2. Application Failures
In a year when we saw one major outage,
malfunction and security breach after
another befall organizations that rely upon
technology, we should heed a lesson.
The sad part is nearly all, if not all of these
outages, malfunctions and breaches had
in common a structural flaw somewhere
down in the bowels of the application that
had gone undetected.
CAST Confidential 2 Achieve Insight. Deliver Excellence.
3. April Patch Tuesday: released a
record-tying 17 bulletins
patching a record 64 vulnerabilities
including kernel patches
November Patch Tuesday: avoided patching
a zero-day vulnerability used in the Duqu
malware attacks that allowed hackers to run
arbitrary code in kernel mode
http://blog.castsoftware.com/it%E2%80%99s-tuesday-do-you-know-where-your-patches-are/
http://blog.castsoftware.com/microsoft-ducks-duqu/
4. Apple has a bug in its new iOS 5 operating
system that causes serious battery drain issues
with the new iPhone 4S handset
http://blog.castsoftware.com/marketing-over-matter/
5. Dropbox encounters
a bug during a code
update that disables
customer passwords
for several hours
http://blog.castsoftware.com/dropbox-drops-the-ball/
6. JP Morgan, Chase & Capital One reveal that
email management vendor Epsilon detected an
"unauthorized entry" into its system, exposing
customer names and e-mail addresses
7. Hackers backed by a foreign
government steal 24K
sensitive files by exploiting
software vulnerabilities at a
Dept of Defense contractor
Defense Secretary Leon Panetta
http://blog.castsoftware.com/the-enemy-within/
8. Sony suffers more than a dozen attacks
at the hands of the LulzSec Group,
which exposes customer accounts via
SQL Injection attacks
Sony president Howard Stringer
Attacks result in 55 class action
law suits and cost Sony $178M
http://blog.castsoftware.com/sony-oops-i-did-it-again/
9. London Stock Exchange
halts trading on its main
market due to a technical
fault in its barely 2-week-
old MilleniumIT trading
system
http://blog.castsoftware.com/london-bourse-is-falling-down-%E2%80%93-time-to-analyze-its-structure/
10. A malware attack exposes
names, account numbers
and email addresses
of around 200,000
Citigroup customers
http://blog.castsoftware.com/hackers-are-getting-smarter/
11. A spate of computer outages in the
airline industry was blamed on bad
hardware, corrupted software & failure
of backup systems to kick in
http://blog.castsoftware.com/stranded-by-software/
12. A technical fault causes levels to be
incorrectly displayed for nearly an hour
following the start of trading on Euronext
Borsa Italiana suspends
trading for almost six hours
blaming technical issues
Australian Stock Exchange has trading halted
due to an ICT systems error traced back to a
software problem
http://blog.castsoftware.com/stock-exchange-failures-what-next/
13. A computer service vendor of
Boston’s Beth Israel Hospital
failed to restore proper security
settings on a computer following
maintenance, leading it to be
infected with a virus that
transmitted data files to an
unknown location
http://blog.castsoftware.com/hacking-up-a-hospital/
14. discovers data leak vulnerability
resulting from pre-existing
security hole from old Froyo
operating system
More than 50 malicious
applications infect Android Google pulls Gmail app
devices through from iPhone App stores
DroidDream malware
due to a bug that causes
a “notification error”
http://blog.castsoftware.com/serving-up-some-humble-pie-with-google%E2%80%99s-%E2%80%98ice-
cream%E2%80%99/
15. RSA allowed their own
information to be stolen
when a phishing email with
a zero-day exploit installed
a backdoor through an
Adobe Flash vulnerability
http://blog.castsoftware.com/to-be-forewarned-is-to-be-forearmed/
16. RIM experiences worldwide outage of
the BlackBerry system when a software
upgrade on its database resulted in
corruption problems and attempts to
switch back to older version led to
collapse of system
http://blog.castsoftware.com/falling-off-the-rim/
17. Researchers demonstrate hackers have
capabilities to send radio signals that exploit
vulnerabilities in embedded software and
could reprogram or shut down devices such
as pacemakers or insulin pumps
http://blog.castsoftware.com/hacking-the-heart-of-the-matter/
18. Dept of Energy contractor
Pacific Northwest National
Laboratory shuts down most
of its internal network
services when a sustained
cyber attack exploits
undisclosed bug in the server
http://blog.castsoftware.com/seeking-independence-from-being-hacked/
19. Bank of America customers
are unable to log in to their
online bank accounts due to
problems following routine
software upgrades.
