling point 20 times a month - April 12, 2017
- Locum doctors need 50% pay rise to take home the same earnings as IR35 reforms take effect - April 10, 2017
- José was right – he is the unluckiest Football Manager in the English Premier League - April 7, 2017
- Women better suited to leadership in almost all areas, says research - April 5, 2017
- Rail prices and industrial action costing London its talent - April 3, 2017
- Let’s get dangerous – the world’s 15 riskiest sports - March 31, 2017