Application Failures In a year
when we saw one major outage, malfunction and security breach after another befall organizations that rely upon technology, we should heed a lesson. The sad part is nearly all, if not all of these outages, malfunctions and breaches had in common a structural flaw somewhere down in the bowels of the application that had gone undetected.CAST Confidential 2 Achieve Insight. Deliver Excellence.
April Patch Tuesday: released a
record-tying 17 bulletinspatching a record 64 vulnerabilities including kernel patches November Patch Tuesday: avoided patching a zero-day vulnerability used in the Duqu malware attacks that allowed hackers to run arbitrary code in kernel mode http://blog.castsoftware.com/it%E2%80%99s-tuesday-do-you-know-where-your-patches-are/ http://blog.castsoftware.com/microsoft-ducks-duqu/
Apple has a bug in
its new iOS 5 operatingsystem that causes serious battery drain issues with the new iPhone 4S handset http://blog.castsoftware.com/marketing-over-matter/
JP Morgan, Chase & Capital
One reveal thatemail management vendor Epsilon detected an"unauthorized entry" into its system, exposing customer names and e-mail addresses
Hackers backed by a foreign
government steal 24K sensitive files by exploitingsoftware vulnerabilities at a Dept of Defense contractor Defense Secretary Leon Panetta http://blog.castsoftware.com/the-enemy-within/
Sony suffers more than a
dozen attacks at the hands of the LulzSec Group, which exposes customer accounts via SQL Injection attacks Sony president Howard Stringer Attacks result in 55 class action law suits and cost Sony $178M http://blog.castsoftware.com/sony-oops-i-did-it-again/
London Stock Exchange halts trading
on its main market due to a technical fault in its barely 2-week- old MilleniumIT trading systemhttp://blog.castsoftware.com/london-bourse-is-falling-down-%E2%80%93-time-to-analyze-its-structure/
A malware attack exposes names,
account numbers and email addresses of around 200,000 Citigroup customers http://blog.castsoftware.com/hackers-are-getting-smarter/
A spate of computer outages
in the airline industry was blamed on badhardware, corrupted software & failure of backup systems to kick in http://blog.castsoftware.com/stranded-by-software/
A technical fault causes levels
to be incorrectly displayed for nearly an hour following the start of trading on Euronext Borsa Italiana suspendstrading for almost six hours blaming technical issues Australian Stock Exchange has trading halted due to an ICT systems error traced back to a software problem http://blog.castsoftware.com/stock-exchange-failures-what-next/
A computer service vendor ofBoston’s
Beth Israel Hospitalfailed to restore proper securitysettings on a computer followingmaintenance, leading it to beinfected with a virus thattransmitted data files to anunknown location http://blog.castsoftware.com/hacking-up-a-hospital/
discovers data leak vulnerability resulting
from pre-existing security hole from old Froyo operating system More than 50 maliciousapplications infect Android Google pulls Gmail app devices through from iPhone App stores DroidDream malware due to a bug that causes a “notification error” http://blog.castsoftware.com/serving-up-some-humble-pie-with-google%E2%80%99s-%E2%80%98ice- cream%E2%80%99/
RSA allowed their own information
to be stolenwhen a phishing email witha zero-day exploit installed a backdoor through an Adobe Flash vulnerability http://blog.castsoftware.com/to-be-forewarned-is-to-be-forearmed/
RIM experiences worldwide outage ofthe
BlackBerry system when a software upgrade on its database resulted in corruption problems and attempts to switch back to older version led to collapse of system http://blog.castsoftware.com/falling-off-the-rim/
Researchers demonstrate hackers havecapabilities to
send radio signals that exploit vulnerabilities in embedded software andcould reprogram or shut down devices such as pacemakers or insulin pumps http://blog.castsoftware.com/hacking-the-heart-of-the-matter/
Dept of Energy contractor Pacific
Northwest NationalLaboratory shuts down most of its internal network services when a sustained cyber attack exploitsundisclosed bug in the server http://blog.castsoftware.com/seeking-independence-from-being-hacked/
Bank of America customers are
unable to log in to their online bank accounts due to problems following routine software upgrades.Later in year their websitegoes off-line due to a “Denialof Service” attack http://blog.castsoftware.com/stock-exchange-failures-what-next/
UK’s East Coast Main Line
leftmore than 3,000 rail passengers stranded or delayed for more than five hours on a Saturday afternoon due to software malfunction that knocked outsignaling system and its backup http://blog.castsoftware.com/when-good-software-goes-bad/
39 recalls of medical devices
resultingfrom software defects and malfunctions http://blog.castsoftware.com/software-quality-is-a-matter-of-life-death/
Application Structural Quality Whatever the
reason these structural quality errors happened, they shouldn’t have. Hopefully in 2012, companies will look back on all the problems in 2011 and realize that they need to increase the structural analysis of their application software to ensure they won’t be the next victim.CAST Confidential 24 Achieve Insight. Deliver Excellence.
CAST Structural Quality Metrics Most
enterprises measure everything but the product delivered to the business CAST Application Intelligence Platform (AIP) measures the product itself Process Product Robustness Performance Time & Quality Security CAST AIP Planning Duration &Size Changeability Estimation Transferability Scheduling Size Time Tracking Cost Tracking Requirements Function & Effort & Budget Scope Earned Value User Acceptance UsabilityCAST Confidential 25 Achieve Insight. Deliver Excellence.
CAST Inserts Actionable Visibility CAST
Application Intelligence Center CxO & VP, … Dashboard, reports CAST Application Intelligence PlatformTM AI Management Studio Knowledge Base Approx one thousand rules and best practices PM, QA, Architects… Decade of software engineering Std enforcement expertise Early ID of violations CAST Application Analysis Engine Drill down to root cause CAST Native CAST UA 3rd party Analyzers (28) scripts analyzers Delivered Source Code: Dev Teams, Suppliers CICS, IMS, COBOL, DB2 z/OS, PL/I Arch. visibility / Quick wins J2EE, .NET and all Major RDBMS Software engineering expertise Web Apps, BI, EAI, C/C++, VB, PB Continuous training/coaching Siebel, SAP, PSFT, OBS, AmdocsCAST Confidential 26 Achieve Insight. Deliver Excellence.
Tangible and Measured Value
Mitigate business risks with improved structural quality Better applications for higher business resiliency and continuity Risk-proofed projects more likely to deliver business benefits on time Make IT and suppliers more productive Eliminate waste in ADM Prevent coding errors in development: 10x savings in rework per coding error Keep technical debt from growing: up to 10% saving in maintenance cost Benchmark then optimize resources: maintenance savings potential Better reuse of frameworks and components: up to 10% of dev budget Reduce waste in operations Improve efficiency of large complex transactions & batch processes: up to 5% mips Reduce troubleshooting and rollover costs: lower Ops staff overtime Apply consistent measurement & KPIs for superior visibility Up to 10% of ADM budget, esp. ADM outsourcing “Applying the principles of lean manufacturing to ADM can increase productivity by 20 to 40 percent while improving the quality and speed of execution.” - Ranjit Tinaikar, Principal, Head of NA IT Management PracticeCAST Confidential 27 Achieve Insight. Deliver Excellence.
Market Leader and Pioneer 250
Global Leaders Rely on CASTSIsUse/Resell CASTSIs Resell CAST Industry Groups Engage CAST Key Influencers Endorse CAST CAST Confidential 28 Achieve Insight. Deliver Excellence.