Later in year their website
goes off-line due to a “Denial
of Service” attack
http://blog.castsoftware.com/stock-exchange-failures-what-next/
20. A computer virus infects
software that manages
Predator and Raptor drones
http://blog.castsoftware.com/what-we-dont-know-is-hurting-us/
21. UK’s East Coast Main Line left
more than 3,000 rail passengers
stranded or delayed for more
than five hours on a Saturday
afternoon due to software
malfunction that knocked out
signaling system and its backup
http://blog.castsoftware.com/when-good-software-goes-bad/
22. 39 recalls of medical devices resulting
from software defects and malfunctions
http://blog.castsoftware.com/software-quality-is-a-matter-of-life-death/
24. Application Structural Quality
Whatever the reason these
structural quality errors happened,
they shouldn’t have.
Hopefully in 2012, companies will look back
on all the problems in 2011 and realize that
they need to increase the structural analysis of
their application software to ensure they
won’t be the next victim.
CAST Confidential 24 Achieve Insight. Deliver Excellence.
25. CAST Structural Quality Metrics
Most enterprises measure everything but the product delivered to the business
CAST Application Intelligence Platform (AIP) measures the product itself
Process Product
Robustness
Performance
Time & Quality Security CAST AIP
Planning Duration &Size Changeability
Estimation Transferability
Scheduling Size
Time Tracking
Cost Tracking Requirements
Function &
Effort & Budget
Scope
Earned Value
User Acceptance
Usability
CAST Confidential 25 Achieve Insight. Deliver Excellence.
26. CAST Inserts Actionable Visibility
CAST Application Intelligence Center CxO & VP, …
Dashboard, reports
CAST Application
Intelligence PlatformTM
AI Management Studio
Knowledge Base
Approx one thousand rules and
best practices PM, QA, Architects…
Decade of software engineering Std enforcement
expertise Early ID of violations
CAST Application Analysis Engine Drill down to root cause
CAST Native CAST UA 3rd party
Analyzers (28) scripts analyzers
Delivered Source Code: Dev Teams, Suppliers
CICS, IMS, COBOL, DB2 z/OS, PL/I Arch. visibility / Quick wins
J2EE, .NET and all Major RDBMS Software engineering expertise
Web Apps, BI, EAI, C/C++, VB, PB Continuous training/coaching
Siebel, SAP, PSFT, OBS, Amdocs
CAST Confidential 26 Achieve Insight. Deliver Excellence.
27. Tangible and Measured Value
Mitigate business risks with improved structural quality
Better applications for higher business resiliency and continuity
Risk-proofed projects more likely to deliver business benefits on time
Make IT and suppliers more productive
Eliminate waste in ADM
Prevent coding errors in development: 10x savings in rework per coding error
Keep technical debt from growing: up to 10% saving in maintenance cost
Benchmark then optimize resources: maintenance savings potential
Better reuse of frameworks and components: up to 10% of dev budget
Reduce waste in operations
Improve efficiency of large complex transactions & batch processes: up to 5% mips
Reduce troubleshooting and rollover costs: lower Ops staff overtime
Apply consistent measurement & KPIs for superior visibility
Up to 10% of ADM budget, esp. ADM outsourcing
“Applying the principles of lean manufacturing to ADM can increase productivity
by 20 to 40 percent while improving the quality and speed of execution.”
- Ranjit Tinaikar, Principal, Head of NA IT Management Practice
CAST Confidential 27 Achieve Insight. Deliver Excellence.
28. Market Leader and Pioneer
250 Global Leaders Rely on CAST
SIsUse/Resell CAST
SIs Resell CAST Industry Groups Engage CAST
Key Influencers Endorse CAST
CAST Confidential 28 Achieve Insight. Deliver Excellence.
29. Learn more about CAST
www.castsoftware.com
blog.castsoftware.com
www.facebook.com/castonquality
www.slideshare.net/castsoftware
Twitter: @OnQuality