From Killer Apps to App Killers CAST


Published on

Critical applications developed by organizations to service their clients frequently face app killers like major outages, malfunctions, and security breaches that disrupt business and damage reputations. As organizations increasingly face the devastating impact of Architecturally Complex Violations, read this ebook to learn how CAST AIP can help to eliminate these issues before they kill your app.

Published in: Technology, Business
1 Comment
  • good precise content... well done
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

From Killer Apps to App Killers CAST

  1. 1. The Devastating Impact of Architecturally Complex DefectsKILLER APPSTO APPKILLERSFROMArt inspired by original artwork “Anatomy of a Murder” by Saul Bass
  2. 2. 2ArchitecturallyComplexViolationsconstitute 8% ofviolations, butthey are:52%of the repaireffort8Xmore likely toescape intotesting6Xmore likelyto escapeoperationscaution cautionYear after year, killer apps developed by organizations that rely upon technology to servicetheir clients, face app killers like major outages, malfunctions, and security breachesthat disrupt business and damage reputations. Sadly, nearly all of these failures had anarchitectural flaw that had gone undetected.The technical diversity that gives modern business applications their unique power andflexibility comes at a cost of staggering complexity. Quite simply, the complexity of modernbusiness applications exceeds the capability of any single individual or team to understand allof the potential interactions among the component languages and technologies. Organizationsare now faced with the devastating impact of Architecturally Complex Violations.
  3. 3. 3ArchitecturallyComplex ViolationA structural flaw involvinginteractions among multiplecomponents that may reside indifferent application layersUser InterfaceLogicDataTERMINOLOGYArchitecture of DecayA map of the defect fix relationshipsamong Architectural HotspotsArchitectural HotspotA component that contributesto many ArchitecturallyComplex Violations
  4. 4. 4EFFORT DRIVERSWhy do Architecturally Complex Violations take more effort to fix?They are multi-component and therefore require a lot more files to fix than a Code-LevelViolation.  Reported data indicates that frequently as many as 20 different modifications to filesare required to remediate a single architecturally complex defect.LinkedInexperienceda securitybreachexposing6.4Mpasswords92%8%ArchitecturallyComplexViolationsComponent-LevelViolations% of Total Violations% of Effort to Correct48%52%ArchitecturallyComplexViolationsComponent-LevelViolations
  5. 5. 5COST DRIVERSSony suffered adozen attacksat the handsof the LulzSecGroup, whichexposedcustomeraccountsresulting in55class actionlawsuits andcost$178MMost Component-Level Violationsare fixed with asingle changeWhy are Architecturally Complex Violations more costly to fix?These defects are more expensive to fix because they involve interactions between multipletiers of the application often written in different languages and hosted on different platforms.These violations require much more involvement and coordination across teams to ensure thatthe fix is resolved system-wide.Relative number of changesto correct an ArchitecturallyComplex Violation
  6. 6. 6PROBLEM DRIVERS% of violations crossing a phase boundaryWhy are Architecturally Complex Violations worse as they cross phases?Since Complex Violations are more likely to persist into operations, they are more likely tocause operational problems than the single component violations that tend to get caughtearlier.KnightCapital tradingsystem hadan algorithmicerror whichcaused erratictrading activityand left the firmwith billionsof dollars inunwantedsecurities and$400Mloss.ArchitecturallyComplex Violations8X worse6X worseArchitecturallyComplex ViolationsTest Operations2%13%83%10%
  7. 7. 7DECAY DRIVERS80%ofArchitecturallyComplexViolationsinvolve anArchitecturalHotspot.ArchitecturalHotspots revealconcentrationsof architecturaldecayArchitecture of DecayA map of the most frequent fix relationships among Architectural Hotspots reveals theArchitecture of Decay but it also presents a roadmap to guide high-value remediation and thegreatest opportunities to restore the structural health of an application.Big problems are often the result of several interacting weaknesses in the code, none of whichcaused the problem by itself. Preventing application-level defects requires analysis of all theinteractions between components of heterogeneous technologies. Reliably detecting softwarequality problems requires an analysis of each application component in the context of theentire application as a whole – an evaluation of application quality rather than code quality.
  8. 8. 8BUSINESS DRIVERSYou will rarely detect Architecturally Complex Violations with unit tests or code analyzers. Todetect these App Killers you need…CAST Application Intelligence Platform. A dynamic business environment, new technology,and multiple sourcing options amplify the complexity of business application software. Sinceeven the most talented developers can no longer know all of the nuances of the differentlanguages, technologies, and tiers in an application, their capability needs to be augmentedby automated tools to evaluate the entire application. Without such assistance, defectshidden in the interactions between application tiers will place the business at risk for outages,degraded service, security breaches, and corrupted data.CAST AIP is unique in its ability to find structural defects early at build time when the code canfirst be analyzed at the level of the entire application. Detection and repair at this point can bean order of magnitude cheaper than if these structural flaws slip into the final stages of testingwhere they are deeply embedded in the application and a larger portion of the code will haveto be torn down and rebuilt.To find out more about CAST AIP visit softwareacross all of theapplication’slanguages, tiers,and technologiesto measure howwell all of theapplication’scomponentscome together tocreate operationalperformanceand overallmaintainability.
  9. 9. 9SUMMARYCAST Application Intelligence PlatformCAST Application Intelligence Platform (AIP) is the only enterprise-grade software quality assessment and performancemeasurement solution available. CAST AIP inspects source code, identifies and tracks quality issues, and providesthe data to monitor development performance. CAST can read, analyze, and semantically understand most kinds ofsource code, including scripting and interface languages, 3GLs, 4GLs, and web and mainframe technologies, across alllayers of an application (UI, logic, and data). By analyzing all tiers of a complex application, CAST measures quality andadherence to architectural and coding standards, while providing visual specification models.Sources:Z. Li, et al. (2011). Characteristics of multiple component defects and architectural hotspots: A large system case study. Empirical Software Engineering, 16 (5), 667-702.M. Leszak, et al. (2000). A case study of root cause defect analysis. Proceedings of the 22ndInternational Conference on Software Engineering. Los Alamitos, CA: IEEE Computer Society, 428-437.A. Von Mayerhauser, et al. (2000). Deriving fault architectures from defect history. Journal of Software Maintenance: Research and Practice, 12 (5), 287-304.Enterprise-grade analysisrequires a 3-tiered approach
  10. 10. 10ABOUT CASTCAST is a pioneer and world leader in Software Analysis and Measurement, with unique technology resulting frommore than $100 million in R&D investment. CAST introduces fact-based transparency into application developmentand sourcing to transform it into a management discipline. More than 250 companies across all industry sectors andgeographies rely on CAST to prevent business disruption while reducing hard IT costs. CAST is an integral part ofsoftware delivery and maintenance at the world’s leading IT service providers such as IBM and Capgemini.Founded in 1990, CAST is listed on NYSE-Euronext (Euronext: CAS) and serves IT intensive enterprises worldwide with anetwork of offices in North America, Europe and India. For more information, visit www.castsoftware.comCall: 877-852-2278Email: info@castsoftware.comVisit our Web site: www.castsoftware.comFollow Us