Results of the new CAST Report on Application Software Health (CRASH) released today by CAST, the world leader in software analysis and measurement, reveals businesses are exposed to millions of dollars to fix technical debt – the cost to fix hidden problems that remain damaging risks in applications after they are operational – yet they are not budgeting for these costs.
“The number of software glitches, outages and security breaches reported in the press this year, and the damage they have done to the reputations of organizations like Toyota, Sony and RIM, not to mention the U.S. Government and a multitude of banks and stock exchanges around the world, have made problems with structural quality in application software a boardroom issue,” said Dr. Bill Curtis, CAST’s chief scientist, senior vice president of the CAST Research Labs and director of the Consortium for IT Software Quality.
“The purpose of the 2011 Worldwide Applications Software Quality Study is to provide an objective, empirical foundation for discussing the structural quality of IT applications and the extent to which they suffer from structural flaws. What we found were numerous problems that should have been addressed prior to deployment. It’s little different from ignoring termites that are destroying the structure of your home.”
The study is the largest ever conducted and used automated analysis to measure the structural quality of 365 million lines of code within 745 IT applications used by 160 companies throughout 10 industries. Five application software “health factors” were examined in determining structural soundness: security, performance, robustness (i.e., uptime) and the ease of software transferability and changeability. Using data drawn from the automated structural analysis, CAST made a conservative estimate of what should be fixed, focusing only on those issues critical to business cost and risk.
“Our findings, although conservative, revealed an average technical debt of $3.61 per line of code,” said Curtis. “A significant number of applications examined in the study – nearly 15% – had over a million lines of code which means even the smallest of those contains over $3.6 million in technical debt.”
"The pace of application development, innovation and modernization is increasing exponentially, based on Agile practices, Cloud, Consumerization, Mobile," said David Norton, an analyst at Gartner. "With every release cycle we run the very real risk of adding Technical Debt that we must pay back, it’s just a question of when. This is the ticking time bomb for the 21st century.”
Curtis explained that over one-third (35%) of the violations discovered in the study result in damage to business by adversely affecting the security, performance and uptime of application software.
“That means that while two-thirds of the violations found were destined to have a dramatic effect on IT costs and a company’s bottom line, the other one-third is even more critical as it has a direct negative impact on business performance.” said Curtis. “Technical debt creates a double dose of trouble because it siphons money from IT innovation to pay for software repairs. The consequence is fewer dollars left to develop new applications capable of providing a competitive edge to an organization and increased risk embedded in the new applications designed to create that edge. It certainly makes technical debt something that should be critically important to both CIOs and CEOs.”
Some of the more surprising findings in the study included the discovery that government applications carried 50% more technical debt than the private sector. “There are many plausible explanations for these results,” Curtis said, “Such as multiple contractors working on different parts of an application, and contractual disincentives for delivering high quality software. There definitely needs to be better software acquisition practices and management.”
Other notable findings from the study included:
· Despite assumptions to the contrary, outsourced and in-house developed applications didn’t show any difference in structure quality. The same was true for onshore and offshore applications.
· Java EE applications were the most prevalent among those studied and received significantly lower performance scores as well as carrying greater technical debt than other languages
· Established development methods such as agile and waterfall scored significantly better in structural quality than custom methods, while waterfall scored the highest in transferability and changeability.
· COBOL applications scored the highest in security, while .NET applications received the lowest security scores
To obtain the Executive Summary of the 2011 CRASH Study visit CAST Research Labs at http://research.castsoftware.com.
CAST is a pioneer and world leader in Software Analysis and Measurement, with unique technology resulting from more than $90 million in R&D investment. CAST provides IT and business executives with precise analytics and automated software measurement to transform application development into a management discipline. More than 650 companies across all industry sectors and geographies rely on CAST to prevent business disruption while reducing hard IT costs.
CAST is an integral part of software delivery and maintenance at the world's leading IT service providers such as IBM and Capgemini.
Founded in 1990, CAST is listed on NYSE-Euronext (Euronext: CAS) and serves IT intensive enterprises worldwide with a network of offices in North America, Europe and India. For more information, visit www.castsoftware.com.
Web site: castsoftware.com